UK: Senior Managers And Certification Regime - Are You Prepared?

The Financial Conduct Authority (FCA) published its Final Rules on the extension of the Senior Managers and Certification Regime (SMCR) to all solo-regulated firms in July 20191. All FCA solo-regulated firms authorised under the Financial Services and Markets Act 2000 (FSMA) will, from 9 December 2019, be subject to the SMCR which aims to strengthen individual accountability in financial services. It is therefore a culture and governance issue as much as a compliance and legal issue.

In this article, Sushil Kuner and Simon Stephen summarise the key changes and explore the practical considerations for solo-regulated firms.

Firms should treat the implementation of the SMCR seriously. One of the main purposes of the SMCR is to make it easier for the FCA to bring enforcement action against senior management and other accountable individuals. There is therefore a risk that Senior Managers who have been allocated responsibility for implementation of the SMCR also face potential enforcement action.

To put it into context the FCA's Enforcement Annual Performance Report for 2017/182 highlighted a stark increase in the number of open investigations relating to firms' culture and governance, demonstrating the high priority the FCA is giving to culture and governance issues. As at 31 March 2018, there were 61 such cases open compared to only 15 as at 1 April 2017.

Key changes under the SMCR

New Categories of Firms

The SMCR replaces the FCA's Approved Persons Regime (APR) and already applies to insurers, UK banks, building societies, credit unions, branches of foreign banks operating in the UK and the largest investment firms regulated by the Prudential Regulation Authority (PRA) and the FCA.

The SMCR introduces three categories of firm; Limited Scope, Core and Enhanced. Obligations of firms under the SMCR will depend on what category they fall into.

Most firms are likely to be Core firms, which will have a baseline of SMCR requirements applied.

Broadly speaking, Limited Scope firms will be subject to the fewest requirements under the SMCR and this covers all firms that currently have a limited application of the APR, including limited permission consumer credit firms, Claims Management Companies, sole traders and authorised professional firms whose only regulated activities are non-mainstream regulated activities.

A small proportion of solo-regulated firms will be Enhanced firms due to their size, complexity and potential impact to consumers and financial markets. These firms will be subject to extra rules. Key examples of Enhanced firms include:

  • firms with assets under management of £50 billion or more as a three year rolling average;
  • firms with total intermediary regulated business revenue of £35 million or more per annum, calculated as a three year rolling average;
  • firms with annual revenue generated by regulated consumer credit lending of £100 million or more, calculated as a three year rolling average; and
  • mortgage lenders or administrators (which are not banks) with 10,000 or more regulated mortgages outstanding.

New Categories of Individuals and Controlled Functions

Under the APR, the FCA approves individuals to carry out certain 'controlled functions'. These generally comprise two kinds of Approved Persons; the CF30 or 'Customer' function and the 'Significant Influence Functions' that are carried out by those closely involved in the running of the firm, for example, Directors and those in charge of compliance. Under the APR, Approved Persons are subject to the FCA's Statements of Principles and Code of Conduct for Approved Persons (APER) which set out standards of behaviour the FCA expects of them. They also need to ensure that they meet and abide by the rules laid out in the FCA's sourcebook relating to the Fit and Proper test for Approved Persons (FIT).

The SMCR replaces the APR and creates two new categories of controlled function - 'Senior Management Functions' (SMFs) and 'Certified Functions'.

Senior Management Functions

People who hold a SMF ("Senior Managers") will generally be the most senior people in the firm with the greatest potential to cause harm or impact upon market integrity and will need to be approved by the FCA before starting their role. The FCA has prescribed a number of SMFs and which SMF a firm needs will depend on the category of firm, i.e. whether it is a Limited Scope, Core or Enhanced firm.

The FCA has confirmed that the head of legal function is not a SMF, due to the difficulty in applying the Senior Managers Regime to lawyers as a result of restrictions arising from legal privilege. Those performing this function will instead be subject to the Certification Regime and Conduct Rules (see below).

Every Senior Manager will have a 'Statement of Responsibility' which will need to clearly set out what the Senior Manager is responsible and accountable for. These will need to be sent to the FCA when applying for the Senior Manager to be approved under the SMCR. Senior Managers will also have 'Duty of Responsibility' under FSMA.

Core and Enhanced firms will also be subject to certain 'Prescribed Responsibilities' which are in addition to the inherent responsibilities that are an essential part of a Senior Manager's role. The FCA prescribes these responsibilities to ensure that a Senior Manager is accountable for key conduct and prudential risks. Notably, the Prescribed Responsibilities include accountability for the performance by the firm of its obligations under the Senior Managers Regime, including implementation and oversight, and performance by the firm of its obligations under the Certification Regime.

Certified Functions

A Certified Function will be held by any employee whose role means that it is possible for them to cause significant harm to the firm or its customers. The FCA has prescribed the various Certification Functions and not all of those will apply to all firms; firms will only be required to apply those that are relevant to their business. Unlike the SMFs, holders of a Certified Function will not require pre-approval from the FCA. This will apply to the current APR CF30/Customer Function such that they will no longer require approval from the FCA. Instead, firms will need to check and confirm ('certify') that these individuals are fit and proper to perform their role at least once a year, and issue them with a certificate allowing them to perform the 'Client Dealing Function' once satisfied of their fitness and propriety.

Firms will therefore need processes in place to ensure that those responsible for certification are promptly made aware of anything which may impact the assessment (including a breach of the Conduct Rules).

It should be noted that in its recent Policy Statement 19/20, the FCA made clear that the scope of the Client Dealing Function excludes an individual who has no scope to choose, decide or reach a judgement on what should be done in a given situation and whose tasks do not require them to exercise significant skill.

Conduct Rules

Senior Managers and Certified Functions will have to continue to abide by the rules contained in FIT as to fitness and propriety, Under the SMCR the scope of conduct rules is, however, much broader. All of a firm's employees, including SMFs, Certified Functions and Non-Executive Directors, but not ancillary staff (e.g. receptionists), will need to comply with the FCA's Code of Conduct for Staff Sourcebook (COCON). So, for example, all employees (and not just the senior management) will need to comply with the obligation to treat customers fairly.

This therefore establishes a new set of minimum standards of individual behaviour in financial services. All employees - whether conducting regulated or unregulated activities - may therefore be held to account by the FCA. Internal consequence management will need to take this into account and firms will need to be able to report on conduct breaches internally as well as to the FCA.

Breaches of conduct rules are also likely to have to be reflected in regulatory references (including updating references already given when subsequent breaches are uncovered). This includes references requested for employees moving from a non-certified role to a certified role - further demonstrating the need for accurate tracking and linked up processes.

Summary Key Final SMCR Requirements for solo regulated firms

The table below summarises the key final SMCR requirements for each category of solo regulated firm, from a practical perspective.

Final SMCR Requirements for Solo Regulated Firms Enhanced Core Limited Scope
Senior Managers Regime
Pre-approval by the FCA of SMFs, except to allow cover for an SMF where the absence is temporary or unreasonably unforeseen and the appointment is for less than 12 consecutive weeks
Assessment of fitness and propriety before application to the FCA for approved of an individual as an SMF
Annual assessment of fitness and propriety of SMFs
Criminal record checks before application to the FCA for approval of an individual as an SMF3
Regulatory references to be obtained before appointing an individual as an SMF and to be given where another FCA authorised firm makes such a request4
Statements of responsibilities for each SMF holder [N.B. these must be submitted as part of any application to the FCA to approve an individual as an SMF. It should be updated after any approval when there has been any significant change in the responsibilities of the SMF
Allocation of certain prescribed senior management responsibilities among SMFs  
Criminal records checks before the appointment of any board director who is not an SMF  
An up-to-date comprehensive Responsibilities Map to be maintained which describes a firm's management and governance arrangements    
Ensuring that, at all times, one or more of a firm's SMFs has overall responsibility for each of the activities, business areas and functions of the firm    
Ensuring that a person becoming an SMF has all the information and material that they could reasonably expect to have to perform their responsibilities    
Certified Functions
Ensuring that any employee performing a certification function is issued with a certificate before performing that function5.
Annual renewal of certificates for all employees continuing to perform certification functions6
Assessment of fitness and propriety before issuance or renewal of certificates for certified functions7
Regulatory references to be obtained before appointing an individual to perform an FCA certification function, and to be given if asked by another firm making such a request8
Reporting information to the FCA about the firm's Directory Persons, including its certification employees
Conduct Rules
COCON directly applies to firms' employees, other than ancillary staff
Breaches of COCON to be reported to FCA
Sufficient notification to all persons subject to COCON of the rules that apply to them
All reasonable steps taken to ensure that all persons subject to COCON understand how COCON applies to them

Transitional arrangements - automatic conversion

Individuals at Core and Limited Scope firms (including branches) will be automatically converted wherever possible, with no action required by firms. As such, all firms should consider whether any changes to their current approvals are required ahead of the Commencement Date. If there has been no substantive change in a currently approved individual's role before and after the Commencement Date, firms will not have to apply for re-approval. Individuals who are not currently approved, or require additional approvals, will need to apply for each new SMF.

Enhanced firms will need to notify the FCA who they want to assign to the new SMF regime, but they will not have to re-apply for approval if the proposed SMFs can be mapped directly from the APR.

The FCA has specified, for all firms, which current controlled functions under the APR may be mapped across to the SMCR. These differ depending on whether the firm is a Limited Scope, Core or Enhanced firm.

Next Steps & Implementation Dates

All affected solo-regulated firms will move to the SMCR from 9 December 2019 ("the Commencement Date"). By the Commencement Date, all solo-regulated firms will have to:

  • identify the classification of their firm;
  • identify who the Senior Managers will be;
  • ensure that each of the firm's Senior Managers has a Statement of Responsibilities;
  • identify their Certified Function holders, although they will have a period of 12 months from the Commencement Date to complete the initial certification process;
  • train any Senior Managers and Certified Function holders on the Conduct Rules contained in COCON ensuring that they understand how the rules apply to their roles (although firms will have a period of 12 months to train all other staff on conduct rules);
  • ensure that the annual fitness and propriety checks for Certified Function holders and Senior Managers fit into the firm's existing HR and other processes;
  • assess how the new criminal records checks and regulatory reference requirements fit into the firm's existing recruitment processes;
  • ensure that they have the appropriate processes to obtain criminal records checks for new Senior Managers and confirm the firm is registered with the DBS, Disclosure Scotland or Access NI (as relevant);
  • ensure that they have the appropriate processes in place to obtain and provide regulatory references; and
  • identify who the firm's ancillary staff are (i.e. to whom the Conduct Rules do not apply).

In addition to the above, Core firms will need to:

  • determine whether any changes need to be made to any existing approvals, or add new ones, ahead of conversion;
  • determine whether the firm has a Chair. If so, they will need to determine whether the Chair is Executive or Non-Executive. It they are a Non-Executive Chair of a governing body, the firm will need to submit a Form K to convert that individual from CF2 (Non-Executive Director) to SMF9 (Chair) under the new regime. Executive Chairs will need to apply for the SMF9 function using Form A;
  • understand which forms are required, to amend approvals where appropriate;
  • identify which of the current Approved Persons will no longer be approved; and
  • allocate certain FCA Prescribed Responsibilities applicable to their firm to the relevant Senior Manager and clearly include them within their Statement of Responsibilities.

Enhanced firms will have higher duties and in addition to responsibilities to responsibilities of Core firms, should:

  • check that the firm and individual details are correct. It any changes need to be made, the relevant form should be submitted on the FCA's Connect portal;
  • determine whether any existing approvals need to be amended, or new ones added, ahead of conversion;
  • ensure that each activity, business area and management function has been allocated to a Senior Manager under the Overall Responsibility requirement;
  • ensure that appropriate handover procedures are in place;
  • prepare and submit to the FCA the following documents using Connect:
    • a Form K notifying the FCA of which currently approved individuals should be converted to a mapped SMF;
    • a Responsibilities Map; and
    • a Statement of Responsibilities for each of the firm's Senior Managers (a failure to submit these documents by the deadline will mean the firm is in breach of the FCA's rules and may result in action being taken by the FCA).

It should be noted that Form K must be submitted by 23.59 on 24 November 2019 and that it is already available on the FCA's Connect portal.

Senior Management Functions will appear on the FCA's Financial Services Register on 9 December 2019. Therefore, on or shortly after 9 December 2019, firms should check the FCA Register to ensure they have the correct Senior Management Functions.

Practical Considerations

There is much that firms need to do in order to comply with the SMCR and as such, firms should do what they can, as early as they can, to be ready. This means that many firms will, in practice, need to overhaul their internal procedures to ensure that, not only do they reflect the SMCR and COCON, but that they are joined up and aligned. SMCR is also not just a 'compliance' issue but is something the whole firm will need to be part of. For example, information relating to misconduct investigations or disciplinary sanctions will need to feed into both the certification and reference processes.

MI is a key part of managing conduct risk and Senior Managers will also need to be suitably informed with relevant data and information in order to carry out their duties. Firms should review how MI is tracked and reported.

Firms will also need to think about how to create a culture of accountability. Senior Managers will play a key role with the 'tone from the top' and leading by example and firms should plan how this would work within their culture.

Some of the practical considerations for firms include:

  • reviewing job descriptions and contracts to ensure they reflect the new regime (for example updating contracts of employment for Senior Managers);
  • allocating responsibility for the implementation of the SMCR to a Senior Manager;
  • establishing a working group, across all stakeholders, and creating a project plan;
  • reviewing policies and procedures, ranging from reference and disciplinary processes to regulatory reporting procedures;
  • developing training for all staff in respect of their obligations under COCON; and
  • having a clear and transparent consequence management process.

If you are affected by the SMCR, now is the time to start planning for implementation. We would be delighted to advise you on how the SMCR applies specifically to your business, how to practically implement it and to review all relevant firm policies and procedures to ensure they are compliant under the new regime.


[1] FCA Policy Statement PS19/20 - 'Optimising the Senior Managers & Certification Regime - Feedback to CP19/4 and Final Rules' dated July 2019

[2] FCA - Enforcement annual performance report 2017/18

[3] This requirement does not apply to sole traders without employees

[4] The obligation to ask for regulatory references does not apply to sole traders without employees

[5] This does not apply to internally managed Alternative Investment Funds and certain firms that only carry out benchmark activities

[6] This does not apply to internally managed Alternative Investment Funds and certain firms that only carry out benchmark activities

[7] This does not apply to internally managed Alternative Investment Funds and certain firms that only carry out benchmark activities

[8] This requirement does not apply to sole traders without employees

Read the original article on

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions