Frequently Asked Questions

Read all of our frequently asked questions in the categories below.

Have a question not answered?

Get in touch Read the glossary

Your questions, answered

Bribery Prevention

Cybersecurity

Data Protection (GDPR)

DEI

ESG

Failure to Prevent Fraud

FCA Handbook

Financial Crime

Fraud Prevention

Health & Safety

Preventing Harassment

Risk Management

SMCR

Remote Services

Compliance Portal

Integration

Learning Management System

Common FAQs

How can I monitor and manage anti-bribery compliance in my organisation?

Implementing a gifts and hospitality register enables you to monitor and manage anti-bribery compliance effectively. Employees can log gifts, entertainment, and hospitality, providing a transparent overview of potential risks.

How can I effectively distribute my anti-bribery policy to employees?

Our Policy Hub allows you to upload and distribute your anti-bribery policy seamlessly to all employees. This centralised platform simplifies policy distribution and includes an attestation feature, ensuring employees acknowledge and commit to complying with the policy.

Where can I track incidents involving personal data?

Tools such as a Data Breach Register enable you to log, track, and respond to data breaches and similar incidents efficiently. Skillcast offers this tool, making it easy to document and manage incidents in line with compliance requirements.

How can I benchmark my team's cybersecurity awareness?

An anonymous cybersecurity awareness survey can assess your team's understanding of critical security practices. Skillcast offers ready-to-use surveys to benchmark awareness levels and identify areas needing extra focus.

Where can I track incidents involving personal data?

How can I ensure that employees formally attest to our internal Data Protection Policy?

Our Policy Hub tool allows you to easily assign policies, track when employees read them, and capture their attestation with a simple digital acknowledgement. The tool also provides automated reminders to employees who haven't yet acknowledged the policy, ensuring full compliance and a clear audit trail.

What makes a password secure?

A secure password is long (ideally 12+ characters), contains a mix of letters, numbers, and symbols, and avoids obvious choices like names, birthdays, or simple sequences.

What is a passphrase, and is it better than a password?

A passphrase is a string of unrelated words (e.g., "BlueMonkeySkyLadder!") that's easier to remember but harder to crack. It’s often more secure and user-friendly than traditional complex passwords.

How can organisations help staff manage secure passwords?

Encourage the use of password managers, provide cybersecurity training, and implement policies that support strong, unique password creation.

How do I safely collect data about Diversity and Inclusion in my Company?

Our Diversity Survey tool is fully anonymous, enabling employees to provide honest feedback without identifying information. Responses are aggregated to protect privacy and securely stored in compliance with GDPR regulations, providing valuable insights on diversity and inclusion.

Can I track incidents related to Diversity and Inclusion?

Our compliance breach register allows you to track incidents like discrimination, harassment, or policy non-compliance. This tool securely documents each case, providing a confidential audit trail for monitoring and accountability.

What does workplace inclusivity mean?

Workplace inclusivity refers to creating an environment where all employees, regardless of gender, ethnicity, disability, age, or background, feel valued, respected, and have equal access to opportunities and resources.

Why do inclusivity levels vary across industries?

Factors include historical workforce composition, cultural norms, recruitment practices, leadership diversity, and levels of regulatory or social pressure. For example, traditionally male-dominated sectors like construction often struggle with gender diversity.

How is inclusivity measured in different sectors?

Common metrics include gender pay gap, representation of women and minorities in senior roles, diversity in hiring, employee satisfaction, and accessibility policies.

How does inclusivity benefit businesses?

Inclusive workplaces are linked to higher employee engagement, greater innovation, stronger team performance, and improved brand reputation. They’re also better positioned to meet legal and social expectations.

How can I log breaches in our Environmental Procedures?

Our Compliance Breach Register helps you track breaches of your Environmental Procedures. It allows you to securely log incidents and maintain a clear audit trail. By centralising this process, you can monitor compliance, analyse trends, and demonstrate accountability in line with ESG standards.

How can employees report ESG-related concerns anonymously?

Our Whistleblowing Register allows employees to report any ESG-related issues, such as environmental risks, ethical breaches, or governance concerns. This secure and anonymous platform ensures that employees feel safe raising concerns.

How can I ensure employees are aware of and comply with our Environmental Procedures?

With our Policy Hub, you can easily distribute your Environmental Procedures to employees and ensure compliance. The tool allows you to assign policies, track acknowledgements, and send automated reminders to those who haven't attested yet.

We have identified we need to train external contacts we consider to be Associated Persons, what is an effective way to do this?

The FTPF package includes micro-learning that is ideal for short engaging training for external contacts. You'll nee to make sure your LMS supports external assignments, or speak to us about Skillcast managing these assignments for you.

We would usually send out the same Fraud course to all staff, why does Skillcast offer Managers versions of the courses?

The new FTPF offence includes new responsibilities and new penalties for Managers in firms where internal fraud is not prevented. It's really important to ensure Managers are aware of this, Manager versions of our courses really focus on this and what managers can do to mitigate this risk.

How can I make sure every employee has read and agreed to our anti-fraud and conduct policies?

Our Policy management ensures employees review and acknowledge key anti-fraud and conduct policies, creating a clear audit trail for regulators. You can manage policy updates, track completions, and demonstrate compliance—all from one place.

How can I measure my employees’ awareness of fraud risks and identify gaps in understanding?

Our Fraud Prevention Staff Survey helps you gauge staff awareness of fraud risks and pinpoint areas that need attention before issues arise. You can run periodic surveys to monitor culture, track improvements over time, and target further training.

How can I give employees a secure way to record suspicious activity so we can act quickly?

Our Suspicious Activity Register allows staff to log concerns or irregularities they observe, helping you detect potential issues early. The secure register can be reviewed by compliance teams, enabling prompt investigation and action.

How can I provide employees with a safe and anonymous way to report suspected fraud?

Our Whistleblowing Register gives employees a confidential channel to report potential fraud without fear of retaliation. This demonstrates to regulators that you take whistleblower protections seriously and encourages a culture of transparency.

How can I evidence anti-fraud measures that happen outside of e-learning?

Our Offline Activity Register captures anti-fraud initiatives that take place beyond the LMS—such as manager briefings, toolbox talks, and verbal training. This ensures you can evidence all preventative measures, not just online learning.

Which principle is most important in an insurance contract?

Utmost good faith is the most critical, requiring both parties to disclose all material facts. Without it, contracts risk being invalidated under UK insurance law.

What is proximate cause in insurance?

It is the dominant, effective cause of loss, not merely the last or nearest event. Courts use proximate cause to determine whether a peril covered by the policy actually triggered the claim.

How does the principle of indemnity work in real-life claims?

The principle of indemnity ensures you’re restored to your pre-loss financial state, not profiting from claims. For example, if your insured car repair costs £9,000, the insurer pays that amount, not the full policy limit.

What types of firms are regulated under CONC?

Under the Consumer Credit sourcebook (CONC), firms engaged in consumer credit activities, including lenders, credit brokers, debt management firms, and credit information services, are regulated by the Financial Conduct Authority (FCA). This encompasses a broad spectrum of consumer finance services, such as personal loans, hire purchase agreements, and credit broking.

How often should firms review their CONC compliance policies?

Firms are required to review their CONC compliance policies regularly to ensure they remain effective and up to date. While the FCA does not prescribe a specific review frequency, it is generally expected that firms assess their compliance arrangements periodically, taking into account changes in business operations, regulatory updates, and market conditions.

What triggers an FCA investigation into CONC breaches?

The FCA may initiate an investigation into potential breaches of CONC if there is evidence of widespread or repeated failures that could harm consumers. Triggers include patterns of non-compliance, consumer complaints, or findings from supervisory activities that suggest systemic issues.

What kind of staff training is required to meet CONC standards?

To meet CONC standards, firms must ensure that their staff receive appropriate training and supervision. This includes providing relevant training before employees work with reduced supervision and ensuring supervisors have the necessary technical knowledge and coaching skills.

How does insider trading affect businesses and investors?

Insider trading damages market fairness, giving some investors an unfair advantage and undermining trust. For businesses, it risks reputational harm and FCA penalties, even without personal gain. Investors face distorted prices and reduced confidence, with the FCA finding signs of insider dealing in nearly a third of UK takeovers.

What tools are used to detect insider trading?

The FCA relies on surveillance systems, transaction data, and Suspicious Transaction and Order Reports (STORs). Firms must keep insider lists and use internal trade monitoring, pre-clearance systems, and staff training.

How does the FCA regulate insider trading?

The FCA regulates insider trading under the Financial Services and Markets Act 2000, the Criminal Justice Act 1993, and UK MAR, reinforced by the Financial Services Act 2021. Sanctions include unlimited fines, injunctions, public censures, and up to 10 years’ imprisonment.

What is a Recognised Investment Exchange (RIE) and how is it regulated?

A Recognised Investment Exchange (RIE) is a UK exchange authorised by the FCA to trade securities or derivatives. RIEs must maintain orderly markets, monitor for abuse, and ensure member compliance, with the FCA supervising their operations and enforcing rules as needed.

What steps can firms take to avoid FCA penalties?

Firms can mitigate the risk of FCA penalties by establishing comprehensive compliance frameworks. This includes implementing clear policies on market abuse, conducting regular staff training, maintaining accurate insider lists, and ensuring timely submission of Suspicious Transaction and Order Reports (STORs). Additionally, firms should regularly audit their surveillance systems to detect and address any potential issues promptly.

How does the FCA monitor and detect market abuse?

The FCA employs advanced surveillance tools to monitor trading activities, including the analysis of transaction reports and order books. Firms are required to submit STORs when they suspect market abuse, and issuers must maintain insider lists. The FCA also collaborates with other regulators and uses data analytics to identify and investigate potential instances of market abuse, ensuring the integrity of UK financial markets.

What does FCA COBS stand for?

FCA COBS stands for the Financial Conduct Authority’s Conduct of Business Sourcebook, which sets out rules and guidance for how regulated firms must interact with clients, market products, and provide advice.

What is the main purpose of COBS?

Its goal is to ensure firms act honestly, fairly, and professionally in the best interests of clients, with clear, fair, and not misleading communications.

Where can I find the full COBS rules?

The complete COBS section is available in the FCA Handbook, which is updated frequently.

Who needs to comply with COBS rules?

Any FCA‑regulated firm carrying out designated investment business, ancillary services, or insurance‑related activities in the UK, including advisers, brokers, wealth managers, and investment platforms must comply.

Who do the FCA Principles apply to?

They apply to all FCA‑regulated firms and individuals performing controlled functions, regardless of size or sector.

How are the FCA Principles enforced?

The FCA enforces the Principles through regulatory, civil, and criminal powers, including fines, public censures, and prohibitions. Their approach is detailed in the FCA Enforcement Guide.

What happens if a firm fails to notify the FCA of an issue?

Firms are required to notify the FCA promptly of any matters that could have a significant adverse impact on their ability to meet regulatory requirements. Failure to do so can result in enforcement action, including fines or other sanctions.

How can firms ensure compliance with the FCA Principles?

Firms can ensure compliance with the FCA Principles by implementing robust governance frameworks, conducting regular risk assessments, and maintaining effective internal controls. This includes establishing clear policies and procedures, providing ongoing staff training, and fostering a culture of compliance throughout the organisation.

How often should FCA Code of Conduct training be refreshed to remain effective?

Firms should refresh Code of Conduct training at least annually, or more frequently if there are significant regulatory updates, changes in business processes, or lessons learned from compliance breaches. Regular refreshers help maintain awareness and reinforce the expected behaviours across the organisation.

How can firms tailor Code of Conduct training for high‑risk business areas?

Training should be customised to reflect the specific risks and responsibilities of high-risk areas, such as trading desks or advisory teams. This can include scenario-based exercises, role-specific guidance, and practical examples relevant to the department’s day-to-day activities, ensuring staff understand the real-world implications of the Conduct Rules.

What tools or technology can support ongoing compliance monitoring?

Firms can leverage compliance monitoring software to track employee behaviour, trade activity, and adherence to policies. This includes workflow tracking, automated alerts, data analytics, and communication surveillance systems to identify potential breaches quickly and efficiently.

What steps can be taken to rebuild trust after a breach of the Conduct Rules?

Rebuilding trust requires transparency, accountability, and proactive remediation. Firms should promptly investigate the breach, implement corrective measures, communicate clearly with stakeholders, and enhance training and oversight to prevent recurrence. Demonstrating a strong culture of compliance and ethical behaviour is key to restoring confidence among clients, staff, and regulators.

Who needs to comply with CASS rules?

Any firm regulated by the FCA that holds or controls client money or assets must comply with CASS rules. This includes investment firms, asset managers, and certain insurance intermediaries.

How often should firms review their CASS compliance procedures?

Firms should review their procedures at least annually, or whenever there are changes in regulation, business structure, or risk exposure. Regular internal audits and gap analyses are recommended.

What role does staff training play in CASS compliance?

Training is critical. Staff must understand their responsibilities under CASS, know how to handle client money and assets correctly, and be able to identify and escalate potential breaches.

How can I log and track incidents of financial crime in my organisation?

Our Compliance Breach Register allows you to securely log and monitor incidents of financial crime, such as bribery or money laundering. The tool enables you to track resolution progress and maintain a clear audit trail, ensuring accountability and compliance with regulatory requirements.

How can I ensure my employees understand and comply with our internal policies in relation to financial crime?

Our Policy Hub enables you to distribute policies such as your Anti-Money Laundering (AML) policy to employees, track acknowledgements, and send automated reminders. This ensures everyone understands their obligations and helps you maintain compliance with financial crime regulations.
.

Can small businesses be held accountable under competition law?

Yes. Competition law applies to businesses of all sizes. Even small companies can face investigations and serious penalties for engaging in anti-competitive conduct.

Are informal conversations with competitors risky?

Absolutely. Informal chats, especially those involving prices, market plans, or customers, can constitute unlawful agreements and should be avoided.

What are the consequences of breaking competition law?

Violations can lead to heavy fines for companies, director disqualification, criminal prosecution, and reputational damage.

How can companies prevent anti-competitive behaviour?

By implementing regular compliance training, setting clear internal policies, encouraging reporting of concerns, and ensuring employees understand the legal risks.

Does the Criminal Finances Act 2017 apply to non-UK companies?

Yes. The Act can apply to overseas entities if any part of the tax evasion facilitation occurs within the UK or involves UK tax liabilities. Multinational firms with UK operations should take note.

What industries are most at risk under the Criminal Finances Act?

Industries with complex financial transactions, high-value assets, or extensive third-party relationships such as banking, legal services, real estate, and professional consulting are particularly exposed to conduct and facilitation risks.

How often should businesses review their tax evasion prevention procedures?

Best practice is to conduct reviews annually or whenever there are significant changes in business operations, regulatory guidance, or risk exposure. Regular audits help ensure ongoing compliance.

Can small businesses be prosecuted under the Criminal Finances Act 2017?

Yes. The Act applies to all organisations, regardless of size. However, the HMRC’s guiding principles allow for proportionality, meaning smaller firms are expected to implement controls that match their risk level and operational complexity.

What industries are most vulnerable to proliferation financing risks?

Industries dealing with dual-use goods, advanced technologies, chemicals, and logistics are particularly exposed. Financial institutions supporting international trade also face elevated risks.

How can small businesses ensure compliance with proliferation financing regulations?

Even SMEs should implement basic risk assessments, maintain up-to-date sanctions screening tools, and train staff on red flags related to trade-based money laundering and dual-use items.

Are there international standards for combating proliferation financing?

Yes. The Financial Action Task Force (FATF) provides global guidelines, including Recommendation 7, which focuses on targeted financial sanctions related to proliferation.

What are “dual-use goods” and why are they significant?

Dual-use goods are items that can serve both civilian and military purposes. Their trade is tightly regulated due to the potential for misuse in weapons development.

How often should proliferation financing risk assessments be updated?

Best practice suggests reviewing risk assessments annually or whenever there are significant changes in business operations, customer profiles, or geopolitical developments.

How can I ensure employees are aware of our Fraud Prevention policies and procedures?

Our Policy Hub makes it easy to distribute your Fraud Prevention policies to all employees and track their acknowledgement. You can set up automated reminders to ensure that employees review and agree to comply with these policies, providing a clear record of engagement to support compliance.

How can employees report suspicions of fraud anonymously?

Our Whistleblowing Register provides a secure and anonymous platform for employees to report any suspicions of fraud. This tool ensures that employees can raise concerns without fear of retaliation, allowing your organisation to address potential issues promptly and transparently.

How can I make sure every employee has read and agreed to our anti-fraud and conduct policies?

How can I measure my employees’ awareness of fraud risks and identify gaps in understanding?

How can I provide employees with a safe and anonymous way to report suspected fraud?

How can I log and track work-related injuries, accidents and dangerous occurrences?

Our RIDDOR Registers allow you to securely record and track work-related injuries and dangerous occurrences, ensuring compliance with the Reporting of Injuries, Diseases, and Dangerous Occurrences Regulations (RIDDOR). This tool helps you monitor incidents, maintain an accurate audit trail, and take proactive steps to prevent future incidents.

How can I ensure my employees’ workstation setups comply with health and safety regulations?

Our DSE (Display Screen Equipment) Assessment tool helps you evaluate employees' workstation setups to ensure they meet health and safety standards. It guides employees through an easy-to-use self-assessment, identifying risks related to posture, screen positioning, and seating. Administrators can review flagged issues and take necessary actions to ensure compliance.

How can I measure and improve employee wellbeing in relation to health and safety?

Our Employee Wellbeing Survey helps you assess factors affecting employee health, including stress, mental wellbeing, and physical health. This anonymous survey provides valuable insights to inform wellbeing initiatives and create a healthier, more supportive work environment.

How can I support employees in reporting sexual harassment incidents?

Our Whistleblowing Register tool provides a secure, anonymous platform for reporting incidents confidentially and safeguarding sensitive information while enabling prompt HR and compliance responses.

How does conduct risk differ from compliance risk?

Conduct risk focuses on behaviour and outcomes, how actions affect customers and markets - while compliance risk relates to failing to meet legal or regulatory requirements. Conduct risk is broader and more subjective, often tied to culture and ethics.

Who is responsible for managing conduct risk within a firm?

While senior leadership sets the tone, managing conduct risk is a shared responsibility across all levels, from front-line staff to compliance teams. Everyone plays a role in identifying and mitigating risky behaviour.

Can conduct risk exist in non-financial sectors?

Yes. Although the FCA regulates financial services, conduct risk principles apply across industries. Any business that interacts with customers or influences markets can face conduct-related challenges.

How can technology help reduce conduct risk?

Tools like automated monitoring systems, AI-driven analytics, and e-learning platforms can help detect risky patterns, reinforce ethical behaviour, and ensure consistent training across teams.

How often should proliferation financing risk assessments be updated?

Best practice suggests reviewing risk assessments annually or whenever there are significant changes in business operations, customer profiles, or geopolitical developments.

What is SMCR?

There are three key parts to the SMCR: Senior Managers Regime, Certified Persons Regime and Conduct Rules.

Senior Managers Regime
This enforces a detailed and clear allocation of responsibilities between senior managers at each firm, with particular emphasis placed on key documents - 'Statements of Responsibilities' and 'Responsibilities Maps'. These help to record the distribution of responsibility to individual Senior Managers and to demonstrate to the regulators that there are no gaps or excessive overlaps.

Always bear in mind that Senior Managers have a statutory duty of responsibility "to take reasonable steps to prevent regulatory breaches in the areas of the firm for which they are responsible".
Certification Regime
This requires firms to check and confirm that employees performing roles relating to the firm's regulated activities are fit and proper, based on their qualifications, competence and personal characteristics.

Once this has been confirmed, the firm needs to issue them with a certificate that must be renewed every year.
Conduct Rules
This consists of a set of rules provided in the FCA's Code of Conduct Handbook (COCON) that covers all individuals: Senior Managers, Certified Persons and other employees.

What is the scope of the SMCR?

SMCR rollout waves
The SMCR has been rolled out in three waves:

Wave 1: Banks, building societies, credit unions and large investment firms in March 2016 (updated July 2018)
Wave 2: Extended to insurance firms (those regulated by the FCA and PRA) in December 2018
Wave 3: The remaining financial services firms (otherwise known as 'solo-regulated firms' since they are regulated only by the FCA, not the FCA and PRA) came under the scope of this regime in December 2019.

SMCR categories
The range of firms in the third wave is very diverse. Consequently, the FCA has grouped them into three categories to ensure that the regulation is proportionate to their sizes and activities:

Core: Firms that have to comply with the baseline requirements for solo-regulated firms
Limited scope: Firms that already had exemptions under the Approved Persons Regime, and are exempt from some requirements and require fewer senior management functions
Enhanced: Firms that have extra requirements - these are large, complex firms with potential impact on consumers or markets which warrant more attention from the FCA

What's needed to comply with SMCR?

Statement of Responsibilities - Set out the areas for which each Senior Manager is personally accountable
Responsibilities Map - This knits together the Statement of Responsibilities
Pre-approval for all Senior Managers - obtain this from the regulators before they carry out their roles
Duty of Responsibility - Ensure that Senior Managers understand their responsibilities and take reasonable steps to prevent regulatory breaches in their areas of responsibility
Identify all Certified Persons - These are all material risk takers
Fit and Proper Assessment - Of all Certified Persons, then re-assess on an annual basis
Training - Of all those who are subject to the Conduct Rules

SMCR Training

To stay on the right side of the FCA's guidance, all firms must ensure that all employees subject to the conduct rules are notified and provided with 'suitable' training.

Such training must result in employees gaining awareness and a broad understanding of all of the conduct rules, as well as a deeper understanding of the practical application of the specific rules which are relevant to their work.

To help with SMCR implementation, we have created a 3-step training model.

We provide a comprehensive set of SMCR training courses for all financial firms, including banking, insurance and solo-regulated firms.

Duty of Responsibility

Senior Managers have a statutory duty of responsibility "to take reasonable steps to prevent regulatory breaches in the areas of the firm for which they are responsible".

The FCA can take action against a Senior Manager (SM) where it can show that:
There was misconduct by the SM's firm,
At the time of the misconduct or during any part of it, the SM was responsible for the management of any of the firm's activities in relation to which the misconduct occurred, and the SM did not take such steps as a person in their position could reasonably have been expected to take to avoid the misconduct occurring or continuing.

The burden of proof for all these elements lies on the FCA. The SM does not need to show that they took reasonable steps - rather, it is for the FCA to prove that they did not. The defence against such action is if the senior manager can show that they took "the steps that are reasonable for a person in that position to take to prevent a regulatory breach from occurring".

Fitness and Propriety

The FCA must approve all senior managers, which assess whether they are fit and proper to perform the given function or responsibility.

Three key factors determine whether you are Fit and Proper:
Honesty, integrity and reputation
Competence and capability
Financial soundness

When determining a person's financial soundness, the FCA will not normally require a statement of assets or liabilities of the person. Limited financial means does not in itself affect the suitability of a person to perform an SMF.

When appointing a Senior Manager or Certified Person, firms must obtain a regulatory reference from all their past employers going back six years. This requirement also applies when appointing NEDs who are not Senior Managers.

For this purpose, firms need to retain records of disciplinary and fit and proper findings going back six years and not enter into arrangements that conflict with their disclosure obligations.

What are the SMCR Conduct Rules?

SMCR incorporates new high-level standards of behaviour that apply to almost all employees who carry out financial services activities in a firm. Some Conduct Rules apply to all employees, while others apply only to Senior Managers.

The Conduct Rules are intended to drive up standards of individual behaviour in financial services. By applying them to a broad range of staff, the FCA aims to improve individual accountability and awareness of conduct issues across firms.

Individual Conduct Rules (ICRs)
These apply to all employees, with the exception of ancillary staff, such as facility managers, personal assistants, receptionists, medical staff, IT and HR, who perform a purely non-financial service's role. These ICRs also apply to Non-Executive Directors.
ICR 1: You must act with integrity
ICR 2: You must act with due skill, care and diligence
ICR 3: You must be open and cooperative with the FCA, the PRA and other regulators
ICR 4: You must pay due regard to the interests of customers and treat them fairly
ICR 5: You must observe proper standards of market conduct

Senior Manager Conduct Rules (SMCRs)
These apply only to Senior Managers, including NEDs (SC 4 even applies to out of scope NEDs)
SC 1: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively
SC 2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system
SC 3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively
SC 4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice

What does SMCR Best Practice look like?

Stay up to date with SMCR best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech by subscribing to the Skillcast Compliance Bulletin.

3-Step SMCR Training Model
Whether you're new to the SMCR or benchmarking existing processes, our training model will help get your compliance training on track.

FCA Conduct Rules Training Aid
Our desk aid has ten tips on how to ensure your staff fully understand and adhere to conduct rules.

FCA COCON Breaches Desk Aid
Our desk aid reminds all of your staff fully of the ten easiest ways to breach the FCA Code of Conduct.

Operational Resilience Implementation Checklist
Ensure your firm follows the FCA guidelines for a compliant operational resilience programme.

Fit and Proper Training Presentation
Firms need to assess the Fitness and Propriety (F&P) of Senior Managers and Certified Persons when they are appointed and on an ongoing basis. Our F&P training presentation uses scenarios to help explain this further.

SMCR & Non-financial Misconduct
A lack of public confidence and some damaging press stories have renewed the FCA's focus on conduct, including non-financial misconduct. Find out more, including a free training module and a desk aid.

SMCR Solo-Regulated Firms Key Questions Answered
We answer the questions every solo-regulated firm has been asking.

SMCR Insurance Firms Key Questions Answered
We also answer the questions every insurance firm has been asking.

How to Evidence your SMCR Competence
If you cannot articulate what is adequate and competent within your firm, you simply won't be able to evidence SMCR compliance when the FCA comes knocking!

How to Prevent SMCR Training Damaging Staff Motivation
SMCR created a step-change in personal accountability, causing a headache, especially when dealing with those who've never been accountable before. That's why it's important to take steps to address any issues before they spiral out of control.

What are the SMCR Functions?

The Senior Managers Regime (SMR) applies to those who perform a Senior Management Function (SMF). The FCA has classified specific functions as SMFs, so that it knows who a firm's senior decision-makers are, and to make sure that firms clearly allocate specific responsibilities to those key individuals.

In certain circumstances, firms can have more than one individual performing a single SMF. However, the FCA expects that SMFs are only shared where it is justified and appropriate.

The list of SMFs that apply depends on the type of firm.

5.1 Governing Function SMFs

SMF1	Chief Executive	Core and Enhanced firms
SMF3	Executive	Core and Enhanced firms
SMF7	Group Entity Senior Manager	Enhanced firms only
SMF 9	Chair (non-executive)	Core and Enhanced firms
SMF10	Chair of the Risk Committee	Enhanced firms only
SMF11	Chair of the Audit Committee	Enhanced firms only
SMF12	Chair of the Remuneration Committee	Enhanced firms only
SMF13	Chair of the Nominations Committee	Enhanced firms only
SMF14	Senior Independent Director	Enhanced firms only
SMF27	Partner	Core and Enhanced firms

5.2 Required Function SMFs

SMF16	Compliance oversight	Core and Enhanced firms (and sole traders, authorised professional firms and oil market participants)
SMF17	Money Laundering Reporting officer	Core and Enhanced firms and (and sole traders and oil market participants)
SMF18	Other Overall Responsibility	Enhanced firms only
SMF29	Limited Scope Function	Limited Scope firms (e.g. limited permission consumer credit firms, authorised professional firms, firms that intermediate insurance without this being principal business)

The Overall Responsibility requirement means that an Enhanced firm will need to make sure that every activity, business area and management function has a Senior Manager with overall responsibility for it. This is to prevent an unclear allocation of responsibilities.

Overall Responsibility means that a Senior Manager:

Has ultimate responsibility for managing or supervising a function
Briefs and reports to the governing body about their area of responsibility
Puts matters requiring decisions about their area of responsibility to the governing body

5.3 Systems and Control SMFs

SMF2	Chief Finance Function	Enhanced firms only
SMF4	Chief Risk Function	Enhanced firms only
SMF5	Head of Internal Audit	Enhanced firms only
SMF24	Chief Operations Function	Enhanced firms only

What are the required responsibilities under the SMCR Responsibilities

You need to be aware that there are more responsibilities for Senior Managers than just the ones found within each SMF's definition. The regulators have listed certain 'Prescribed Responsibilities' (PRs) that each firm is required to allocate between Senior Managers.

Each PR would generally be allocated to the Senior Manager who performs the SMF most closely linked to the given responsibility. PRs can be shared but not split between Senior Managers. Where responsibility is shared, it is recorded identically in each of the Senior Manager's Statements of Responsibilities.

If there is a breach, all Senior Managers sharing that responsibility may be required to demonstrate that they took reasonable steps to prevent or stop the breach.

The list of PRs that applies depends on the type of firm. Responsibilities (a), (b), (b-1), (d) below cannot be allocated to SMF 18 (Other Overall Responsibility) and responsibilities (j), (k), (l) below should be performed by a non-executive director if possible.

(a)	Performance by the firm of its obligations under the SMR, including implementation and oversight	All firms
(b)	Performance by the firm of its obligations under the Certification Regime	All firms
(b-1)	Performance by the firm of its obligations in respect of notifications and training of the Conduct Rules	All firms
(d)	Responsibility for the firm's policies and procedures for countering the risk that the firm might be used to further financial crime	All firms
(z)	Responsibility for the firm's compliance with CASS (if applicable)	All firms
(c)	Compliance with the rules relating to the firm's Responsibilities Map	Enhanced firms only
(j)	Safeguarding and overseeing the independence and performance of the internal audit function (in accordance with SYSC 6.2)	Enhanced firms only
(k)	Safeguarding and overseeing the independence and performance of the compliance function (in accordance with SYSC 6.1)	Enhanced firms only
(l)	Safeguarding and overseeing the independence and performance of the risk function (in accordance with SYSC 7.1.21R and SYSC 7.1.22R)	Enhanced firms only
(j -3)	If the firm outsources its internal audit function, taking reasonable steps to ensure that every person involved in the performance of the service is independent from the persons who perform external audit, including supervision and management of the work of outsourced internal auditors, and management of potential conflicts of interest between the provision of external audit and internal audit services	Enhanced firms only
(t)	Developing and maintaining the firm's business model	Enhanced firms only
(s)	Managing the firm's internal stress tests and ensuring the accuracy and timeliness of information provided to the FCA for the purposes of stress-testing	Enhanced firms only
(za)	Responsibility for an AFM's assessments of value, independent director representation and acting in investors' best interests	Authorised Fund Managers

Who is responsible for assessing competence?

First‑line managers should take ownership of defining and assessing competence for their teams. HR and Compliance act as second‑line functions, providing oversight and challenge rather than controlling the process.

What types of evidence can demonstrate competence?

Effective evidence includes a mix of qualifications, ongoing assessments, case‑based testing, observation of performance, and documented examples of sound decision‑making in practice.

How often should competence be reviewed?

Competence should be assessed at least annually as part of the certification process, and more frequently if there are changes in role, regulation, or performance concerns.

Is our training content still compliant with the latest legislation?

You can check the latest course content updates in our library updates page: https://www.skillcast.com/compliance-course-library-updates
For major legislative changes, we:
- Will send you email alerts to ensure you are notified
- Offer you a free trial of newly created or updated content
- Host webinars with compliance experts to explain the changes and how our training supports your ongoing compliance

What formats do you support for remote delivery?

We provide content packages in SCORM 1.2, SCORM 2004 (2nd, 3rd and 4th edition) and xAPI formats, which are compatible with most LMS platforms.

Can we request bespoke modules on top of the standard library?

Yes, we offer bespoke content development as an additional service. If you need a course specific to your organisation’s policies or procedures, we can help create it from scratch or adapt existing content.

Can you translate our content into other languages?

Yes, we offer translations in a wide range of languages. Let us know your needs, and we’ll confirm availability or work with you to plan translations for your selected modules.

How do I know if a compliance platform will actually engage employees?

Look for platforms with interactive training, gamification, and feedback tools. Employee experience should be part of the demo and trial process.

Are gamification features really effective in compliance training?

Yes, when used well, gamification features tap into motivation, encourage friendly competition, and make compliance feel less like a chore.

What should I consider if my workforce is remote or global?

Choose a platform with mobile access, multilingual support, and flexible delivery methods (e.g., microlearning, video, e-learning modules).

How do I get leadership buy-in for a more engagement-focused compliance platform?

Show the ROI - this is something that is hard to argue with. Engaged employees complete training faster, retain knowledge longer, and reduce compliance risks.

How long does it take to implement a new compliance platform?

It depends on the company size and complexity. Many platforms offer phased rollouts or pilot programmes to minimise disruption.

What’s the biggest mistake organisations make when choosing a compliance platform?

Focusing only on meeting regulatory requirements without considering usability or employee experience which leads to low adoption and, essentially, a wasted investment.

What’s the best compliance training platform for integrating with an existing talent management system?

Our built-in LMS that enables you to deliver training while offering an AI-powered digital learning assistant, reporting, and compliance tools. It can be integrated with an existing LMS and complies with SCORM, so you can also offer remote e-learning programmes to your employees.

Does your compliance platform integrate with Salesforce for employee compliance tracking?

Yes – we are able to integrate with Salesforce using the built-in Salesforce REST API for user provisioning, so employee data can be synced, enabling them to be added to the system or removed automatically. They can then access their assigned training modules or courses based on their job role. Find out how to configure user provisioning from Salesforce to Skillcast.

Does your compliance platform support integration with an employee engagement platform?

With our compliance platform you can integrate with employee engagement tools; in fact, one of its integration partners is Slack, a messaging and collaboration platform. You could send automated compliance training reminders or notifications, or communicate with employees two-way via Skillcast.

Are Skillcast courses SCORM-compliant?

Yes. This means they can be delivered via the Skillcast Portal or any other SCORM-compliant Learning Management System.

What other tools are needed beyond training?

A comprehensive compliance solution often needs more than just training. Alongside e-learning, tools like declarations, surveys, and registers that track compliance tasks are usually essential. Skillcast provides full support to help you set up these additional tools.

Is our training content still compliant with the latest legislation?

You can check the latest course content updates in our library updates page: https://www.skillcast.com/compliance-course-library-updates
For major legislative changes, we:
- Will send you email alerts to ensure you are notified
- Offer you a free trial of newly created or updated content
- Host webinars with compliance experts to explain the changes and how our training supports your ongoing compliance

Can you translate our content into other languages?

Yes, we offer translations in a wide range of languages. Let us know your needs, and we’ll confirm availability or work with you to plan translations for your selected modules.

What file types are supported by the Skillcast system?

Features	Supported file types and details
File Exchange	File types: PDF, Excel spreadsheets, Word documents, SCORM and xAPI files, and compressed zip files. Max file size: Default is 1GB, can be increased to a max of 2GB
SCORM files	Versions: SCORM 1.2, SCORM 1.2 for Moodle, SCORM 2004 2nd, 3rd and 4th Edition. Max file size: 1024MB
xAPI file	Max file size: 2GB
Videos	File types: MP4 or MOV. Videos must be optimised, with a max file size of 100MB. If the file is bigger, our Design Team can help
Images	File types: jpg, png and gif. The file size should ideally be 100KB, but it can be up to 250KB
CPD evidence	File types: Word, PDF, Excel and CSV. File size: the limit should be whatever the portal config option is set to. Servers are set to max 2GB
Policy documents	PDF or Word File size: the limit should be whatever the portal config option is set to. Servers are set to max 2GB
Offline activities evidence	File types: PDF, DOC, DOCX, XLS, XLSX, CSV, PNG, GIF, JPEG, JPG, PPTX and MSG. File size: the limit should be whatever the portal config option is set to. Servers are set to max 2GB
Client logo files	File types provided by client: EPS, PDF, AI and SVG
Registers	PDF, DOC, DOCX, XLS, XLSX, CSV, PPT, PPTX, POT, PPA, PPS, JPG, JPEG, PJEPG, PNG, BMP, GIF, MP4, MOV, WMV, CPTX, CP, TXT, ZIP and MSG files
Declarations	JPG, JPEG, PNG, GIF, XLS and XLSX files