For payment institutions (PIs) and e-money institutions (EMIs) operating under the UK payments and e-money regime (formerly PSD2 and EMD2), FCA regulatory returns are than just an annual reporting obligation. They are one of the FCA’s primary supervisory tools, providing insight into a firm’s financial position, safeguarding arrangements, and operational resilience, and whether there are any areas that warrant closer supervisory attention.

The challenge is that many firms still treat regulatory reporting as a year-end task, when in practice, the data sits across finance, operations, compliance, and safeguarding. Late preparation can therefore lead to inconsistencies, gaps, or avoidable errors.[TA1.1]

What are the FCA's regulatory reporting requirements?

Before looking at the annual returns in detail, it is worth stepping back and understanding what SUP 16 actually requires. SUP 16 does not create a single “annual return”. Instead, it requires firms to submit the specific returns applicable to them, in the format, at the frequency and by the deadlines set by the FCA.

Crucially, those returns must be complete and accurate and must provide the FCA with information on how the firm is carrying on its regulated activities and whether it is complying with the requirements of the UK payments and e-money regime. In other words, the FCA is not just asking for data. It is asking for a consistent and reliable view of how the business operates.

What are FCA regulatory returns?

Under SUP 16, PIs and EMIs must provide the FCA with information about their regulated activities and their compliance with the applicable requirements under the UK payments and e-money regime. The purpose of the regime is to ensure the FCA receives information in the form, at the time and in the manner it directs, so it can conduct its supervisory functions.

For authorised firms, the core annual returns within the wider SUP 16 reporting framework (for example, REP018 for payment institutions and REP019 for e-money institutions), represents one of the main ways the FCA obtains a structured picture of the business. It is not simply about headline figures. It is about giving the regulator visibility over the scale of the firm’s activities, the nature of its business model, and whether the underlying control environment appears robust.

What information do payments and e-money firms need to report?

The exact content will depend on the type of firm and the activities it carries on, but the core annual returns typically require firms to report data across the following areas.

  • Business activity: payment volumes, services and business profile.
  • Financial position: prudential and financial information.
  • Safeguarding: safeguarding methods and client fund protection.
  • Agents and distributors: oversight of appointed networks.
  • Complaints and customer outcomes: indicators of conduct risk.
  • Fraud and operational resilience: wider supervisory reporting requirements.[TA2.1]

 

Common FCA regulatory reporting mistakes

Firms often see the returns obligation as a data collection exercise. It is bigger than that. The returns help the FCA identify outliers, monitor trends, and assess whether individual firms may pose a heightened prudential, operational or conduct risk.

If the data suggests inconsistencies, weak controls or unexplained movements, the return can become the starting point for further supervisory engagement. That is why firms should think carefully about the story all their returns tell and whether the underlying data stands up to challenge.

Common issues we see include:

  • inconsistent data across finance, compliance and operations;
  • safeguarding figures that do not reconcile to supporting records;
  • unexplained year-on-year movements;
  • unclear ownership of reporting fields; and
  • limited review or challenge before submission.[TA3.1]

What should firms be doing now?

A good starting point is to treat the annual return process as a year-round process rather than an annual deadline.

In practice, firms should:

  • map each return field to a clear internal owner;
  • maintain reporting data throughout the year;
  • reconcile financial, operational and safeguarding information regularly;
  • document assumptions and methodologies; and
  • perform a robust reasonableness review before submission.

 

Final thoughts

For PSD2 and EMD2 firms, the annual FCA regulatory returns should be treated as more than an administrative obligation. It is a key regulatory submission that gives the FCA a window into the business.

Firms that approach it early, with clear ownership and reliable data, are usually in a much stronger position than firms that leave the exercise until the deadline.

 

How fscom can help

fscom advises EMIs, payment institutions and fintech firms on regulatory reporting under SUP 16, including the interpretation of reporting requirements, data mapping, and end-to-end submission support.

If you would like to discuss your firm’s reporting obligations, or need support preparing your annual regulatory return, get in touch.