What you need to know about the UK’s Senior Managers and Certification Regime (SM&CR)
What is the SM&CR?
SM&CR, standing for Senior Managers and Certification Regime, was introduced by the Financial Conduct Authority (FCA). It has been in place since 2016, applying to banks, building societies, credit unions and investment firms designated by the Prudential Regulation Authority (PRA), and later insurance companies and solo-regulated firms.
The reason this regime was put into place was to reduce harm to consumers. The industry wanted to strengthen their trust, integrity, and transparency with consumers by introducing greater accountability on conduct and competence. A UK regulatory framework, the SM&CR introduces these concepts as requirements in regulated firms.
This is primarily in response to the 2008 banking crisis which uncovered conduct failings and an overarching lack of oversight which allowed these failings to occur. Due to these events, the Parliamentary Committee on Banking Standards made recommendations which motivated this regime.
The SM&CR consists of three components:
- Senior Managers Regime: Introduces FCA or PRA approval for people in senior roles.
- Certification Regime: Covers specific non-senior functions that can impact customers or the firm.
- Conduct Rules: Sets minimum standards for individual behaviour in financial services organisations.
SM&CR progress and reception
SM&CR has caused a significant regulatory change in the financial services industry. It touches on important themes which have had a light shone on them across the globe in recent years.
The SM&CR regulation placed the UK in a leading position in terms of individual accountability and is now an integral part of regulatory governance for financial firms. Since its introduction to the UK in 2016, other regions have introduced, or are creating, similar regimes. Examples include:
- Ireland – Individual Accountability Framework (IAF) and Senior Executive Accountability Regime (SEAR)
- Singapore – Individual Accountability and Conduct (IAC) guidelines
- Australia – Financial Accountability Regime (FAR)
The Edinburgh reforms and SM&CR review
There have been several reviews and check-ins over the course of the regime’s implementation, but the most recent has been the most thorough. In 2022, as part of the Edinburgh Reforms, the government issued for a call for evidence, while the FCA and PRA began to perform their own reviews.
The purpose of these reviews is to understand what key stakeholders think of the outcomes, effectiveness, scope, and proportionality of the regime. The results will inform changes and improvements to the regime, to help firms implement it better.
General feedback so far has been that the outcomes of SM&CR are positive. Organisations and key stakeholders, such as Andrew Bailey, believe that the regime is having its intended effect. Good consumer outcomes are being prioritised, and conduct has improved across organisations.
In principle, SM&CR has shown to be very effective towards its aim.
There is, however, negative feedback about the scope and proportionality of the regime. The two primary criticisms of SM&CR have been that:
- The bureaucratic side of the administration is a manual burden which some organisations are finding it difficult to adhere to due to resource.
- There is a lack of proportional differentiation in requirements between large and small organisations, or those with greater or less inherent risk, which is compounding the administrative burden.
SM&CR framework: key details
1. SM&CR Senior Managers Regime
The main action here is that senior managers must be approved as fit and proper (F&P) by their firm and the relevant regulators. Most importantly, this must happen before senior managers are appointed. An F&P review will look at a) honesty, integrity and reputation, b) competence and capability, and c) financial soundness.
The other important change is that senior manager responsibilities must be clear and understandable to support good accountability. This should be achieved through a Statement of Responsibilities (SoR), which includes responsibilities inherent to their role as well as mandatory prescribed responsibilities (PRs). SM&CR prescribed responsibilities consist of high-level duties that the senior manager must have oversight of, such as policies for countering financial crime risk.
2. SM&CR Certification Regime
With SM&CR certified persons, individuals performing a significant harm function must be assessed and certified based on F&P on appointment and on an annual basis (or when the role changes). This applies to any person whose role might relate to regulated activities or has a risk of causing harm to customers or the firm.
It’s worth noting also that the F&P requirements, although following the same principles as previous iterations, have been enhanced within SM&CR. The onus is on the firm to ensure certified persons are kept up to date and certified at least once a year.
Certified persons do not require approval from the regulators. Senior managers who also perform a certifiable role that is separate to their senior management function (SMF) must additionally be certified under this regime.
3. SM&CR Individual Conduct Rules
The conduct rules under SM&CR outline fundamental standards which individuals must uphold. Once again, senior managers have additional and more specific rules which apply to them.
- You must act with integrity
- You must act with due skill, care, and diligence
- You must be open and co-operative with the FCA and the PRA and other regulators
- You must pay due regard to the interests of customers and treat them fairly
- You must observe proper standards of market conduct
- You must act to deliver good outcomes for retail customers
Senior manager rules:
- You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively
- You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system
- You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively
- You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.
Firms are responsible for providing the appropriate training and support for their individuals to meet these standards. They must also take appropriate disciplinary action and inform the FCA of this if it occurs within seven days.
Solutions for SM&CR – how can you implement and systemise?
Based on the feedback so far, organisations need a solution that will reduce the administrative burden of SM&CR. Without one, they are at risk of not complying with key requirements simply due to resource or visibility issues.
Individual regulatory compliance software for SM&CR will enable organisations to systemise their SM&CR framework processes and more easily manage their compliance.
Tools such as digital versioning, templated workflows, and automated submissions will enable organisations to cut down their workload significantly. Other features such as alerts when certifications are due, statements of responsibilities, hierarchy mapping, and more will reduce organisations’ risk of something slipping through the cracks. These features ensure individuals are aware of, and equipped to uphold, their accountability, while also giving firms oversight over their regulated populations and their individuals’ status.
As firms continue to improve upon their SM&CR processes, here are some tips:
- Provide regular training on updates and best practice for your staff
- Use digital tools to create best practice frameworks that empower good conduct
- Ensure your SM&CR framework aligns with your overarching governance framework
- Review job descriptions regularly
- Upload and update management responsibilities maps, hierarchy maps, and job descriptions into a central tool
- Analyse global population and individual compliance views together
- Consider individuals functioning overseas or in other regulated jurisdictions
Trailight – individual regulatory compliance software for SM&CR
Trailight enables people to manage accountability with a purpose-built SM&CR compliance solution for financial services. Our individual regulatory compliance platform pulls all the elements of individual accountability, culture and conduct, performance, and global requirements together.
With a unified platform, you can easily see all individual activity and manage compliance from a single place. From automation to digital versioning to systemised requirements, our tools enable you to implement best practice easily and drive cultural change from your people up.
Download the Trailight brochure for more information
What is the proportionality for SMCR?
SM&CR is designed to account for different business structures and includes some proportionality elements, including:
- Solo-regulated firms include three categories of SM&CR firms – Core, Enhanced, and Limited Scope. Some SM&CR rules apply differently to each of these categories, and each have different levels of requirements.
- There is a reduced list of prescribed responsibilities for smaller deposit-taking firms and insurers.
- Banks, building societies, and insurers are not required under PRA rules to have more than three senior managers (Chair, CEO, and CFO).
However, the latest reviews for SM&CR have shown that organisations feel these measures are not enough and more proportionality is required.
What is the SMCR enhanced firm criteria?
The enhanced firm criteria are defined as firms that are;
- Significant investment (IFPRU) firms, or;
- Firms that are large CASS firms, or;
- Firms with assets under management of £50 billion or more (at any time in the last three years calculated as a three-year rolling average)
How is a firm’s criteria determined?
The FCA will assign a firm’s criteria through an assessment. If a firm disagrees with this conclusion following their own assessment of their tier, they can inform the FCA.
How do I check if someone is FCA registered?
Individuals can find registered financial services firms in the Financial Services Register. This lists all firms and individuals who are involved in regulated activities.
What is an FCA individual reference number?
An individual reference number (IRN) is a unique identifier for each individual currently registered by the FCA and PRA. Individuals can find this on the register and can edit firm details once registered.
Who needs to be certified under SMCR? And when should senior managers be certified?
The most senior people in your organisation, who perform key SMFs, need approval before beginning their roles. This certification needs to be reviewed, updated and submitted annually, if not more regularly. These applications take roughly 90 days to be approved.
Remember, certified persons can fall outside of the senior managers functions, and senior managers may need to be certified for this area of responsibility also.
How does Certification Regime differ from Approved Persons?
Staff who were subject to Approved Persons no longer need to gain approval from the FCA. Instead, it is the firm’s responsibility to assess a person’s F&P and certify them on a regular basis.
What is the 12-week rule?
The new regime allows someone to cover for a senior manager without being approved, as long as the absence is temporary or unforeseen, for up to 12 weeks.
Can a senior manager hold multiple SMFs?
In some cases, senior managers can have more than one SMF. This will be determined by the organisation’s governance structure and need for this. In this case, senior managers will only need one SoR but it must encompass the multiple functions.