CISI UK RPI: FCA and PRA Authorisation of Firms and Individuals

Topic snapshot

Sample questions

These questions are original Securities Prep practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: FCA and PRA Authorisation of Firms and Individuals

Which FCA high-level standard is primarily used to assess whether an individual is fit and proper to perform a Senior Management Function or a Certification Function?

• A. FIT
• B. COND
• C. SYSC
• D. PRIN

Best answer: A

What this tests: FCA and PRA Authorisation of Firms and Individuals

Explanation: FIT is the sourcebook used for fit and proper assessments of individuals. It focuses on whether a person is suitable for the role, rather than on firm-level conduct principles, systems and controls, or threshold conditions for authorisation.

The core distinction is between standards for firms and tests for individuals. FIT is the FCA sourcebook that sets out the fit and proper criteria used when assessing people performing Senior Management Functions and Certification Functions. Those criteria focus on honesty, integrity and reputation, competence and capability, and financial soundness.

PRIN is about the high-level principles that firms must follow in conducting their business. SYSC deals with a firm’s governance, systems and controls. COND relates to whether a firm satisfies the threshold conditions for authorisation and ongoing permission. So where the question is specifically about the personal suitability of an individual for a controlled role, FIT is the relevant standard. SYSC is the closest distractor because it covers governance arrangements, but it is not the fit-and-proper test itself.

• PRIN: These are the Principles for Businesses, setting broad conduct standards for firms rather than testing an individual’s suitability.
• SYSC: This covers senior management arrangements, governance, systems and controls, not the direct assessment of personal fitness and propriety.
• COND: This concerns the threshold conditions a firm must meet to be authorised and remain authorised, so it applies to firms rather than individuals.

FIT contains the criteria used to assess an individual’s honesty, competence and financial soundness for senior management and certification roles.

Question 2

Topic: FCA and PRA Authorisation of Firms and Individuals

A newly formed investment-advice firm is preparing its FCA authorisation application. It discovers that its proposed compliance oversight is not yet operational, and one controller omitted a recent director disqualification from the draft application. The managing director says the firm should submit now because it has no clients, no complaints and has not yet recommended any products. Which response best applies the relevant high-level standard?

• A. Prioritise a complaints procedure, then revisit the application later.
• B. Pause the application and disclose the issues fully to the FCA.
• C. Submit now and update the FCA only if it raises questions.
• D. Proceed because suitability matters only once advice is given.

Best answer: B

What this tests: FCA and PRA Authorisation of Firms and Individuals

Explanation: This is mainly an authorisation and integrity issue. A firm seeking FCA authorisation should be open with the regulator and demonstrate sound governance; the absence of clients, complaints or recommendations does not remove that expectation.

The core issue is whether the firm meets high-level standards of honesty, integrity and organisational readiness during the authorisation process. An omitted disqualification is material information, and non-operational compliance oversight suggests weak governance. The appropriate response is to stop, investigate, and give the FCA full and accurate disclosure rather than treating the application as something that can be tidied up later.

Complaints handling and suitability of recommendations are important conduct areas, but they are not the main issue here because the firm is not yet dealing with customers. At authorisation stage, the FCA is assessing whether the firm and its controllers are fit, proper and capable of being regulated appropriately. Waiting to disclose until asked is inconsistent with that standard.

• Update later if asked: This misunderstands the authorisation process; firms should not hold back material facts and wait for the FCA to uncover them.
• Focus on complaints first: Complaint procedures matter for ongoing business, but they do not fix a current problem of incomplete disclosure and weak controls.
• Rely on no advice given: This confuses suitability with authorisation standards; governance and integrity must be demonstrated before any recommendation is made.

Authorisation requires honest, complete disclosure and credible governance, regardless of whether the firm has yet served any clients.

Question 3

Topic: FCA and PRA Authorisation of Firms and Individuals

After a previous scam, a cautious retail client asks for public confirmation that both the firm’s named certified investment adviser and the firm itself are legitimate before signing. Which response by the wealth manager best applies honesty and professional standards?

• A. Use the FCA Directory for the adviser and the FCA Register for the firm’s authorisation and permissions.
• B. Use the FCA Directory alone because it shows whether the firm and all staff are authorised.
• C. Use the firm’s HR records because they are more complete than public FCA sources.
• D. Use the FCA Register alone because the Directory is only an internal staff list.

Best answer: A

What this tests: FCA and PRA Authorisation of Firms and Individuals

Explanation: The best response distinguishes clearly between the two public checks. The FCA Directory helps a client verify certain individuals, such as a certified adviser, while the FCA Register is used to confirm whether the firm is authorised and what permissions it holds.

This tests the purpose of the Directory and how it differs from other records. Acting honestly and professionally means giving the client accurate, usable information rather than implying one source covers everything. For a named certified adviser, the FCA Directory is the relevant public check for the individual. For the firm itself, the FCA Register is the public source that shows authorisation status and permissions.

Internal HR files may support a firm’s own oversight, competence, and fit-and-proper processes, but they are not a public substitute for FCA records. Equally, the Directory is not a full list of every employee and does not replace checking the firm’s own authorisation. The key point is to use the right source for the right purpose.

• Directory only: This wrongly treats the Directory as if it confirmed firm authorisation and covered every staff member.
• HR records: These may be useful internally, but they do not give the client independent public verification.
• Register only: This confirms the firm’s status, but not the public record of the named certified individual.

The Directory is a public source for certain individuals, while the FCA Register confirms the firm’s authorisation and permissions.

Question 4

Topic: FCA and PRA Authorisation of Firms and Individuals

A firm is applying to the FCA for permission to advise retail clients. During final sign-off, the proposed director responsible for the application tells an analyst to remove from the draft application an upheld internal finding that he altered client meeting records, saying it would “only slow the authorisation down”. What is the firm’s best next step?

• A. Treat it as an HR matter only because the application can be corrected after authorisation.
• B. Allow the director to amend his section personally and continue the submission process.
• C. Submit the application and disclose the issue later if the FCA asks for more information.
• D. Pause the application, escalate internally, and reassess the director’s fitness before submission.

Best answer: D

What this tests: FCA and PRA Authorisation of Firms and Individuals

Explanation: The firm must deal with both issues together: the draft application would be inaccurate, and the director’s attempt to hide misconduct is a wider integrity concern. The right next step is to stop the submission, escalate it internally, and reassess whether that individual is fit and proper to be involved.

In authorisation, firms are expected to provide information that is complete and accurate. Here, the problem is not just a technical form defect. The proposed director is trying to conceal an upheld misconduct finding, which points to a broader professional-conduct issue about honesty and integrity. That directly affects any assessment of whether he is fit and proper and whether the application can properly proceed.

A sound workflow is:

• stop the submission
• escalate to compliance and the senior management body overseeing the application
• investigate the attempted concealment
• decide whether the application and the individual’s role need to change before any filing

Submitting first or treating it as only an HR issue would miss the regulatory significance of the conduct. The key point is that concealment during authorisation is itself a serious integrity concern, not merely an admin error.

• Submitting first gets the sequence wrong; the firm should not file an application it knows is incomplete or misleading.
• Treating it as HR-only uses the wrong owner; the issue affects regulatory disclosure and fitness, not just employment discipline.
• Letting the individual self-correct without escalation skips an independent safeguard and ignores the attempted concealment.

The attempted omission raises an integrity and fit-and-proper concern, so the firm must stop and escalate rather than submit first.

Question 5

Topic: FCA and PRA Authorisation of Firms and Individuals

A UK bank regulated by the PRA and FCA wants to appoint a new Chief Operations Officer to a Senior Management Function. During vetting, the candidate discloses a previous disciplinary finding for failing to escalate a recurring client-asset control weakness. There was no dishonesty finding, but the board wants to fill the role quickly. Which response best reflects the regulators’ authorisation approach under SMR?

• A. Disclose the disciplinary issue only if regulators ask.
• B. Let the candidate start and document responsibilities later.
• C. Investigate, document the fit-and-proper assessment, and define responsibilities before applying.
• D. Apply immediately because no dishonesty was involved.

Best answer: C

What this tests: FCA and PRA Authorisation of Firms and Individuals

Explanation: Under SMR, approval is meant to support sound governance by ensuring senior managers are fit and proper and that responsibilities are clear. A past failure to escalate a control weakness is relevant to competence and judgment, so the firm should investigate it properly, document its assessment, and clarify accountability before proceeding.

The core principle is that FCA/PRA authorisation under the Senior Managers Regime is not just about filling roles quickly; it is about protecting the firm and its customers through robust governance and risk management. A previous failure to escalate a recurring control weakness is relevant to a fit-and-proper assessment because it may indicate weaknesses in oversight, judgment, or conduct-risk awareness, even if there was no dishonesty finding. The firm should investigate the circumstances, assess any remediation and current competence, document its conclusion, and ensure the senior manager’s responsibilities are clearly defined before submitting the application. That approach supports both individual accountability and effective governance. Business urgency does not justify incomplete assessment or disclosure.

• Treating the issue as irrelevant because there was no dishonesty is too narrow; control failings can still matter to competence, judgment, and risk oversight.
• Allowing the individual to begin first and tidy up responsibilities later weakens SMR accountability, which depends on clear responsibilities from the outset.
• Holding back adverse information until asked is inconsistent with the open and candid approach expected in regulatory approval processes.

SMR approval should follow a documented fit-and-proper review and clear allocation of responsibilities, especially where past control failings raise governance concerns.

Question 6

Topic: FCA and PRA Authorisation of Firms and Individuals

A business that is neither FCA-authorised nor exempt gives personal recommendations on investments to retail clients. In the same meetings, staff also minimise risks and charges. Which term best describes the technical authorisation issue?

• A. Performing a senior management function without approval
• B. Failing the clear, fair and not misleading standard
• C. Breaching the Certification Regime
• D. Carrying on a regulated activity without authorisation or exemption

Best answer: D

What this tests: FCA and PRA Authorisation of Firms and Individuals

Explanation: The key authorisation issue is that the business is giving personal investment recommendations while neither authorised nor exempt. Minimising risks and charges is a separate conduct failing, but it does not change the fact that the firm is carrying on a regulated activity without the required regulatory status.

The core concept is the difference between a threshold permission problem and a conduct problem. Giving personal recommendations on investments is a regulated activity in the UK. If the business is neither authorised nor exempt, the technical defect is that it is carrying on that regulated activity without the required authorisation or exemption.

The staff’s minimising of risks and charges is also problematic, but that is a conduct issue about communications and fair treatment, not the authorisation label. Senior manager approval and certification are different regimes for certain individuals within authorised firms. They do not replace the need for the firm itself to have the correct permission or exemption.

The misleading-communication point is the closest distractor because it is also present on the facts, but it is not the authorisation issue.

• Performing a senior management function without approval relates to designated senior roles, not to a business lacking permission to carry on the activity itself.
• Failing the clear, fair and not misleading standard matches the poor presentation of risks and charges, but that is a conduct failing rather than the threshold authorisation defect.
• Breaching the Certification Regime concerns fit-and-proper certification for certain staff in authorised firms; it does not cure or describe the absence of authorisation or exemption.

Giving personal recommendations on investments is a regulated activity, so doing so without authorisation or exemption is the technical authorisation issue.

Question 7

Topic: FCA and PRA Authorisation of Firms and Individuals

An FCA-authorised advisory firm learns that its approved Operations Director, an SMF holder, has been charged with fraud in a private property venture. No client loss has been identified. The firm’s policy treats any event that may affect an SMF holder’s honesty or integrity as material. Which response best supports regulatory compliance?

• A. Make a dated record, assess fitness and propriety, and notify the FCA promptly.
• B. Keep the matter on the HR file only, as it arose outside work.
• C. Wait for the criminal case outcome before deciding on any record or notification.
• D. Review the issue at the next annual certification if no client detriment appears.

Best answer: A

What this tests: FCA and PRA Authorisation of Firms and Individuals

Explanation: For an SMF holder, a fraud charge is directly relevant to honesty and integrity, even if it arose outside the firm and no client loss is yet known. The best response is to keep a clear contemporaneous record, assess the impact on fitness and propriety, and notify the FCA promptly where the matter is material.

The core concept is acting with integrity and dealing openly with the regulator when a matter could affect an approved senior manager’s fitness and propriety. A fraud charge is serious and plainly relevant to honesty and integrity, so the firm should not wait for a conviction, annual review, or evidence of customer harm. Because the firm’s policy already treats such events as material, the compliant response is to create a dated internal record, escalate the issue through governance, assess whether the individual remains fit and proper, and make a prompt FCA notification. The fact that the allegation arose in a private venture does not remove its relevance to suitability for an SMF role.

A private HR note or a delayed review would not be enough for a potentially material issue affecting an approved person.

• Waiting for the court outcome confuses criminal proof with regulatory materiality; firms must assess and, where appropriate, notify based on the facts known now.
• Treating the matter as HR-only misses that personal misconduct can still affect an SMF holder’s honesty, integrity, and regulatory suitability.
• Deferring the issue until annual certification is too slow for a potentially material event involving a senior manager.

A fraud charge is potentially material to an SMF holder’s honesty and integrity, so the firm should document it, assess fit and proper status, and notify the FCA without waiting for a conviction.

Question 8

Topic: FCA and PRA Authorisation of Firms and Individuals

North Vale Wealth is applying for FCA authorisation to give investment advice to retail clients. Before approval, its founder has begun contacting prospects through a personal social-media account. The firm has no documented compliance monitoring, and client records would be kept on the founder’s personal laptop. No recommendation has yet been made and no complaint has been filed. What is the single best regulatory analysis?

• A. The application mainly raises threshold condition concerns about suitability, appropriate resources, and effective supervision.
• B. The main issue is whether any advice later given would be suitable under COBS.
• C. The main issue is whether the social-media contact complies with communication rules.
• D. The main issue is whether a dissatisfied prospect should be referred to the Financial Ombudsman Service.

Best answer: A

What this tests: FCA and PRA Authorisation of Firms and Individuals

Explanation: This is mainly an authorisation-stage question about whether the firm is fit to be authorised. The lack of compliance monitoring and weak record-keeping arrangements point to threshold condition concerns such as suitability, appropriate resources, and effective supervision. It is not mainly a complaint or recommendation issue because no recommendation or complaint exists yet.

At authorisation stage, the FCA focuses on high-level standards for firms, including whether the applicant is suitable, has appropriate resources, and can be effectively supervised. In this scenario, the founder is using a personal social-media account to approach prospects, there is no documented compliance monitoring, and records would be kept on a personal laptop. Those facts indicate weak governance, control, and record-keeping arrangements, which are central authorisation concerns.

COBS suitability becomes the main issue when an actual personal recommendation is made. Complaint handling and Ombudsman access become relevant when there is a complaint from an eligible complainant. Communications rules may also matter here, but that is narrower than the core question of whether the firm meets the FCA’s high-level standards to be authorised.

• Treating this as an advice-suitability case jumps ahead of the facts, because no personal recommendation has yet been made.
• Treating this as a complaint or Ombudsman issue fails because no complaint has been raised and DISP is not the live issue.
• Focusing only on the social-media contact is too narrow; communications matter, but the bigger concern is whether the firm has robust governance and controls for authorisation.

The facts point primarily to high-level authorisation standards, because the FCA will assess whether the applicant has suitable governance, resources, and supervisory arrangements before authorising it.

Question 9

Topic: FCA and PRA Authorisation of Firms and Individuals

Under FCA Training and Competence expectations, which statement best describes a firm’s duty regarding employee competence?

• A. Ensure employees hold a recognised qualification before any regulated work.
• B. Ensure formal competence assessments apply only to senior managers and certification employees.
• C. Ensure competence is checked at recruitment and not revisited unless problems emerge.
• D. Ensure employees are competent for their roles, or supervised until they are.

Best answer: D

What this tests: FCA and PRA Authorisation of Firms and Individuals

Explanation: The firm is responsible for having systems and controls that ensure staff are competent for the work they do. If an employee is not yet fully competent, the firm must provide appropriate supervision rather than treating competence as a one-off or purely personal matter.

In the FCA framework, training and competence is a firm responsibility supported by systems and controls. A firm should ensure its employees have the skills, knowledge and expertise needed for their roles, and where they are still developing, they should work under appropriate supervision. This is an ongoing obligation: firms should assess, train, monitor and refresh competence over time.

A qualification can help demonstrate competence, but it is not the whole test and is not the answer in every role. Equally, competence is not established once and then ignored unless a complaint arises. The duty applies more broadly than just the SM&CR population, because firms must control the competence of relevant staff across the business. The key point is ongoing competence plus supervision where needed.

• Qualifications are not enough: A recognised exam or qualification may support competence, but it does not automatically satisfy the firm’s full obligation in every case.
• Not a one-off check: Competence must be maintained and monitored, not just assessed at recruitment.
• Wider than SM&CR labels: Senior managers and certification employees have specific regime requirements, but the firm’s competence controls are not limited to those groups.

FCA expectations require firms to maintain staff competence and use appropriate supervision while competence is being developed.

Question 10

Topic: FCA and PRA Authorisation of Firms and Individuals

Under UK regulation, which activity is most clearly a regulated activity requiring permission, assuming no exemption applies?

• A. Passing a client’s details to an authorised broker with no further involvement
• B. Explaining how shares and bonds differ in general terms
• C. Recommending physical gold bullion as a long-term holding
• D. Advising a client to buy ABC plc ordinary shares

Best answer: D

What this tests: FCA and PRA Authorisation of Firms and Individuals

Explanation: The key issue is whether the activity involves a specified investment and a regulated act such as advising. Telling a client to buy a named company share is advice on a particular investment, so it falls within regulated activity territory. The other actions are generic information, advice on a non-specified asset, or a mere introduction.

A regulated activity usually depends on both the nature of the act and the nature of the asset involved. Advising a client on the merits of buying a named company’s ordinary shares is advice on a specified investment, so it is a regulated activity unless an exemption applies. By contrast, generic educational information about asset classes does not amount to regulated advice because it does not recommend a particular investment. Physical gold bullion is generally not a specified investment in the same way shares are, so recommending it is not normally investment advice under the UK regulated activities regime. A simple one-off introduction, with no further involvement in the transaction, is also commonly treated differently from arranging deals. The closest distractor is the mere introduction, but that lacks the active advisory element on a specified investment.

• Generic information: Explaining how shares and bonds work is financial education, not advice on the merits of a particular investment.
• Wrong asset type: Physical gold bullion may be bought as an investment, but it is not normally a specified investment like shares.
• Mere introduction: Passing on contact details without discussing a security or helping conclude a transaction is not the clearest example of a regulated activity.

Advice on the merits of buying a named share is advising on a specified investment, which is a regulated activity unless an exemption applies.

Continue with full practice

Use the CISI UK RPI Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.

Related focused pages

• Free CISI UK RPI Full-Length Practice Exam
• CISI UK RPI: The UK Financial Services Sector
• CISI UK RPI: UK Financial Services and Consumer Relationships
• CISI UK RPI: UK Contract and Trust Legislation
• CISI UK RPI: Integrity and Ethics in Professional Practice
• CISI UK RPI: UK Regulatory Infrastructure
• CISI UK RPI: FCA and PRA Supervision
• CISI UK RPI: Financial Crime Regulatory Framework
• CISI UK RPI: Complaints and Compensation
• CISI UK RPI: FCA Conduct, Fair Treatment, and Client Assets

Free review resource

Read the CISI UK RPI guide on SecuritiesMastery.com, then return to Securities Prep for timed practice.