<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">

Senior Managers & Certification Regime (SMCR)

The Senior Managers and Certification Regime (SMCR or SM&CR) is a financial services regulation in the UK designed to impose personal accountability on senior managers at financial services firms and improve the conduct of all employees at these firms.

SMCR replaces the Approved Persons Regime (APR) that applied to certain senior/approved persons at regulated firms (and in the case of insurance firms, it replaced the Senior Insurance Managers Regime or SIMR).

Browse SMCR Courses

SMCR Ecosystem

Achieving SMCR Compliance

Need to understand the SMCR? We explain everything from conduct rules, functions, scope, responsibilities, fitness and propriety to training. And we provide a wealth of resources to help you in your quest for compliance.

The three key parts of SMCR

There are three key parts to the SMCR: Senior Managers Regime, Certified Persons Regime and Conduct Rules.

  • Senior Managers Regime
    This enforces a detailed and clear allocation of responsibilities between senior managers at each firm, with particular emphasis placed on key documents - 'Statements of Responsibilities' and 'Responsibilities Maps'. These help to record the distribution of responsibility to individual Senior Managers and to demonstrate to the regulators that there are no gaps or excessive overlaps.

    Always bear in mind that Senior Managers have a statutory duty of responsibility "to take reasonable steps to prevent regulatory breaches in the areas of the firm for which they are responsible".
  • Certification Regime
    This requires firms to check and confirm that employees performing roles relating to the firm's regulated activities are fit and proper, based on their qualifications, competence and personal characteristics.

    Once this has been confirmed, the firm needs to issue them with a certificate that must be renewed at least once a year.
  • Conduct Rules
    This consists of a set of rules provided in the FCA's Code of Conduct Handbook (COCON) that covers all individuals: Senior Managers, Certified Persons and other employees.

SMCR Scope

The SMCR has been rolled out in three waves:

  • Wave 1: Banks, building societies, credit unions and large investment firms in March 2016 (updated July 2018)
  • Wave 2: Extended to insurance firms (those regulated by the FCA and PRA) in December 2018
  • Wave 3: The remaining financial services firms (the so-called 'solo-regulated firms' since they are regulated only by the FCA, not the FCA and PRA) came under the scope of this regime from December 2019.

The range of firms in the third wave is very diverse. Consequently, the FCA has grouped them into three categories to ensure that the regulation is proportionate to their sizes and activities:

  • Core: Firms that have to comply with the baseline requirements for solo-regulated firms
  • Limited scope: Firms that already had exemptions under the Approved Persons Regime, and are exempt from some requirements and require fewer senior management functions
  • Enhanced: Firms that have extra requirements - these are large, complex firms with potential impact on consumers or markets which warrant more attention from the FCA

Steps needed to comply with SMCR

  • Complete the Statement of Responsibilities setting out the areas for which each Senior Manager is personally accountable
  • Generate the Responsibilities Map that knits together the Statement of Responsibilities
  • Obtain pre-approval for all Senior Managers by the regulators before they carry out their roles
  • Ensure that Senior Managers understand their Duty of Responsibility and that they have to take reasonable steps to prevent any regulatory breach in their area of responsibility
  • Identify all Certified Persons (ie material risk takers)
  • Carry out a fit and proper assessment of all Certified Persons (re-assess on an annual basis)
  • Train all persons who are subject to the Conduct Rules

SMCR Training

To stay on the right side of the FCA's guidance, all firms must ensure that all employees subject to the conduct rules are notified and provided with 'suitable' training.

Such training must result in employees gaining awareness and a broad understanding of all of the conduct rules, as well as a deeper understanding of the practical application of the specific rules which are relevant to their work.

To help with SMCR implementation, we have created a 3-step training roadmap.

We provide a comprehensive set of SMCR e-learning courses for all financial firms, including banking, insurance and solo-regulated firms.

Key SMCR Courses
The courses below are available tailored for Banking, Insurance, Core, Limited Scope and Enhanced firms:

We also provide further variations of our Conduct Rules Course for Certified Persons to cover specific positions in banking, eg corporate finance and customer functions.

Senior Management Functions

The Senior Managers Regime (SMR) applies to those who perform a Senior Management Function (SMF). The FCA has classified specific functions as SMFs, so that it knows who a firm's senior decision-makers are, and to make sure that firms clearly allocate specific responsibilities to those key individuals.

In certain circumstances, firms can have more than one individual performing a single SMF. However, the FCA expects that SMFs are only shared where it is justified and appropriate.

The list of SMFs that applies depends on the type of firm.

5.1 Governing Function SMFs

SMF1 Chief Executive Core and Enhanced firms
SMF3 Executive Core and Enhanced firms
SMF7 Group Entity Senior Manager Enhanced firms only
SMF 9 Chair (non-executive) Core and Enhanced firms
SMF10 Chair of the Risk Committee Enhanced firms only
SMF11 Chair of the Audit Committee Enhanced firms only
SMF12 Chair of the Remuneration Committee Enhanced firms only
SMF13 Chair of the Nominations Committee Enhanced firms only
SMF14 Senior Independent Director Enhanced firms only
SMF27 Partner Core and Enhanced firms

5.2 Required Function SMFs

SMF16 Compliance oversight Core and Enhanced firms (and sole traders, authorised professional firms and oil market participants)
SMF17 Money Laundering Reporting officer Core and Enhanced firms and (and sole traders and oil market participants)
SMF18 Other Overall Responsibility Enhanced firms only
SMF29 Limited Scope Function Limited Scope firms (e.g. limited permission consumer credit firms, authorised professional firms, firms that intermediate insurance without this being principal business)

 

The Overall Responsibility requirement means that an Enhanced firm will need to make sure that every activity, business area and management function has a Senior Manager with overall responsibility for it. This is to prevent an unclear allocation of responsibilities.

Overall Responsibility means that a Senior Manager:

  • Has ultimate responsibility for managing or supervising a function
  • Briefs and reports to the governing body about their area of responsibility
  • Puts matters requiring decisions about their area of responsibility to the governing body

5.3 Systems and Control SMFs

SMF2 Chief Finance Function Enhanced firms only
SMF4 Chief Risk Function Enhanced firms only
SMF5 Head of Internal Audit Enhanced firms only
SMF24 Chief Operations Function Enhanced firms only

Prescribed Responsibilities

You need to be aware that there are more responsibilities for Senior Managers than just the ones found within each SMF's definition. The regulators have listed certain 'Prescribed Responsibilities' (PRs) that each firm is required to allocate between Senior Managers.

Each PR would generally be allocated to the Senior Manager who performs the SMF most closely linked to the given responsibility. PRs can be shared but not split between Senior Managers. Where responsibility is shared, it is recorded identically in each of the Senior Manager's Statements of Responsibilities.

If there is a breach, all Senior Managers sharing that responsibility may be required to demonstrate that they took reasonable steps to prevent or stop the breach.

The list of PRs that applies depends on the type of firm. Responsibilities (a), (b), (b-1), (d) below cannot be allocated to SMF 18 (Other Overall Responsibility) and responsibilities (j), (k), (l) below should be performed by a non-executive director if possible.

(a) Performance by the firm of its obligations under the SMR, including implementation and oversight All firms
(b) Performance by the firm of its obligations under the Certification Regime All firms
(b-1) Performance by the firm of its obligations in respect of notifications and training of the Conduct Rules All firms
(d) Responsibility for the firm's policies and procedures for countering the risk that the firm might be used to further financial crime All firms
(z) Responsibility for the firm's compliance with CASS (if applicable) All firms
(c) Compliance with the rules relating to the firm's Responsibilities Map Enhanced firms only
(j) Safeguarding and overseeing the independence and performance of the internal audit function (in accordance with SYSC 6.2) Enhanced firms only
(k) Safeguarding and overseeing the independence and performance of the compliance function (in accordance with SYSC 6.1) Enhanced firms only
(l) Safeguarding and overseeing the independence and performance of the risk function (in accordance with SYSC 7.1.21R and SYSC 7.1.22R) Enhanced firms only
(j -3) If the firm outsources its internal audit function, taking reasonable steps to ensure that every person involved in the performance of the service is independent from the persons who perform external audit, including supervision and management of the work of outsourced internal auditors, and management of potential conflicts of interest between the provision of external audit and internal audit services Enhanced firms only
(t) Developing and maintaining the firm's business model Enhanced firms only
(s) Managing the firm's internal stress-tests and ensuring the accuracy and timeliness of information provided to the FCA for the purposes of stress-testing Enhanced firms only
(za) Responsibility for an AFM's assessments of value, independent director representation and acting in investors' best interests Authorised Fund Managers

Duty of Responsibility

Senior Managers have a statutory duty of responsibility "to take reasonable steps to prevent regulatory breaches in the areas of the firm for which they are responsible".

The FCA can take action against a Senior Manager (SM) where it can show that:

  • There was misconduct by the SM's firm,
  • At the time of the misconduct or during any part of it, the SM was responsible for the management of any of the firm's activities in relation to which the misconduct occurred, and the SM did not take such steps as a person in their position could reasonably have been expected to take to avoid the misconduct occurring or continuing

The burden of proof for all these elements lies on the FCA. The SM does not need to show that they took reasonable steps - rather it is for the FCA to prove that they did not. The defence against such action is if the senior manager can show that they took "the steps that are reasonable for a person in that position to take to prevent a regulatory breach from occurring".

For more on this subject read our Duty of Responsibility blog.

Assessing Fitness & Propriety

All Senior Managers must be approved by the FCA, which assesses whether they are fit and proper to perform the given function or responsibility.

Three key factors determine whether you are Fit and Proper:

  1. Honesty, integrity and reputation
  2. Competence and capability
  3. Financial soundness

When determining a person's financial soundness, the FCA will not normally require a statement of assets or liabilities of the person. Limited financial means does not in itself affect the suitability of a person to perform an SMF.

When appointing a Senior Manager or Certified Person, firms are required to obtain a regulatory reference from all their past employers going back six years. This requirement also applies when appointing NEDs who are not Senior Managers. For this purpose, firms need to retain records of disciplinary and fit and proper findings going back six years, and not enter into arrangements that conflict with their disclosure obligations.

SMCR Conduct Rules

SMCR incorporates new high-level standards of behaviour that apply to almost all employees who carry out financial services activities in a firm. Some Conduct Rules apply to all employees, while others apply only to Senior Managers.

The Conduct Rules are intended to drive up standards of individual behaviour in financial services. By applying them to a broad range of staff, the FCA aims to improve individual accountability and awareness of conduct issues across firms.

Individual Conduct Rules (ICRs)

These apply to all employees, with the exception of ancillary staff, such as facility managers, personal assistants, receptionists, medical staff, IT and HR, who perform a purely non-financial services role. These ICRs also apply to Non-Executive Directors.

  • ICR 1: You must act with integrity
  • ICR 2: You must act with due skill, care and diligence
  • ICR 3: You must be open and co-operative with the FCA, the PRA and other regulators
  • ICR 4: You must pay due regard to the interests of customers and treat them fairly
  • ICR 5: You must observe proper standards of market conduct

Senior Manager Conduct Rules (SMCRs)

These apply only to Senior Managers, including NEDs (SC 4 even applies to out of scope NEDs)

  • SC 1: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively
  • SC 2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system
  • SC 3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively
  • SC 4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice

SMCR vs SIMR/APR

It's useful for those new to the SMCR to understand how the regime differs from SIMR and APR.

While many of the SMCR requirements are similar to those set out under the SIMR, many of the changes are significantly different.

1. Senior Management Functions

FCA-designated Senior Management Functions (SMFs) are replaced by Controlled Functions (CFs) that were applied under the APR. The PRA's SIMF functions were re-named SMF functions.

In general, under SMCR, firms have fewer FCA-designated SMFs than CFs.

2. Amended scope to the Compliance Oversight Function

The Compliance Oversight function has been widened to cover all FCA regulatory requirements.

The FCA's Compliance Oversight function (CF10) applied to life insurers only in relation to certain parts of the FCA Handbook. Under SMCR, the Compliance Oversight function applies to all insurers for all regulatory system requirements for which the FCA is responsible.

3. New 'Duty of Responsibility'

SMCR introduced a statutory requirement for senior managers to take reasonable steps to prevent regulatory breaches in their areas of responsibility.

If a firm breaches a regulatory requirement, the Senior Manager with responsibility for the area in which the breach occurred could be liable to enforcement action if they failed to take 'reasonable steps' to prevent the breach from occurring or continuing.

4. Statements of Responsibility

The 'Scope of Responsibilities' document required under SIMR was renamed 'statements of responsibility' under SMCR and now must contain a fuller description of duties.

5. Responsibilities Maps

Governance maps required for Solvency II firms and large NDFs under SIMR are now known as 'responsibilities maps'.

6. New Handover Requirement

SMCR requires Solvency II firms and large NDFs to take all reasonable steps to ensure Senior Managers are provided with the information and materials they could reasonably expect to perform their responsibilities effectively. They must also have a policy explaining how they comply with this and maintain records of the steps taken.

7. An expanded list of Prescribed Responsibilities

The PRA amended some of the prescribed responsibilities set out in SIMR and the FCA has specified additional prescribed responsibilities. Firms will need to review the prescribed responsibilities and allocate them to appropriate Senior Managers.

8. New Certification Regime

The Certification Regime replaced the Approved Person Regime (APR). This requires firms to certify as 'fit and proper' any individual who performs a function that could cause significant harm to the firm or its customers.

Solvency II firms will already have identified material risk takers for Solvency II remuneration purposes. The FCA and PRA have each detailed a list of certification functions. The FCA defines Certification functions more broadly than the PRA. Firms need to be aware of the different PRA and FCA definitions of significant harm function.

Once identified, firms should assess certified persons as fit and proper both at recruitment and annually, and issue a certificate.

9. Conduct rules will apply to most staff

Under SMCR, the regulators can apply enforceable Rules of Conduct to all non-ancillary staff working at a firm. Under SIMR, the conduct rules applied directly only to individuals in insurers who required pre-approval by the PRA or FCA to perform a controlled function.

Staff must be trained on the conduct rules, and training should be tailored to the role.

10. New regulatory notification duties

Be aware that SMCR introduced new notification requirements in relation to conduct rule breaches that firms will have to reflect in their regulatory notification policies.

11. New Regulatory Reference Requirements

Under SMCR, insurers seeking to appoint someone to a Senior Manager or a Certified role must request a regulatory reference from the candidate’s past employer(s). This requirement will also apply to all NEDs who aren't Senior Managers. These requirements build on existing obligations on firms to provide all information relevant to the hiring firm's fit and proper assessment.

SMCR also requires firms to update new employers where new information comes to light. A certificate as to fitness and propriety cannot be issued until references have been received.

12. Enhanced Criminal Record Check Requirement

The SIMR required criminal record checks to be carried out on prospective Senior Managers. Under SMCR, this also applies to NEDs who are not Senior Managers where a fitness requirement already applies to them.

SMCR Best Practices

If you'd like to stay up to date with SMCR best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news subscribe to the Skillcast Compliance Bulletin.

3-Step SMCR Training Model

Whether you're new to the SMCR or benchmarking existing processes, our training model will help get your compliance training on track.

3-Step SMCR Training Model

FCA Conduct Rules Training Aid

Our desk aid has 10 tips on how to ensure your staff fully understand and adhere to conduct rules.

Free Conduct Rules Training Aid

SMCR Solo-Regulated Firms Key Questions Answered

We answer the questions every solo-regulated firm has been asking.

Solo-regulated FAQs & Answers

SMCR Insurance Firms Key Questions Answered

We also answer the questions every insurance firm has been asking.

Insurers FAQs & Answers

How to Evidence your SMCR Competence

If you cannot articulate what is adequate and competent within your firm, you simply won't be able to evidence SMCR compliance when the FCA comes knocking!

How to Evidence SMCR Competence

How to Prevent SMCR Training Damaging Staff Motivation

SMCR created a step-change in personal accountability, causing a headache, especially when dealing with those who've never been accountable before. That's why it's important to take steps to address any issues before they spiral out of control.

Avoiding Staff Demotivation from SMCR

SMCR Course Library

Our comprehensive SMCR training course library contains versions of each e-learning module tailored to your sector needs.

Versions available include Banking, Building Society, Insurance and Solo-regulated firms (Core, Enhanced, Limited scope).

Browse SMCR Courses

SMCR Course Library