Three vendors quote the same fintech idea and produce three different feature lists. The gap is not vendors disagreeing. It is that must-have for a UK regulated fintech depends on the activity the product performs and what UK GDPR, PSD2, and the FCA require underneath.
Masum Shamjad
Founder & CEO
May 8, 2026
Three vendors quote the same fintech idea. Three different feature lists come back, three different prices, three different launch dates.
The gap is rarely about vendors disagreeing on what the product should do. It is about each vendor reading must-have differently. Vendor one assumes the product does not hold customer money.
Vendor two assumes Open Banking is optional. Vendor three quotes a generic mobile app and adds compliance later.
Must-have for a UK fintech app is not a matter of opinion. It is a function of the regulated activity the product performs, the UK GDPR data flows that follow from it, and the PSD2 and FCA expectations underneath.
Anything below that floor is not a fintech MVP. It is a consumer app that cannot legally onboard a single UK customer.
Six feature categories define the UK fintech MVP floor. Each category groups the components that must ship on day one, the optional layers that vary by use case, and the cost impact each adds to the build. The categories are mapped below in the order a discovery output covers them.
The reason three vendor quotes for a UK fintech build look so different sits in the brief, not in the vendors. A brief that says "a digital banking app for UK consumers" lets each vendor fill the gaps with their own assumptions about the regulated activity, the user base, and the integrations the product needs.
Vendor one might assume the product is a thin layer on top of an authorised partner bank, so KYC is optional and Open Banking is not. Vendor two might assume the product holds customer money, so safeguarding, e-money authorisation, and PCI DSS-aligned payment handling all need to be built in.
Vendor three might quote the app as a generic mobile build and add the regulatory work later. The price gap follows the assumption gap.
The fix is to remove the assumption space from the brief. The brief should specify the regulated activity, the licence type, the integrations by name, and the data residency model. With those decided, every vendor quotes the same scope, and the must-have feature list becomes a fixed object the brief defines, not a moving target the proposal interprets.
Once the brief specifies the six categories below, the assumption space the three vendors filled with their own guesses disappears.
Six categories cover the floor every UK fintech MVP ships with. The categories are ordered by the sequence the user encounters them, not by how the build runs.
First, identity, onboarding, and compliance verification. Second, security, authentication, and encryption. Third, core financial functions.
Fourth, money movement and payments. Fifth, personalisation, AI, and fraud intelligence. Sixth, customer engagement and operations.
Every UK fintech MVP we have scoped over the past three years contains some version of all six. The variation is which optional layers go inside each category, not whether the category itself is present. Each section below covers the must-have components, the optional layers that vary by use case, and the cost the category adds to a UK MVP build.
Identity and onboarding is where every UK fintech app starts. The components below are non-negotiable for any product handling consumer financial data.
The user takes a photo of their UK driving licence or passport, the document is parsed with optical character recognition, and the data is matched against the user's input. Onfido, Jumio, Veriff, and Persona are the dominant UK providers. KYC verification typically costs £0.50 to £3 per check depending on volume tier.
A short video selfie or a sequence of facial movements proves the person uploading the document is the person on it. Liveness adds five to ten seconds to onboarding and reduces fraudulent account creation by a meaningful margin. The same KYC providers usually bundle liveness, so there is no separate fee.
Anti-money laundering and politically exposed person screening checks the user against sanction lists, watch lists, and adverse media. ComplyAdvantage, Refinitiv World-Check, and Sumsub are the common UK providers. AML monitoring runs £1 to £5 per user per month for managed services, scaling with user count.
UK GDPR requires explicit consent for marketing communications and a documented lawful basis for processing customer data. The consent capture flow at onboarding determines what the product can legally do with the data afterwards. Documenting the retention policy and the right-to-erasure flow at this stage avoids £3,000 to £7,000 in retroactive compliance work later.
With identity verified, the next category sits underneath every screen the user sees afterwards.
Security is the second category and the one most often misunderstood. The temptation in MVP scoping is to ship basic password authentication and add the rest later. PSD2 Strong Customer Authentication makes that order illegal.
SCA requires two of three authentication factors: something you know (PIN, password), something you have (phone, hardware key), and something you are (biometric). Every payment initiation, account access from a new device, and high-value action must trigger SCA. The architectural implications sit in the user-flow design and the session security; SCA cannot be retrofitted post-build.
Biometric sign-in is the day-one expectation for any UK consumer fintech. The implementation uses the device's native biometric framework (Apple's LocalAuthentication, Android's BiometricPrompt) so the biometric data never leaves the device. Build cost adds two to four days of engineering across iOS and Android.
MFA covers the cases biometric does not, such as a new device login or a sensitive setting change. Device fingerprinting tracks each registered device and flags anomalies (a sign-in from a new geography, a rooted phone, a known fraud-associated device). Together they sit underneath SCA and add three to seven days of engineering plus an MFA provider fee of around £0.05 to £0.15 per SMS or push challenge.
All customer data must be encrypted at rest using a key management service (AWS KMS, Azure Key Vault) with documented key rotation. All API traffic must run over TLS 1.2 or higher with certificate pinning on the mobile client to prevent man-in-the-middle attacks. PCI DSS attestation requires both, and the FCA expectation matches PCI DSS for any product handling payment data.
With security and authentication settled, the visible product comes next.
Core financial functions are the visible product. What the user sees on the dashboard, what they tap into when they open the app, what makes the difference between a budgeting tool and a regulated fintech.
Real-time means the balance reflects the most recent transaction within seconds, not at end of day. The architecture relies on event-driven backend processing and webhook subscriptions from the banking core or aggregator. Build cost is meaningful: real-time accounts for the largest single line in the backend build, typically 25 to 35 percent of the total.
For products targeting international users or cross-border use cases, multi-currency support is non-negotiable. The architecture covers FX rate sourcing (typically through Wise, Revolut Business, or a bank partner), per-currency balance segregation, and cross-border payment routing. Multi-currency adds £8,000 to £20,000 to the MVP build cost depending on the number of currencies and the FX provider.
Issuing virtual or physical cards is the user-facing component most consumer fintech apps include. The implementation runs through a card-issuing partner (Marqeta, Tribe Payments, Stripe Issuing in the UK).
Virtual card issuance can be near-instant; physical cards add postage and KYC delivery verification. Card issuing adds £15,000 to £35,000 to the MVP plus per-card fees of £1 to £5.
For any UK consumer fintech that touches account aggregation, transaction categorisation, or income verification, Open Banking is the access layer under PSD2. TrueLayer, Plaid, Yapily, and Token.io are the dominant UK aggregators. Aggregation adds £5,000 to £15,000 to the MVP plus per-call or per-user fees that scale with volume.
Core balance and account features need a payments layer underneath them to be useful.
Payments is the category where regulatory scope, technical complexity, and user expectation converge. The components below are the floor every UK consumer fintech ships with.
User-to-user transfers, account-to-account transfers, and recurring payments through standing orders or Direct Debits are the core payment surface. The implementation runs through the Faster Payments scheme for instant transfers and Bacs for Direct Debits. Build cost runs £8,000 to £20,000 depending on the depth of payment scheduling and beneficiary management features.
Paying utility bills, mobile top-ups, and recurring household payments through the app is a high-frequency feature for retail-facing fintech. The implementation either uses a Direct Debit setup with the biller or routes through a bill-payment aggregator. Build cost adds £4,000 to £10,000 plus per-transaction fees.
Sending money internationally with transparent FX is the differentiator most UK fintech products that compete with banks lean on. The implementation requires a money services business (MSB) licence or a partnership with one, currency hedging, and corridor-specific routing. Cross-border adds £15,000 to £40,000 to the MVP build and meaningful operational cost.
For products in the crypto wallet, exchange, or DeFi space, fiat on-ramps and off-ramps are non-negotiable. The implementation runs through a partner (MoonPay, Banxa, Ramp Network) with FCA registration as a cryptoasset business. Crypto adds £20,000 to £60,000 to the MVP and a longer regulatory pathway with the FCA.
With money movement covered, the next category is the layer competitors most often describe as a differentiator.
AI is the layer that competitors describe as the differentiator. For a UK fintech MVP, the components below are the floor for personalisation and fraud intelligence.
An AI chatbot handles common questions (balance, recent transactions, password reset, card freeze) without escalating to a human agent. The implementation uses a managed service (Intercom Fin, Zendesk AI, OpenAI with retrieval) trained on the product's help content. Chatbot integration adds £8,000 to £25,000 to the MVP plus monthly platform fees.
Transaction categorisation, monthly spending breakdowns, and savings recommendations are the personalisation layer most UK consumer fintech products ship with. The categorisation uses either the aggregator's bundled engine (TrueLayer Categorise, Plaid Categories) or a custom ML model. Build cost varies widely: £5,000 to £15,000 for an aggregator-provided engine, £25,000 to £80,000 for a custom build.
Real-time fraud scoring on transactions, login attempts, and account changes is the operational baseline for any UK fintech holding customer money. The implementation typically uses a partner (Featurespace, Sift, Resistant AI) feeding behaviour signals into a risk-scoring model. Fraud detection adds £6,000 to £20,000 to the MVP plus a per-transaction or per-user platform fee.
AI and fraud sit on the user side; the operations layer covers what keeps the product running afterwards.
The final category covers what keeps the product running after launch. Customer engagement is what brings users back; operations is what lets the team support them and meet regulatory reporting expectations.
Real-time spending notifications, payment confirmations, and security alerts are the day-one expectation. In-app messaging for customer support sits alongside the AI chatbot.
Implementation uses APNs and FCM directly or a managed messaging platform (OneSignal, Braze, Customer.io). Build cost runs £4,000 to £10,000 for a basic implementation.
An in-app help centre with searchable FAQs, plus the routing logic that escalates from chatbot to live chat to phone support, is the floor every consumer fintech ships with. The build typically uses a managed support platform (Intercom, Zendesk, Front) integrated into the app. Cost runs £3,000 to £8,000 plus monthly platform fees.
A web-based admin panel for support agents, compliance officers, and operations staff is the most-overlooked must-have. The panel covers user lookup, transaction review, KYC re-verification, account freezing, and audit trail review. Build cost runs £15,000 to £40,000 depending on the depth of the workflows; skipping it means support cannot do their job and compliance cannot answer FCA inquiries.
Every action a user or a support agent takes must be logged with timestamp, actor, and before-after state. The audit trail feeds the regulatory reports the FCA expects (suspicious activity reports, transaction monitoring summaries, complaints data). Audit and reporting adds £8,000 to £20,000 to the MVP and is one of the lines the FCA reviewers explicitly check during authorisation.
Six categories named, the next number is the combined cost when each one is scoped honestly.
The combined floor across the six categories sits at £75,000 to £180,000 for a UK fintech MVP, depending on which optional layers go into each category. The cost ranges quoted above add up if every layer is selected.
The mid-point reality is that most UK consumer fintech MVPs come in at £100,000 to £140,000 once the must-have layers across the six categories are scoped honestly. Anything below that range usually means a category was scoped too thin and will need a costly retrofit. Anything above usually means optional layers were treated as must-haves when the use case did not require them.
With the floor and the cost mapped, the brief is the document that decides whether three vendor proposals come back comparable or wildly different.
The brief is the document that decides whether the three vendors come back with comparable proposals or wildly different ones. Five inputs separate a comparable-quote brief from a guess-the-scope brief.
First, the regulated activity the product performs and the licence type required (full PI, EMI, AISP, PISP, AR, or exempt). Second, a feature list grouped by the six categories above, with optional layers explicitly named optional. Third, the named integration providers (KYC, AML, Open Banking aggregator, banking core, card issuer).
Fourth, the data residency requirement (UK, EEA, or no preference). Fifth, the certifications required (ISO 27001, Cyber Essentials Plus, PCI DSS) and the platforms (iOS, Android, web, or all three). With those five inputs in writing, the three vendor proposals come back comparable.
Even with a comparable brief, three patterns in a proposal signal a delivery risk that no rate negotiation closes.
A proposal that misses any of the items below is signalling that the vendor either does not know fintech or expects to add the work later at a higher rate.
PSD2 Strong Customer Authentication is missing or vague. KYC and AML providers are not named. Open Banking is treated as a bolt-on feature, not a foundational integration.
Data residency is not specified. PCI DSS attestation is described as something to handle after launch.
Project management is not a named line item at 10 to 15 percent of total. The audit trail and admin panel are scoped at less than £15,000 combined.
The proposal does not name a UK delivery lead with regulatory accountability. Any three of these together means the proposal is from a vendor who has not shipped a UK regulated product, and the gap will surface at month four when the FCA work begins.
Feature scope is one of three big decisions a UK fintech founder makes before commissioning a build. The other two are who you build with and how the build runs end to end.
For partner selection, the top fintech app development companies guide profiles 10 UK-relevant partners with the criteria each one suits. For the end-to-end build process, the how to develop a fintech app guide walks the right sequence from regulated activity through ongoing maintenance. For the underlying cost structure across iOS, Android, cross-platform, and web, the App Development Cost in the UK guide breaks down each tier alongside the regional and offshore rate splits referenced above.
Must-have features for a UK fintech app are not a matter of vendor preference. They are a function of the regulated activity, the UK GDPR data flows, the PSD2 expectations, and the FCA authorisation pathway. The six categories above are the floor, with cost ranges that add up to a £100,000 to £140,000 MVP for most UK consumer fintech products.
The right brief is the one that names the regulated activity, the integrations, the certifications, and the platforms. With those in writing, three vendors come back with comparable proposals and the path to launch is a function of execution, not interpretation.
Our mobile app development team scopes UK regulated fintech builds end to end and is glad to be one of the partners you compare. The brief is the start; the floor is the six categories; the differentiator is what you put in the optional layers above the floor.
Six categories define the floor: identity and onboarding (KYC, AML, liveness, GDPR consent), security and authentication (PSD2 SCA, biometric, MFA, encryption), core financial functions (real-time balance, multi-currency, card management, Open Banking), money movement (transfers, bill pay, cross-border), AI and fraud (chatbot, personalisation, ML fraud detection), and customer engagement and operations (notifications, support, admin panel, audit trails).
A UK fintech MVP with the six must-have categories scoped honestly costs £100,000 to £140,000 for the build. The combined component cost ranges from £75,000 to £180,000 depending on which optional layers are included in each category. Annual maintenance runs 15 to 25 percent of build cost per year on top.
For any UK consumer fintech that touches account aggregation, transaction categorisation, payment initiation, or income verification, Open Banking is must-have. It is the regulated framework under PSD2 by which third-party providers access account data, and it is not interchangeable with bespoke integrations. Aggregator selection (TrueLayer, Plaid, Yapily, Token.io) happens during discovery, not after the build.
PSD2 Strong Customer Authentication must ship with the MVP. SCA architectural decisions sit in the user-flow design, the session security, and the authentication factor enrolment. Adding SCA after the build means rewriting the authentication flow, the session management, and the payment initiation logic, typically for three to four times the cost of building it correctly the first time.
The features that differentiate are not the user-facing ones; those look similar across both. The differentiators sit underneath: PSD2 SCA, FCA-aligned KYC and AML, regulated provider integrations (Open Banking aggregator, card issuer, banking core), data residency on UK or EEA infrastructure, and the audit and admin layer that makes regulatory reporting possible. Without those, an app may look like a fintech but cannot legally onboard a UK customer for any regulated activity.
Contact Us
Get in touch with our team anytime today.
Our team is always here to listen, support, and guide you.
Stay informed with instant updates delivered straight to your inbox.
Providing top-notch technology solutions that you can trust to transform your growing business
Services
Get In Touch
Ahmedabad
714, Shivalik Shilp, Iscon Cross Road, SG Highway, Satellite, Ahmedabad – 380015, Gujarat, India.
+91 63532 74556
