New Business Guidance
1. Who is the guide for?
This guidance is aimed to assist businesses looking to apply for regulatory permissions under the Financial Services Act 2008 and/or the Insurance Act 2008 and prospective applicants who are not currently undertaking regulated activity in or from the Island.
This is aimed to assist businesses seeking regulatory permissions and using innovative technology in delivering regulated activity.
2. The application process
- Prior to contacting the Authority, prospective applicants should prepare an outline of the business which includes:
- A clear explanation of the proposal, specifically; the services and products to be offered including any unregulated activities, and (where appropriate) estimates of income and expenditure attributable to each;
- a brief analysis of the relevant sector, the perceived opportunities and the prospective applicant’s competitive strengths;
- details of any planned outsourcing or reliance on group companies;
- if the prospective applicant is not already on Island – how the business, and the regulated activity itself, will be managed and controlled on Island; and
- if the prospective applicant is not already on Island – the rationale for establishing on Island.
We would expect any applicant to have obtained appropriate legal advice in respect of their application.
- A regulatory sandbox approach may be required, see here link to what is involved and how to apply to utilise the regulatory sandbox.
- Contact the Authority to discuss the proposal(s) and determine the next steps. Initial contact should be made to Innovation@iomfsa.im
- Assuming there are no material changes required to the proposal, the prospective applicant should provide the Authority with a draft business plan. The business plan guidance can be found on the Authority’s website
The business plan will contain much of the information submitted at step 1, but with additional detail. The business plan should also give details about the people involved, or proposed to be involved, with the business. It is important that the business plan explains how the requirements in the following documents are met:
- Licensing Policy for Regulated Activities under the Financial Services Act 2008 (if relevant)
- Training & Competence Framework
- Regulatory Guidance – Fitness & Propriety
The Authority’s officers will provide feedback on the business plan to the prospective applicant. If material changes or amendments are required, an updated draft may be requested ahead of an application, if the changes are minor, then the amended business plan can be submitted with the formal application. The Authority’s officers will provide guidance on this during discussions.
When the prospective applicant is ready, a formal application should be made to the Authority using the standard application forms and supporting documents for the relevant regulatory permissions. The Authority’s officers will give guidance about which application process the prospective applicant will need to follow and any additional documents which may be required.
Links to the applications processes can be found following the below links:
- Regulated Activity under the Financial Services Act 2008
- Insurance Intermediary under the Insurance Act 2008
- Insurance Business (Non-Life Insurance) under the Insurance Act 2008
- Insurance Business (Life Insurance) under the Insurance Act 2008
The Authority will be mindful of the risks to its statutory objectives and it may:
- issue a licence or authorisation with additional requirements imposed;
- issue a licence which places limits on the number or type of consumers it may service; or
- not issue a licence, pending further development of the products or services.
The application must set out how it will provide benefits and what risks it will bring, direct or indirect, to consumers, the financial services sector and the Island’s economy.
The Authority must be satisfied that the financial and human resources of the applicant or regulated entity, the Authority and any other key parties, are sufficient to support the application through to implementation, including licensing or authorisation where this is a requirement.
As part of the application, the Authority may also require any of the following where it is considered appropriate to do so:
- A security analysis of the product or service;
- A penetration testing audit; and
- A code review of the product or service’s code base.
The list is not exhaustive, the Authority’s officers will discuss what additional documentation or specialist input (if any) will be required as part of the application process.