1. Understanding SMCR
What is the Senior Managers & Certification Regime?
The Senior Managers & Certification Regime (SMCR) is the UK regulatory framework that sets out how accountability and responsibility are allocated within financial services firms. Introduced by the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA), SMCR replaced the Approved Persons Regime and represents a fundamental shift in how regulators hold individuals accountable for their actions and decisions.
Three Core Components of SMCR
Key Objectives of SMCR
SMCR aims to reduce harm to consumers and strengthen market integrity by encouraging staff to take personal responsibility for their actions and making firms and senior managers more accountable for their conduct and competence.
Which Firms Does SMCR Apply To?
SMCR applies to virtually all FCA-regulated firms, but the specific requirements depend on the type and size of your firm. Understanding which category your firm falls into is critical, as this determines your obligations under the regime.
The Three SMCR Tiers
SMCR firms are divided into three main tiers, each with different levels of requirements:
| Tier | Firms Included | Key Requirements |
|---|---|---|
| Enhanced | Banks, building societies, insurers, PRA-designated firms, firms with £50bn+ AUM | Full SMF range, all prescribed responsibilities, Management Responsibilities Maps |
| Core | Most investment firms, mortgage intermediaries, insurance brokers, consumer credit firms | Reduced SMF set, fewer prescribed responsibilities, certification and conduct rules |
| Limited | Limited permission firms, small payment institutions, appointed representatives | Conduct rules only - exempt from SMR and Certification Regime |
Enhanced Scope Firms
Enhanced scope firms face the most comprehensive SMCR requirements. This category includes:
Core SMCR Firms
Core firms represent the majority of FCA-regulated firms and face a streamlined version of SMCR:
Limited Scope Firms
Limited scope firms face the lightest touch under SMCR:
SMCR Tier Assessment Tool
Correctly identifying which SMCR tier your firm falls into is crucial for compliance. MEMA's regulatory experts can assess your firm's status and provide a complete gap analysis of your current compliance position.
Book SMCR AssessmentSolo-Regulated vs. Dual-Regulated Firms
In addition to the three tiers, firms are categorized as either solo-regulated (by the FCA only) or dual-regulated (by both the FCA and PRA):
- Solo-regulated firms: Most investment firms, consumer credit firms, payment services firms, and insurance intermediaries regulated only by the FCA
- Dual-regulated firms: Banks, building societies, credit unions (over £10m), PRA-designated investment firms, and insurers regulated by both the FCA and PRA
2. Senior Manager Functions (SMFs)
Senior Manager Functions (SMFs) are specific roles within a firm that carry significant influence or responsibility. Individuals performing these functions must be pre-approved by the FCA (and PRA where applicable) before they can start in their role.
Core Senior Manager Functions
The following SMFs apply to most SMCR firms (with some variations depending on firm type and tier):
Ultimate responsibility for regulated activities, strategic direction and governance
Executive function in relation to regulated activities at board level
Overseeing compliance function, monitoring regulatory changes
Anti-money laundering oversight, filing SARs, AML/CTF systems
Catch-all for significant areas not covered by other SMFs
Partners with responsibility for regulated activities
Enhanced Scope Senior Manager Functions
Enhanced scope firms must allocate additional, more granular SMFs that reflect the greater complexity and systemic importance of their operations:
Financial resources, regulatory capital, treasury management
Overall risk management, identification, assessment, mitigation
Managing internal audit function with appropriate independence
Leading board, setting agenda, effective governance
Oversight of risk management framework
Financial reporting, internal controls, auditor relationships
Remuneration policies aligned with risk management
Sounding board for Chair, alternative stakeholder channel
Sector-Specific Senior Manager Functions
Certain SMFs apply only to firms in specific sectors:
Actuarial oversight for pricing, reserving, capital
Actuarial oversight of with-profits business
Underwriting strategy and risk management
Operational resilience, IT systems, business continuity
Critical: SMF Approval Timing
Individuals cannot start performing their SMF role until they receive FCA approval. The approval process typically takes 8-12 weeks for straightforward applications but can take significantly longer for complex cases or individuals with regulatory history. Plan your recruitment and succession planning accordingly.
3. Prescribed Responsibilities
What Are Prescribed Responsibilities?
Prescribed responsibilities are specific regulatory obligations that firms must formally allocate to their Senior Managers. These responsibilities cannot be left unallocated and must be clearly assigned in each Senior Manager's Statement of Responsibilities.
Key FCA-Prescribed Responsibilities
Firm's performance of SMR obligations, SoR accuracy, regulatory references
Typically held by: CEO, COO, or Head of HR
Identifying certification functions, annual assessments, maintaining records
Typically held by: CEO, Head of HR, or Compliance
Training on conduct rules, notifying FCA of disciplinary action
Typically held by: Head of HR or Compliance
Maintaining and updating MRM (enhanced firms only)
Typically held by: CEO, COO, or Company Secretary
Policies and procedures for countering financial crime
Typically held by: MLRO or Executive Director
Client money and custody asset arrangements (if applicable)
Typically held by: CFO, COO, or Finance Director
Additional Prescribed Responsibilities for Enhanced Firms
Allocation Rules: Who Should Hold Which Responsibilities
The FCA has clear expectations about how prescribed responsibilities should be allocated:
The person must be sufficiently senior with resources and authority to exercise responsibilities effectively
Certain responsibilities (f, j, k, l, m, n) must be allocated to non-executive directors
Don't assign such a wide range that one individual cannot carry them out effectively
Don't split a prescribed responsibility between several SMF managers with each having only part
Small non-complex firms have more flexibility in how they allocate responsibilities
Statements of Responsibilities
Every Senior Manager must have a Statement of Responsibilities (SoR) that clearly documents:
- The specific aspects of the firm's affairs they are responsible for
- Which prescribed responsibilities have been allocated to them
- Reporting lines and accountability structures
- Any specific limits or conditions on their responsibilities
Statement of Responsibilities Templates
MEMA provides professional SoR templates tailored to different SMF roles and firm types. Our templates ensure you capture all required information while meeting FCA expectations.
Access SoR Templates4. The Certification Regime
What is the Certification Regime?
The Certification Regime requires firms to assess and certify annually that employees performing certain functions are fit and proper to carry out their roles. Unlike the Senior Managers Regime (which requires FCA pre-approval), certification is an internal firm process.
Who Needs to Be Certified?
The specific certification functions vary by firm type. Common examples include:
| Firm Type | Certification Functions |
|---|---|
| Investment Firms & Banks | Client-dealing, proprietary traders, material risk takers, algorithmic trading, CASS functions, benchmark functions |
| Consumer Credit | Credit advice, debt counselling/adjusting, debt collection, customer account operations |
| Insurance Distributors | Advising on insurance, dealing as agent, arranging insurance contracts |
| Mortgage Firms | Mortgage advice, arranging mortgages, mortgage administration operations |
The Annual Certification Process
Firms must certify employees performing certification functions at least annually:
5-Step Certification Process
- 1Identification
Identify all roles that fall within certification functions against SYSC 27 definitions
- 2Assessment
Conduct fit and proper assessment considering competence, honesty/integrity, and financial soundness
- 3Evidence Gathering
Collect qualifications, performance reviews, conduct breaches, complaints, criminal checks, regulatory references
- 4Certification Decision
Appropriate senior person makes the decision with sufficient seniority and independence
- 5Record Keeping
Maintain records for at least 6 years including decisions, dates, decision-makers, and evidence
When Certification Must Be Withdrawn
If a firm determines an individual is no longer fit and proper, certification must be immediately withdrawn:
- Serious conduct rules breaches
- Loss of competence or relevant qualifications
- Integrity concerns or criminal convictions
- Serious customer complaints or poor conduct
- Disciplinary matters
Common Certification Pitfall
Many firms fail to maintain adequate evidence to support their certification decisions. If the FCA reviews your certification process and finds inadequate evidence, your firm could face enforcement action even if the certification decisions themselves were correct. Always document your rationale and retain supporting evidence.
5. Conduct Rules
The Conduct Rules set out fundamental standards of behavior that apply to nearly all employees at SMCR firms. There are two tiers: Individual Conduct Rules (for all staff) and Senior Manager Conduct Rules (additional rules for SMF holders).
The Individual Conduct Rules
Honesty, truthfulness, and ethical behavior in all professional dealings
Breach examples: Falsifying records, misleading customers, dishonest expense claims
Perform role to appropriate standard, maintain competence
Breach examples: Advising on products you don't understand, consistent poor performance
Deal openly with FCA/PRA, respond promptly to requests
Breach examples: Withholding information, providing misleading information
Consider customer interests, ensure fair treatment
Breach examples: Mis-selling products, prioritizing sales targets over needs
Don't engage in market abuse or manipulation (where applicable)
Breach examples: Insider dealing, benchmark manipulation, front-running
The Senior Manager Conduct Rules
In addition to the five Individual Conduct Rules, Senior Managers are subject to four additional rules:
Take reasonable steps to ensure the business for which you are responsible is controlled effectively
Take reasonable steps to ensure compliance with regulatory requirements in your areas
Ensure any delegation is to an appropriate person and that you oversee the delegated responsibility effectively
Disclose appropriately any information the FCA/PRA would reasonably expect notice of
The "Reasonable Steps" Defense
Senior Manager Conduct Rules require "reasonable steps" rather than guaranteeing outcomes. Document key decisions and rationale, establish clear governance, ensure appropriate MI, take prompt action on issues, and maintain oversight records to demonstrate reasonable steps.
Conduct Rules Training Requirements
Firms have a statutory duty under section 64B of FSMA to ensure all staff receive appropriate training:
6. Fit and Proper Assessments
The Fit and Proper Standard
Both the Senior Managers Regime and Certification Regime are underpinned by the concept of "fit and proper." Firms must ensure individuals have:
Honesty, Integrity & Reputation
- Regulatory history
- Employment history
- Criminal record
- Civil proceedings
Competence & Capability
- Qualifications & training
- Relevant experience
- Performance record
- Knowledge & understanding
Financial Soundness
- Bankruptcy/IVA history
- County Court Judgments
- Significant debts
- Conflicts of interest
Due Diligence Requirements
To conduct effective fit and proper assessments, firms should:
4-Step Due Diligence Process
- 1Obtain Comprehensive Information
Application forms, CV, regulatory references (last 6 years), criminal/credit checks, qualification verification
- 2Verify Information
Confirm employment dates, verify qualifications with awarding institutions, follow up on gaps, investigate inconsistencies
- 3Conduct Interviews
Assess competence and knowledge, explore concerns, test understanding of responsibilities, evaluate judgment
- 4Document the Assessment
Record all information gathered, verification methods, decision rationale, who made the decision, any conditions
Regulatory References (SYSC 22)
SYSC 22 requires firms to provide and obtain regulatory references when individuals move between regulated firms. These references must include:
Reference Content Requirements
Ongoing Monitoring
Fit and proper assessment is not a one-time exercise. Firms must continuously monitor through:
For certification employees
Regular reviews and feedback
Tracking breaches, complaints, errors
Ensuring CPD requirements are met
Reassessing when circumstances change
7. Implementation Roadmap
Step 1: Conduct a Gap Analysis
Before implementing SMCR, thoroughly assess your current position:
Step 2: Implementation Timeline
12-Month Implementation Timeline
Appoint project lead, establish steering committee, design governance structure, draft SMF role profiles
Prepare Statements of Responsibilities, create MRM, develop policies and procedures
Conduct fit and proper assessments, submit FCA applications, prepare for interviews
Assess all certification staff, complete first certification exercise, establish annual calendar
Deliver conduct rules training, SMCR awareness training for management
Implement ongoing monitoring, test governance arrangements, refine procedures
Step 3: Essential Documentation Checklist
SMCR Template Library
Access MEMA's comprehensive template library with ready-to-use policies, procedures, and forms tailored to SMCR requirements. Save weeks of documentation work.
Browse SMCR Templates8. Common Pitfalls
Pitfall 1: Incorrect Prescribed Responsibility Allocation
Many firms allocate responsibilities to inappropriate individuals, split responsibilities incorrectly, or leave responsibilities unallocated.
How to avoid it:
- Carefully review SYSC 24 and Annex 1 to understand which responsibilities apply
- Ensure executive/non-executive allocation follows FCA expectations
- Allocate to individuals with genuine authority and resources
- Avoid overloading individuals with too many responsibilities
- Document your allocation rationale
Pitfall 2: Inadequate Documentation
SoRs that copy regulatory language without specifying actual responsibilities
Insufficient evidence to support certification decisions
Not identifying all roles that fall within certification functions
Inability to demonstrate compliance because decisions weren't properly documented
Pitfall 3: Ongoing Compliance Failures
Significant effort on initial implementation but allowing compliance to decay over time
Generic training that doesn't help staff understand what rules mean for their work
Failing to investigate promptly, inadequate disciplinary action, or failure to notify FCA
SMCR documentation becoming out of date when the organization changes
Learn from Others' Mistakes
The FCA has taken enforcement action against numerous firms and individuals for SMCR failures. MEMA's ex-regulator team can help you understand what the FCA focuses on in its supervision and enforcement, helping you avoid the common pitfalls that lead to regulatory action.
Get Expert ReviewKey Takeaways
Implementing and maintaining SMCR compliance is complex, but getting it right is essential for avoiding regulatory action and building a culture of accountability: