• $150 – $7,500 per vulnerability
  • Safe harbor

New Policy for Out of Scope Research on FCA

Before starting research on an out-of-scope asset, please contact From there, we will work with FCA to confirm there is interest in the research, and to determine if testing can be conducted without causing a spike in errors or disruption of service. Note that out-of-scope findings may not be eligible for a monetary reward, which is at the discretion of FCA.

Please re-review the bounty brief in detail and adjust your testing, and all scanners accordingly to make sure you are only testing and submitting in-scope bugs.

If you have any questions on the change in the scope, please reach out to