Vero Hero

What Is The SMCR?

The Senior Managers & Certification Regime (“SMCR”) has replaced the  Approved Persons regime of the FCA and marks a paradigm shift in the UK financial services industry.

The SMCR is a regulatory framework for the conduct and responsibility of key personnel. It is an FCA/PRA regulation concerning governance and has two core aims:

  • Encourage a culture where staff at all levels take personal responsibility for their actions; and
  • Make sure firms and staff clearly understand and can demonstrate where responsibility lies.

The SMCR emerged from the global financial crisis to provide more prescriptive regulation of employee conduct and expertise, reduce harm to customers, and enhance the stability of the market.

Key changes for SMCR:

Senior Management Functions
The Senior Management Functions (SMFs) designated by the FCA or PRA will replace Controlled Functions (CFs) currently in use under the APR. Companies will generally have fewer FCA-designated SMFs than CFs under SMCR.
Criminal Record Check Requirement

The APR already needs criminal record checks on potential senior managers to be carried out. This will also extend under SMCR to NEDs that are not senior managers where they already have a fitness requirement.

New Regulatory Reference Requirements
Under SMCR, companies wishing to appoint someone to a senior manager or accredited position must ask the past employer(s) of the candidate for a regulatory reference. That condition also extends NEDs to all non-senior Managers. The criteria draw on current organisational commitments to provide all relevant information to the recruiting firm’s fit and proper evaluation.
New regulatory notification duties
SMCR introduces new notification standards for performing breaches of laws that businesses will need to represent in their regulatory notification policies.
Conduct rules will apply to most staff
Under SMCR, regulators may apply enforceable standards of conduct to all non-company employees employed in a business.

Staff need to be educated on the rules of conduct, and the job should be adapted to the training. Senior managers and qualified individuals will need to be trained by the new regime’s start date, while companies have 12 months to provide training to all other workers from the outset.

New Certification Regime
The Certification Regime replaces the Approved Person Regime (APR). It allows businesses to designate any person who performs a role that could cause significant harm to the business or its customers as ‘fit and proper.’

Regarding Solvency II remuneration purposes, companies will already have defined material risk-takers. The FCA and PRA have a list of qualification functions for each detail. The FCA has a broader definition of credential features than the PRA. Organisations need to be aware of the various meanings of significant harm feature for PRA and FCA.

When established, organisations will determine the suitability and appropriateness of accredited persons at recruitment as well as annually and issue a certificate. Organisations have a year to carry out the first tests from the start date.

An expanded list of Prescribed Responsibilities
Some of the prescribed responsibilities were updated by the PRA and additional prescribed responsibilities defined by the FCA. The revised and updated assigned duties will need to be reviewed by organisations and delegated to suitable senior managers.
Responsibilities Maps
Governance maps provided under APR for Solvency II companies and broad NDFs will be called “maps of responsibilities.”
New Handover Requirement
SMCR will require Solvency II firms and large Non-Directive Firms (NDFs) to take all reasonable steps to ensure that senior managers receive the information and materials that they could reasonably expect to fulfil their responsibilities effectively. They also need the policy to explain how to do this and keep records of the steps taken.
Statements of Responsibility
Under SMCR, the document’ Scope of Responsibilities’ required under APR will be called ‘Responsibility Statement’ and will need to include a complete description of duties.
New’ Duty of Responsibility’
SMCR introduces a statutory requirement for senior managers to take reasonable steps in their areas of responsibility to deter regulatory violations. If an organisation violates a regulatory provision, the Senior Manager responsible for the area where the violation occurs may be liable for enforcement action when they fail to take “reasonable steps” to prevent the breach from happening or continuing.
Amended scope to the Compliance Oversight Function
The role of Compliance Oversight has been extended to cover all regulatory requirements of FCA. The new Compliance Monitoring role of the FCA applies only in relation to specific sections of the FCA Handbook to life insurers. Under SMCR, all insurers will be subject to the Compliance Inspection mechanism for all regulatory system requirements for which the FCA is responsible.

What Businesses Are Affected By The SMCR?

AdobeStock 71257604 finance SMCR compressed

The Senior Managers & Certification Regime (SMCR), implemented by the Financial Conduct Authority (FCA), has the potential to affect over 47,000 financial services companies in the UK.

Failure to comply could have significant implications for both individuals and organisations. SMCR is primarily applicable to the banking sector (though it now covers all FCA regulated firms) and has been implemented as a means of creating greater individual accountability for those employed within financial institutions. SMCR is expected to have a significant impact on regulated firms’ HR processes. As they become solely responsible for their staff, it will change the risks associated with those individuals working in senior management roles as well as the way their team and even the principles of the organisation, are handled.

SMCR for Financial Services, Banking Sector & Investment Firms

The expansion of the SMCR to all financial services firms–large investment firms, insurers and those participating in shadow banking– enhances personal responsibility for senior managers, and provides a more efficient and proportionate means of raising standards of conduct for key staff more generally, backed by comprehensive enforcement powers for regulators.

The expanded SMCR will have an impact on a complex and wide range of companies with different business models and systems of governance. The FCA has therefore suggested a proportionate and flexible approach; separating the criteria of SMCR into the categories ‘Bound,” Core’ and’ Enhanced.’

SMCR for Insurance Companies

On December 10 2018, the SMCR was extended to insurers to replace the Senior Insurance Managers Regime (SIMR) of the PRA and the Approved Persons Regime of the FCA. The extension ensures that insurers are subject to provisions of the SMCR that were not previously applied to them, such as the Certification Regime, handover procedures and the statutory liability obligation. Therefore, almost all insurance workers are now subject to the Conduct Rules.

SMCR for All FCA Regulated Firms

By extending the SMCR to all FSMA licenced firms, the FCA is transforming the individual accountability regime for firms as diverse as large asset managers, mortgage providers and investment firms through crowdfunding platforms, consumer credit firms and single traders.

To take into account the variations to scale, complexity and potential effect on customers or markets, the FCA has introduced a three-tiered structure that distinguishes between ‘core firms’ that will be subject to a standard set of SMCR requirements; ‘enhanced firms’ whose size, complexity and potential impact requires the implementation of additional requirements; and ‘limited scope’ firms that will be subject to a reduced set of requirements.

Under the SMCR “Fit & Proper” Rules apply to:

  • Senior Managers

This covers anyone who undertakes a Senior Management Function. Each senior manager will have a Duty of Responsibility and a Statement of Responsibility, but there is no need for a responsibilities map or handover procedures.

  • Certified Persons

This covers people who are not senior managers but whose job means they can cause significant harm to the firm or its customers. For example, algorithmic trading, client dealing, financial modelling etc.

  • All Staff Under Conduct Rules

These basic rules apply to all employees except ancillary staff who do not perform a role-specific to financial services. There are five high-level obligations which apply to all, and an additional four duties for senior managers.

How Does the FCA Monitor Regulatory Compliance With The SMCR?

To assess the impact of the SMCR on a company and its employees, the first step is to decide whether the company is a Core, Enhanced or Limited Scope organisation. Many companies are going to be core firms. Identifying the existing roles and responsibilities of workers will be the next step. Then a company can map its setup to the SMCR specifications with this knowledge. The final piece in the puzzle is to address any discrepancies or issues that may occur.


The FCA can help with compliance monitoring and assurance to the board that the firm is operating within a compliant framework. Some of the services commonly provided include:

  • initial risk assessment
  • business development
  • help with procedures
  • file audits
  • technical support
  • training, and
  • professional indemnity insurance (PII) cover

Achieving SMCR compliance

We believe that there are five key points that firms should remember when implementing their SMCR compliance plan:

  • From the very beginning and throughout, include the human resources and legal departments in the implementation plan as the regulations influence the roles and responsibilities of all employees. This will help ensure that the specifications are integrated into the annual HR process, particularly when it comes to harmonising job descriptions.
  • Implement processes and controls that are necessary. The rules of conduct extend to all employees (with the exception of ancillary staff) and are intended to improve individual behavioural standards. To do that, businesses need to have sufficient training and communication programmes so that workers are informed and trained on how the rules of conduct apply to them.
  • Overcoming structural impediments as the law keeps senior managers responsible, ensuring they will have to resolve the organisational difficulties of supervising their staff and tracking their actions and activities more closely. Within SMCR, there is no shirking of accountability.
  • Identifying accountability and determining who’s responsible for what takes time to work out. This also includes mapping and constant monitoring of employees’ roles. The role is often misunderstood because some of the duties assigned by the Senior Manager Regime need to be shared or broken together, more often than not, which takes time to decide, sign up and register.
  • Finally, think about creating a reasonable steps framework to support compliance with the Senior Managers Regime by evidencing the reasonable steps they take in discharging their duties, monitoring delegations, and other aspects of their roles that require evidence. This way, if the FCA investigates an issue, the firm and the employee can quickly provide their evidence and hopefully avoid a drawn-out investigation.

What Defines A Regulatory Breach In Terms Of “Fit & Proper” Assessments?

FIT sets out a wide range of factors that the FCA will expect firms to take into account in their fitness and propriety assessments. Those factors are grouped as follows:

  • honesty, integrity and reputation;
  • competence and capability;
  • financial soundness.

There are, as well, other rules that all firms need to follow. All firms must:

  • Have a process that ensures annual re-certification of fitness and propriety of affected staff (whether as part of the firm’s usual annual appraisals or as a separate process);
  • Ensure disciplinary procedures are updated or designed to ensure that any qualifying issue or incident is captured and that the firm follows the relevant process to notify the FCA;
  • Ensure procedures (including recruitment procedures) are updated or created to ensure that the firm can comply with the requirement to provide information on disciplinary procedures, etc. where applicable, for regulatory references.

Any instance in which the above rules aren’t applied would constitute a Regulatory Breach in Terms Of “Fit & Proper”. In the context of the fit and proper test, this mentions’ sanctions for discrimination, harassment or sexual misconduct’ in the same sentence as ‘criminal conviction’, and also spells out the regulator’s view that sexual harassment and other forms of non-financial misconduct can amount to a breach of the FCA’s Conduct Rules including the requirement to act with integrity.

How are notifications of non-compliance made to the FCA?

If you think a firm or individual is involved in wrongdoing within an area the FCA regulates, and you want to report it confidentially, contact their whistleblowing team.

You can either use any existing procedures in your firm, or you can contact them:

  • call: +44 (0)20 7066 9200 during office hours or leave a message
  • email:
  • write to: Intelligence Department (Ref PIDA), Financial Conduct Authority, 12 Endeavour Square, London, E20 1JN

Contact the PRA for any wrongdoing related to prudential issues in a PRA-regulated firm.

What action can the FCA take?

The Financial Conduct Authority’s (FCA) enforcement powers include the right to impose a penalty on a company or individual and make a public statement. It also has the authority to investigate and take disciplinary action. Therefore, the FCA has the power to launch criminal proceedings.

Responsibilities Of Human Resources & SMCR Screening

There are numerous obligations and requirements under the SMCR, one of which is to ensure employees are fit and proper to conduct their role within the business.


At Vero, we are working with clients to advise how firms can use a robust employment screening policy to assess whether an individual can be considered ‘fit and proper to perform a role’ in the context of the SMCR.

The main component of the SMCR in relation to employee screening is the expectation that organisations will take appropriate steps to satisfy themselves that individuals and employees are ‘Fit and Proper’ to perform critical roles within the business. Conducting robust background screening checks is a crucial aspect of the ‘Fit and Proper’ assessment process as it enables clients to be confident:

a) the information they provide in applications for Senior Management Functions is accurate and truthful;

b) the screening of Certified Persons adequately meets their obligations to self-regulate.

The Human Resources department should be responsible for:

  • Regulatory Compliance Through Effective Screening
  • Mandatory Requirements
  • Best Practice and Sector Benchmarking
  • Operational Aspects Of SMCR Compliance
  • Handling Employee References
  • Screening Non-Executive Directors
  • Form A Submissions
  • Mirroring Checks Internationally
  • Screening Employees Outside the UK Who Fall Under The SMCR
  • Ongoing Monitoring

Vero’s SMCR Screening Services

Giving you the tools you need

The Vero Difference

Our relationship with you and your employment candidates is underpinned by our open approach and robust processes. Every aspect of our service has been carefully designed to deliver a personalised, positive experience for business leaders, hiring managers and HR teams alike.

We are experts in employment screening and have been working as trusted partners to HR teams for over 20 years. With specialists in compliance, human resources, digital technology and more, our knowledge, expertise and in-house technology will protect you from risk, giving your candidates the best possible experience and ensuring you can have confidence in every appointment you make.

Our SMCR Screening Services include:

  • Financial integrity (credit) checks
  • Financial services register checks
  • ID document checks
  • SMCR regulated employment references – 6 years
  • Professional qualifications checks
  • UK criminal record checks
  • Directorship searches
  • Compliance database checks
  • Adverse media searches
  • Gap analysis
  • Highest education