6 minutes Partner Onboarding

All SAPI partners must comply with UK financial regulations, including anti-money laundering (AML), data protection (GDPR), and treating customers fairly (TCF). This guide outlines your compliance obligations as a SAPI partner.

SAPI Group Limited:
- Company Number: 12014174
- FCA Annex 1 Firm Reference: 1023135
- Registered for AML supervision under Money Laundering Regulations 2017

SAPI Origination Limited:
- Company Number: 15934839
- FCA Annex 1 Firm Reference: 1023196
- Registered for AML supervision under Money Laundering Regulations 2017

Important: SAPI is NOT authorized or regulated by the FCA for consumer credit activities. Payment-linked advances are not regulated credit agreements.

Your obligations depend on your role:

If you ONLY introduce (no advice):
- Basic AML/KYC customer identification
- Data protection compliance (GDPR)
- Transparent disclosure of commission
- FCA authorization: Generally not required (but verify with legal advisor)

If you ADVISE (recommend products, assess suitability):
- Full FCA authorization required (or appointed representative status)
- Suitability assessments before referrals
- Treating Customers Fairly (TCF) obligations
- Professional indemnity insurance

All partners must implement basic AML procedures:

For each business you refer, verify:
- Business legal name and registration number
- Business address (registered and trading)
- Director/owner names and dates of birth
- Nature of business and industry

Documents to collect:
- Certificate of Incorporation (or equivalent)
- Photo ID for directors/owners
- Proof of business address

Why: Ensure you're not introducing businesses involved in fraud, money laundering, or terrorist financing.

Obligation:
If you suspect a business is involved in illegal activity, you must report to:
- National Crime Agency (NCA) via Suspicious Activity Report (SAR)
- SAPI compliance team: [email protected]

Red flags:
- Business structure doesn't match activity
- Unable or unwilling to provide identification
- Source of funds unclear or suspicious
- Rapid turnover of business ownership
- Activity inconsistent with stated business

Retain for 6 years:
- Customer identification documents
- Referral correspondence
- Due diligence records
- SAR submissions (if any)

Your obligations:
- ICO registration (if processing UK personal data)
- GDPR-compliant privacy notice
- Lawful basis for processing (typically consent or legitimate interest)
- Secure storage and transmission
- Data retention limits (don't keep data indefinitely)
- Honor data subject rights (access, deletion, rectification requests)

Data processing agreement required:
SAPI and partners sign a Data Processing Agreement (DPA) outlining:
- What data is shared
- How it's protected
- Retention periods
- Security measures

Merchant consent:
Obtain explicit consent from merchants before sharing their data with SAPI.

Example consent language:
"By applying, you consent to us sharing your business and payment processing information with SAPI Group Limited for the purpose of assessing your financing application. SAPI will process your data in accordance with their Privacy Policy [link]."

Minimum requirements:
- Encrypted email transmission (TLS)
- Secure portal or API (for higher-volume partners)
- Access controls (limit who can access merchant data)
- Breach notification procedures (notify SAPI within 24 hours of any data breach)

Even if not FCA-regulated, all partners must treat referred customers fairly:

1. Clear and not misleading
Don't exaggerate benefits or downplay costs of payment-linked financing.

Good: "SAPI offers fast financing with flexible repayment based on your sales. The cost is higher than bank loans but provides speed and flexibility."

Bad: "SAPI is the cheapest financing available!" (Misleading—it's not the cheapest)

2. Suitable for customer needs
Only refer businesses that genuinely benefit from payment-linked financing.

Suitable: Business needs £20k quickly, has variable revenue, can't wait for bank approval.

Not suitable: Business needs £200k long-term at lowest cost and qualifies for bank loan.

3. Transparent about commission
Disclose that you earn commission for SAPI referrals.

Example: "We may receive a commission from lenders we introduce you to, including SAPI."

4. Balanced presentation
If you present multiple financing options, present them fairly (don't push SAPI just because commission is higher).

5. Responsive to complaints
Have a process for customers to complain about your service (separate from SAPI complaints).

All marketing materials mentioning SAPI must be pre-approved by SAPI's compliance team.

Submit for approval:
Email [email protected] with:
- Draft marketing copy
- Proposed channels (email, website, social media, etc.)
- Target audience
- Date of planned use

Approval timeline: 5-7 business days

Even if not FCA-regulated, follow best practices:
- Clear and fair (not misleading)
- Risk warnings included ("Funding is subject to status, affordability, and underwriting. Guarantees will be required.")
- Representative example (if quoting rates): "E.g., £20,000 advance with 1.30 factor rate = £26,000 total repayable over an estimated 10 months."
- Link to full terms and conditions

Do NOT:
- Claim SAPI is "FCA-regulated" for consumer credit (incorrect)
- Guarantee approval ("All businesses approved!")
- Misrepresent costs ("Cheaper than banks!")
- Use pressure tactics ("Apply now or miss out forever!")
- Target vulnerable customers unfairly
- Send unsolicited communications (spam)

Monthly reporting (if required by agreement):
- Number of referrals submitted
- Funded deals
- Declined deals (with reasons, if known)
- Pipeline and forecast

Compliance attestation (annually):
- Confirm you're maintaining AML procedures
- Confirm data protection compliance
- Confirm no complaints or regulatory issues

Notify SAPI immediately if:
- Your FCA status changes (authorization revoked, restrictions)
- You receive regulatory warnings or fines
- Significant customer complaints about SAPI referrals
- Data breach involving customer information shared with SAPI
- Material change in your business (ownership, insolvency, etc.)

Initial training: Required for all partners (completed during onboarding)

Ongoing training: Recommended annually or when SAPI's product/terms change

Topics:
- Product updates
- Eligibility changes
- Compliance reminders
- Best practices

Minor breaches (e.g., late reporting):
- Warning from SAPI
- Request for corrective action

Serious breaches (e.g., mis-selling, AML failures, data breaches):
- Suspension of referrals
- Withholding of commission
- Termination of partnership
- Reporting to regulators (if required)

Partner responsibilities:
You're liable for your own compliance failures. SAPI's partnership doesn't transfer liability for your regulatory obligations.

Q: Do we need our own FCA authorization?
A: If you're ONLY introducing (not advising), generally no. If you're recommending specific lenders or assessing customer suitability, yes. Consult your legal/compliance advisor.

Q: What if a customer referred by us complains?
A: SAPI handles complaints about our product and service. If the complaint is about your referral process or advice, you handle it. Maintain your own complaints procedure.

Q: Can SAPI audit our compliance procedures?
A: Yes. Partnership agreements typically include audit rights. SAPI may request to review your AML, data protection, and TCF procedures annually or if concerns arise.

Q: What happens if we have a data breach?
A: Notify SAPI immediately (within 24 hours) at [email protected]. SAPI will assess impact on referred customers and may need to notify affected parties.

Q: Do we need to be insurance for professional indemnity?
A: If you're providing advice (not just introductions), yes—typically £500k minimum. If you're only introducing without advice, PI insurance is recommended but may not be required.

Q: Can we market SAPI as "FCA-approved"?
A: No. SAPI is registered with the FCA for AML supervision only, NOT authorized for consumer credit. Saying "FCA-approved" is misleading.

Compliance questions: [email protected]
​Partnership compliance: [email protected]
​Regulatory advice: Consult your legal/compliance advisor

Email: [email protected]

Phone: +44 20 3868 4990

Business Hours: Monday-Friday, 9am-5pm GMT