FCA Software Compliance Guide UK 2025 — What FinTech Developers Need to Know

🏦 FCA Authorised📋 Consumer Duty🔌 Open Banking🔒 UK GDPR + FCA🏛️ FCA Sandbox💷 ClickMasters FinTech Specialists
June 202513 min readClickMasters FinTech Team

Direct Answer

The FCA (Financial Conduct Authority) does not directly regulate software companies — it regulates financial services firms. However, software built for FCA-regulated firms must support their FCA compliance obligations: Consumer Duty (July 2023), PSD2/Strong Customer Authentication, Open Banking (OBIE standards), operational resilience (PS21/3), and AML/KYC requirements. ClickMasters builds FCA-aware software — meaning we architect with regulatory obligations in mind from day one, not as a retrofit.

Key FCA Regulations That Affect Software Architecture

Regulation

Effective Date

What It Requires in Software

FCA Consumer Duty

July 2023 (ongoing)

UX must evidence "good outcomes" for customers. No dark patterns. Pricing clarity. Vulnerable customer identification. Audit trail of customer communications.

PSD2 Strong Customer Authentication

Sept 2019 (ongoing)

SCA (two-factor authentication) for payments and account access. 3DS2 for card payments. Exemptions (low value, trusted beneficiaries, merchant-initiated) must be implemented correctly.

Open Banking (OBIE)

2018–ongoing

AISPs must implement OBIE Read/Write API standards. PISPs require OBIE Payment Initiation. Consent management — detailed, revocable, time-limited. Refresh token handling. FCA AISP/PISP authorisation required.

PS21/3 Operational Resilience

March 2022 — full implementation March 2025

Identify "important business services." Set impact tolerances. Test ability to stay within tolerances. Map technology dependencies — every critical service must be documented including software and cloud providers.

AML / MLRs 2017

Ongoing

Transaction monitoring for suspicious activity. Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) workflows. MLRO escalation process. Sanctions screening. Audit trail for all AML decisions.

CASS (Client Assets)

Ongoing (for investment firms)

Client money segregation in software. Daily reconciliation. CASS reconciliation audit trail. Accurate record of each client's entitlement at all times.

FCA Consumer Duty — What It Means for UX and Software

No dark patterns: The FCA has explicitly called out cancellation obstacles, pre-ticked boxes, confusing fee structures, and "sludge" that hinders customers from exercising their rights. ICO cookie consent dark patterns guidance applies in parallel.

Outcome monitoring: Your software must be instrumented to capture evidence of customer outcomes — not just conversion rates. Complaints, drop-off at key stages, and product performance metrics must be tracked and reportable to the FCA.

Vulnerable customer support: Software must identify and support vulnerable customers (bereavement, illness, financial difficulty). WCAG 2.1 AA accessibility compliance is a baseline.

Price and value: Pricing must be transparent and evidently fair. Software that obscures the true cost of a financial product (via UI design choices) creates FCA liability.

The FCA Consumer Duty (effective July 2023) is the most significant change to FCA regulation in a decade. For software, it creates specific UX and architecture requirements:

FCA Regulatory Sandbox — Technical Requirements

Working software demonstrating the innovation — not just a prototype or wireframe

Evidence of security controls: Cyber Essentials or equivalent at minimum

Data protection assessment: UK GDPR DPIA for novel data processing

Consumer protection measures: Compensation scheme, complaints process, vulnerable customer protections

Test parameters: How many consumers, what controls, what success metrics, what exit plan

The FCA Regulatory Sandbox allows innovative FinTech businesses to test products and services with real consumers under FCA oversight, with temporary authorisation. ClickMasters has supported technical sections of FCA Sandbox applications. Technical requirements include:

Frequently Asked Questions — FCA Software Compliance UK

Related Guides & Services

Frequently Asked Questions

Common questions about fca software compliance guide uk 2025 — what fintech developers need to know.

The FCA regulates financial services firms — not software companies. However, if your software company provides services that constitute "regulated activity" (e.g., providing advice on financial instruments, arranging deals, holding client money), you may need FCA authorisation. Software development as a pure technology service is not regulated. However, software developers are increasingly required to evidence their security posture and compliance practices as part of FCA-regulated clients' vendor due diligence processes.

FCA authorisation is required to carry out "regulated activities" under the Financial Services and Markets Act 2000 — including: accepting deposits, issuing electronic money (e-money licence), providing payment services (PISP/AISP), investment management, insurance distribution, and consumer credit. If your FinTech software product involves any of these activities, you or your client needs FCA authorisation. ClickMasters can help you understand the regulatory perimeter and build the technical evidence required for an FCA authorisation application.

FCA Consumer Duty requires regulated firms to act to deliver good outcomes for retail customers across four areas: products and services, price and value, consumer understanding, and consumer support. For software teams, this means: UX must be tested against consumer understanding standards (not just A/B optimised), dark patterns are explicitly prohibited, vulnerable customer journeys must be designed and tested, and outcome monitoring dashboards must evidence compliance to the FCA. The FCA has stated it will take action against firms whose software design creates poor customer outcomes.

About the Author

ClickMasters FinTech Development Team FCA-aware software architects — Open Banking, Consumer Duty, PSD2 specialists ClickMasters has delivered FCA-compliant FinTech platforms including Open Banking AISP/PISP integrations, AML/KYC workflows, and Consumer Duty-compliant UX architectures. All FinTech projects include FCA compliance context from the first sprint.

Build FCA-Aware FinTech Software ClickMasters architects...

Build FCA-Aware FinTech Software ClickMasters architects software with FCA compliance as a first-class concern. Free consultation for UK-regulated FinTech businesses. → Book Free FinTech Consultation: clickmasterssoftwaredevelopmentcompany.co.uk/contact/

Book a Free Consultation