The FCA has previously conducted criminal background checks on a risk-based approach, when specific concerns about an individual's fitness or propriety have arisen.  Now, firms or individuals making an application for authorisation or registration with the FCA or a notice of an intended acquisition or increase in control ("change in control" or "CIC") must obtain criminal background checks from the Disclosure and Barring Service (DBS) (or equivalent for persons outside of England and Wales).  The DBS check must be either basic (where an authorised or registered firm is not involved in the application or notification) or standard; an enhanced check is not required.

The purpose of the requirement is to deter controllers from deliberately not disclosing adverse information on the assumption that the FCA will not challenge this or seek further information or confirmation.

The proposals will apply to:

  • potential controllers submitting a CIC notice under Part XII of Financial Services and Markets Act 2000 (FSMA);
  • controllers of firms applying to become authorised persons under FSMA (new firm authorisations (NFA)) (both Markets in Financial Instruments Directive (MiFID) and non-MiFID); 
  • individuals with a qualifying holding in a payment institution or e-money institution; 
  • beneficial owners of Annex 1 financial institutions and cryptoasset businesses registered under regulation 54(1A) of the Money Laundering Regulations (MLRs); 
  • persons submitting a CIC notice in accordance with the MLRs, Payment Services Regulations 2017 (PSRs) and the Electronic Money Regulations 2011 (EMRs); and 
  • controllers submitting an application or notification made to the PRA where the FCA is required to provide its consent or consultation (excluding appointed representatives (AR)).

The proposals will not apply to:

  • controllers of any AR under FSMA or agents under the PSRs and EMRs.
  • they will not replace any existing processes for Senior Management Functions' (SMFs) holders who may also propose to be a controller within these areas.

Applicants or notice givers will have to confirm to the FCA that a DBS check for controllers has been undertaken within the last 6 months when submitting the relevant application or CIC notification. In addition to this confirmation, the FCA may request a copy of the DBS certificate when deemed necessary.

The requirement will apply to all new applications or notifications submitted from 17 January 2025 onwards.  Exceptions will apply in rare and unusual circumstances, e.g. there is an extremely short timeframe or a jurisdictional impediment. The change will not impact any applications or notifications submitted before this date, including those which have not yet been determined when the new requirements are introduced.

Criminal background checks on beneficial owners and controllers of FCA authorised firms required as part of application from 17 January 2025

Authors