top of page
Writer's pictureDavid Kolb

How To Build A Digital Bank: Overcoming Barriers to Entry in Financial Services

Updated: Oct 29, 2023

Strategies and Solutions for Establishing a Successful Digital Bank


Starting the day with breakfast in Lisbon, Portugal, and starting a journey in building a digital bank with fresh ideas and energy.
Photo - David Kolb

What are the key considerations and requirements for building a digital bank?

In 2018 I joined a firm with a mission to build a new digital bank led by visionary leaders. It was a fantastic time, learning how to build a digital bank and gaining experience working in a start-up focusing on innovative design.

Since then, many people have asked me, how do you build a digital bank? What is a bank license? How much money do you need? What are the barriers to entry? This three-part blog covers the things I learned and hopefully the answers to these questions. Building a new digital bank can be a complex and challenging process, but with the need for digital banking services on the rise, it can also be a rewarding venture. We cannot cover every part of that in this series, but I hope these blogs give a sense of what is required to build your bank. If you need additional details, give me a call.


What regulatory reforms in the UK led to the rise of challenger banking and fintech innovation? In 2013 the UK set out reforms to open up financial services to new banks by reducing some of the barriers to entry, thus encouraging further competition in the industry. The changes made to the authorisation process and banking regulation created a wave of new banks, often called challenger banks or neo-banks.

This reform period created an environment ripe for business innovation in the financial industry. The changes made to the authorisation process and banking regulation reduced barriers to entry, encouraging further competition in the industry. This led to the emergence of challenger banks or neo-banks and a wave of fintech technology (fintech) and regulatory technology (regtech) firms releasing innovative products and services such as stand-alone products for identification, credit scoring, fraud prevention and payments. The fintech companies have simplified integrations and the use of cloud technology have helped reduce the entry barriers for new challenger banks and enabled fintech and regtech firms to create partnerships to deliver new digital products and business models, thus spurring business model innovation. As a result, non-financial services firms have also seized opportunities in embedded finance, leveraging their brands and distribution channels to offer bespoke financial services to their employees or customers while streamlining their business operations.


Image of potential banking partnerships, emphasizing the importance of collaboration for success in the digital banking landscape.

What is the process for obtaining authorisation as a new bank in the UK? Congratulations on deciding to become a digital bank or a challenger bank, you have a brand, a strategy and some great product ideas, but where do you go from here? Before we start, it’s worth looking at the banking license or the absence of one. Because strictly speaking, there isn’t an actual banking license, a certificate that you can hang on your wall. A bank license is, in fact, an authorisation “Part 4A Permission to carry on the regulated activity of accepting deposits, etc.” (FCA Handbook). You could, of course, frame your PRA/FCA letter of authorisation.

Authorisation starts with the ‘new bank start-up unit’. This unit was created by the UK regulators the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) to support new entrants through authorisation. The aforementioned streamlined authorisation process is called mobilisation. Mobilisation allows new entrants to become authorised at an earlier stage but with certain restrictions in place. Sometimes this is referred to authorisation with restriction or AWR.

Mobilisation is a trade-off. On the one hand, it limits the amount of business you can undertake (total of £50,000 in deposits). Still, on the other hand, it provides the confidence of being an authorised bank to seek additional funding and additional time to fully build out the bank’s technology and hire new staff. However, the expectation is to come out of mobilisation within 12 months. This process is called variation of permissions or (VOP). It features several steps and requirements to become a fully operational digital bank.

OK, how do I apply for authorisation?


What is a Regulatory Business Plan (RBP)? The RBP is at the heart of your application. It details your business model, products, financial resources, how you plan to make money, your customer base, the customer journey, technology and operations, to name a few. Yes, that’s a lot of pages! The RBP is a detailed and complex document, and as the FCA points out, this should not be a ‘sales pitch’ for use with potential investors.

A benefit of mobilisation is that certain parts of the RBP like technology, risk management and the digital bank’s policies and procedures only need to be drafted. While this may buy you the additional time you do need to document your delivery schedule in a fully developed mobilisation plan, and this requires signoff by your board. Let’s take a look at some of the sections of the Regulatory Business Plan.


What should be addressed in the Regulatory Business Plan? Why do you want to be a digital bank? What is your target market? How will you compete? What is your competitive advantage? What products and services will you be offering? Will you offer virtual debit cards? How will you distribute them? These and other questions need to be answered, demonstrating that your business will be viable and profitable,

Suppose you're taking the mobilisation route. A near-final version of these customers' needs must be established in the plan. The digital customer journey includes onboarding arrangements for your customer base, know your customer processes and anti-money laundering. Products (e.g. Loans or Current accounts) have a description of your products, pricing, target markets, distribution, assessment of the competition, and ensuring customer satisfaction.


What are the key considerations regarding capital requirements for new banks? Capital remains the hardest barrier to entry into financial services. For starters, you need to fund the building of your digital bank and then meet the minimum capital requirements to get authorised. Banks are required to hold a minimum of 8% capital. It aims to create proper management of the digital bank. It can be thought of as an insurance policy and preventing insolvency.

The intricate modelling process behind capital requirements is beyond the scope of this blog, but here is a simplified part of that. Each one of your products, e.g. loans or mortgages, will carry a risk weighting. The weight is defined by the regulator, the riskier the product, the higher the weight and consequently, the higher the capital you need to hold to cover potential losses. The 8% is taken from the total value of each product and its weights. Now if you multiply that by 12 months of projections, you have a large number that needs to be paid upfront and maintained at 8% at all times. Regulatory reporting monitors the compliance of this.

If this is prohibitive, then alternatives like an e-money license could be considered. However, this will limit the products you can offer the customer. Furthermore, under the Financial Services Compensation Scheme, e-money wallets are not protected. FSCS protects the customers of failed authorised financial services firms up to £85,000 for a single account and £170,000 for joint accounts. However, the e-money institution will have to safeguard the funds.

For a more detailed view the capital requirements, check out the Internal Capital Adequacy Assessment Process (ICAAP) used to assess the levels and risks to capital.


What is the Senior Managers Regime (SMR)? This details the structure of your digital bank, the board, the risk management framework and internal controls. The roles and responsibilities of the leadership team, the board and the committees (Exco, audit committee, risk committee and remuneration committee) to name a few.

Let’s look briefly at the team’s structure through the lens of Chief Information Officers (CIO) aspiration to report to the CEO. The regulators have defined a list of responsibilities for senior management to drive culture, governance and accountability. It’s called the Senior Managers Regime (SMR). Despite technology playing an ever-increasing role in finance, there isn’t a senior management function (SMF) for the CIO. Instead, the responsibilities of the Chief Operating Officer (SMF24) could be split with the CIO, and this will require the CIO to become authorised by the regulator.


What is the Complex IT Form? The application requires a ‘Complex IT Form’. It’s a self-assessment questionnaire that details, amongst other things, the nature and complexity of your technology, payment systems and settlement (more on that in part 2). Dependencies like outsourcing and the scale of digital banking operations, business recovery and escalation plans are in the firm. A high-level outline of your technology is in the regulatory business plan. We will cover this in more detail in the next blog post, but let’s take a quick look at outsourcing.


What are the Digital Bank Outsourcing Requirements? Chances are you will take several products from third parties leading to additional scrutiny. There are many operational risks associated with outsourcing your technology and operations. Regardless of the products or services you utilise, your digital bank will ultimately remain responsible! You will need to design your digital bank to mitigate any failures, let’s say in your cloud provider or your credit scoring process. Ultimately it’s essential to assess the risk of one company failing by looking at multiple providers or through backup processes.


To address these risks and ensure a resilient digital banking experience, incorporating design thinking methodologies can be invaluable. Learn more about design thinking and its application in digital banking.

The FCA has detailed the outsourcing requirements in their handbook, and you should ensure that any supplier your working with can meet these requirements. It’s worth noting that some suppliers may have alternative arrangements in place. One example is access to their business premises; they may not allow this but in some cases an annual audit document is satisfactory.

In the next blog we will look at some of the financial technology (fintech) and regulatory technology (regtech) components that can help build your digital bank. Until then have a nice cup of coffee and some Pasteis de Nata.


Ready to embark on the journey of building a digital bank? Our consulting services are here to guide you through the key considerations and requirements.



Unleash Innovation and Creativity. From transformative leadership to a growth mindset, let's apply human-centred strategies with the power of artificial intelligence in business. Together, we'll craft your business transformation. Book your 1:1 session today.


 

Further reading (All sources checked June 2020) Bank of England New bank start-up unit Bank of England Internal Capital Adequacy Assessment Process (ICAAP) FCA Outsourcing and operational resilience FCA Handbook Financial Services Compensation Scheme


 

Looking for more insightful content?

Check out these related blog posts on business innovation, design thinking, AI and technology written by David Kolb.


Or check out our weekly concise and valuable quick tips for visionary leaders and entrepreneurs.


bottom of page