Applying for a permission

Credit Institutions


The purpose of this page is to make sure that the application process is fully understood.

This section sets out:

  • What a Credit Institution is and what this regulated activity would allow you to do
  • Authorisation process
  • Additional services
  • Notice of a proposal to establish a representative office in Gibraltar
  • Capital requirements
  • Additional information

What is a Credit Institution and what would this regulated activity allow you to do?

A Credit Institution (more commonly referred to as a bank) receives deposits or other repayable funds from the public and grants credits. The authorisation of banking services falls within the scope of the Financial Services Act 2019. 

Credit Institutions that are permissioned in Gibraltar are also required to be members of the Deposit Guarantee Scheme. Please visit the Gibraltar Deposit Guarantee Board website for further information.

The accepting deposits permission allows an institution to carry out deposit taking and related services such as:

  1. Taking deposits and other repayable funds
  2. Lending including, inter alia: consumer credit, credit agreements relating to immovable property, factoring, with or without recourse, financing of commercial transactions (including forfeiting).
  3. Financial leasing.
  4. Payment services as defined in Article 4(3) of Directive (EU) 2015/2366.
  5. Issuing and administering other means of payment (e.g. travellers’ cheques and bankers’ drafts) insofar as such activity is not covered by point 4.
  6. Guarantees and commitments.
  7. Trading for own account or for account of customers in any of the following:

    (a) money market instruments (cheques, bills, certificates of deposit, etc.);

    (b) foreign exchange;

    (c) financial futures and options;

    (d) exchange and interest-rate instruments;

    (e) transferable securities.

  8. Participation in securities issues and the provision of services relating to such issues.

  9. Advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertakings.

  10. Money broking.

  11.  Portfolio management and advice.

  12. Safekeeping and administration of securities.

  13.  Credit reference services.

  14.  Safe custody services.

  15. Issuing electronic money.





Application process

Following successful completion of the pre-application process, applicants should submit an application in line with the Staged Application for Authorisation Approach.

Initially, the applicant will only submit the Stage 1 application information - it is important that only Stage 1 information is provided at the outset of the application process.

The GFSC will communicate to the applicant that the application can progress to the next stage once the GFSC is satisfied with the content provided at the current stage. The applicant will then be invited to submit the further information required at the next stage of the application process.

Please request cloud access from the GFSC to submit the information requested, via e-mail to [email protected], stating in the subject field: ‘Name of Applicant – Application’.  Paper copies are not required unless indicated by the team.

Please note that we accept signed signature copies sent via e-mail and electronic signatures, which must originate from the Regulated Firm /Applicant’s domain.  

Stage 1 - Business Model, Capital & Key Individuals

The following is to be submitted for Stage 1: 

On receipt of the application fee and Stage 1 documents, the GFSC will confirm the GFSC Supervisor who has been assigned to assess the application for authorisation.

Any missing or additional sector-specific documents and/or information required by the GFSC to complete Stage 1 will be communicated to the applicant during Stage 1.

When the GFSC is satisfied with all the responses and information/documentation received, the GFSC will inform the applicant that its application can progress to Stage 2.

Stage 2 - Risk Management, IT Systems, Corporate Governance & Financial Crime

The following is to be submitted for Stage 2: 

  • Stage 2 of the Credit Institutions Comprehensive Business Plan (not including Stage 3);
  • Documentation and information including, but not limited to:
    • Corporate Governance and control
    • Business Continuity Management Plan
    • IT infrastructure, Cyber and systems including outsourcing arrangements
    • Operational & Outsourcing Risk including material outsourcing arrangements
    • Systems controls & Risk Management
    • Financial Crime controls, compliance with Anti-Money Laundering/Combating the Financing of Terrorism requirements (as applicable)
    • Risk Methodology and framework policy documents
    • Risk Register & controls
    • Disaster Recovery Plan 
    • Internal Capital Adequacy Assessment Process (ICAAP) 
    • Internal liquidity adequacy assessment process (ILAAP)
    • Updated business plan, if required. 

Any missing or additional sector-specific documents and/or information required by the GFSC to complete Stage 2 will be communicated to the applicant during Stage 2.

When the GFSC is satisfied with all the responses and information/documentation received from an applicant, the GFSC will inform the applicant that its application can progress to Stage 3.

Stage 3 - Conduct of Business, Non-Financial Resource, Policies & Procedures

The following is to be submitted for Stage 3: 

  • Stage 3 of the Credit Institutions Comprehensive Business Plan;
  • Documentation and information including, but not limited to:
    • Non-financial resources
    • Compliance structure
    • Conduct of Business (Full Conduct Risk Framework documents)
    • Detail of KPIs
    • Consumer Duty compliance (as applicable)
    • Operational Resilience compliance (as applicable)
    • Remuneration Policy 
    • ESG Policy
    • Diversity Policy
    • Conflict of Interest Policy
    • Conflict of Interest Register
    • Credit and concentration risk policies
    • Liquidity/solvency policies – including calculations of the liquidity coverage ratio (LCR) and details of how the bank will be meeting the phased LCR threshold amounts specified in CRD IV
    • Outline of how the bank will identify connected exposures
    • Training record/log & content
    • Product Governance Framework 
    • Vulnerable Customer Policy 
    • Internal Audit Plan 
    • Complaints Handling Policy 
    • Terms of Reference of the Board, Board sub-committees, Risk Committee and/or Audit Committee, Underwriting/Pricing committees, as applicable 
    • Audit, accounting, and banking arrangements 
    • Professional Indemnity Insurance 
    • Contracts with parties to whom material operational functions are outsourced 
    • Completed and signed Regulated Individual Forms and Non-Executive Director Forms
    • Mobilisation Plan (if applicable).

When the GFSC is satisfied with the Stage 3 responses and information, the application will move to a GFSC decision for authorisation.

Additional Services

Regulated firms that are already authorised by the GFSC may apply to extend their permission to provide additional financial or professional services. If you are seeking authorisation for additional services, please contact the Authorisation team in order for us to determine what documents are required for submission. 

The below sets out an overview of the expected information requested:

  • Application Fee (if applicable);
  • Revised Business Plan;
  • Financial Projections for the next 3 years, clearly identifying the impact of the additional business:
  • Profit and Loss account
  • Balance Sheet
  • Stress Test on Financial Projections
  • Regulated Individual Form (for any new individual carrying out a Regulated Individual function);
  • Controller Form (for any new Controllers within the structure); and
  • Any other document the applicant considers the GFSC should take into consideration as part of the application.

 The Regulated Firm should consider the following:

  • What new services/permissions it requires;
  • The type of new business/activity;
  • Where the business will be sourced;
  • Resources to deal with the additional business;
  • The impact of the additional business on its capital requirements; and
  • What changes are being effected to its systems and controls.

Capital Requirements

The capital requirements for a credit institution are set out in the Financial Services (Capital Requirements Directive IV) Regulations (CRD IV), which includes provisions relating to:

  • The definition of regulatory capital;
  • Capital requirements;
  • Disclosures made by firms under Pillar 3;
  • Transitional provisions;
  • Quality of capital;
  • Quantity of capital;
  • Counterpart credit risk (CCR);
  • Credit valuation adjustment (CVA) risk;
  • Leverage;
  • Liquidity; and
  • Disclosures.

A credit institution’s minimum initial and ongoing capital requirement is the higher of:

  • €5,000,000; or
  • The capital calculations as per CRD IV.


GFSC Policy

The preferred approach for the GFSC is to accept applications for banking permissions from institutions that are majority owned by established banking groups from reputable jurisdictions.

The GFSC considers that the support provided by existing banking operations in terms of management structures, controls, systems, liquidity, financial support and expertise to their subsidiaries is a vital component of the GFSC's supervisory approach when considering new applications. The ability of the regulator to rely on such support mechanisms allows local operations to establish, knowing that if external support were required, it would be readily available.

The GFSC may in certain instances and in particular where the applicant is part of a major established financial services group based in a reputable jurisdiction, consider applications for banking operations which do not have a banking parentage.

In order for the GFSC to consider such applications, banking applicants must meet the following additional pre-conditions:

  • The applicant will be directed by a suitably qualified Board including the appointment of appropriate non-executive directors;
  • The four-eyes of the applicant will have relevant banking expertise in the areas that the applicant seeks to conduct its operations;
  • The Controllers of the applicant have the necessary financial and other resources to support the organisation including the ability to inject additional capital, liquidity and management if required to do so by the GFSC;
  • The systems of control adopted by the applicant will not only be appropriate for the banking activities proposed but will also have resilience and redundancy built in to run as a stand-alone operation;
  • Except for treasury operations of significant publicly quoted institutions, the operations and business model of the applicant will be at arm’s length, and in most cases ring-fenced, from the operations and businesses of its Controllers; and
  • The applicant will be significantly capitalised.