Introduction - Senior Managers & Certification Regime: Personal Accountability in Financial Services

The Senior Managers & Certification Regime fundamentally changed individual accountability in financial services. Introduced for banks in 2016 and extended to all FCA solo-regulated firms in December 2019, SM&CR establishes personal accountability for senior leaders and ensures all staff meet conduct standards.

For CEOs and Heads of Compliance, SM&CR means your responsibilities are documented, you're personally accountable for areas under your control, and the FCA can take action against you individually when things go wrong. Recent enforcement actions demonstrate the FCA's willingness to hold senior individuals accountable through prohibition orders preventing individuals from working in financial services and significant financial penalties.

Why SM&CR Matters

Before SM&CR, establishing individual accountability for regulatory failings was difficult. Senior managers claimed they weren't responsible because someone else should have been. SM&CR eliminates this defence by requiring clear documentation of who is responsible for what.

For firms, proper SM&CR implementation provides clarity on responsibilities, reduces regulatory risk through clear accountabilities, and demonstrates appropriate governance to the FCA. For individuals, it means understanding exactly what you're accountable for and ensuring adequate controls exist in areas under your responsibility.

The FCA's supervisory approach increasingly focuses on governance and individual accountability. When control weaknesses are identified, the FCA examines whether the relevant Senior Manager took reasonable steps to prevent or address the issue.

The Three Core Components

The Senior Managers Regime covers individuals performing functions that could result in serious consequences for the firm or its customers. Each Senior Manager must be pre-approved by the FCA and have a Statement of Responsibilities documenting their accountabilities.

The Certification Regime requires firms to certify annually that individuals performing significant-harm functions remain fit and proper. These are roles that could cause significant harm but don't require FCA pre-approval.

Conduct Rules apply to all staff except ancillary staff. The rules require acting with integrity, due skill, care and diligence, being open and cooperative with regulators, and treating customers fairly. Senior Managers have additional conduct rules including taking reasonable steps to prevent regulatory breaches in their areas of responsibility.

Senior Management Functions

The FCA defines specific Senior Management Functions requiring pre-approval. SMF1 covers the Chief Executive with overall responsibility for conducting business. SMF3 applies to Executive Directors other than the Chair or CEO who perform significant influence functions. SMF16 covers Compliance Oversight with overall responsibility for the firm's compliance function. SMF17 applies to the Money Laundering Reporting Officer with responsibility for the anti-money laundering regime. SMF18 covers Other Overall Responsibility for functions not covered by other SMFs but requiring Senior Manager approval.

For payment institutions and EMIs, you'll typically need SMF1, SMF16, and SMF17 at minimum. Depending on governance structure, you may also need SMF3 and potentially SMF18.

Statements of Responsibilities

Your Statement of Responsibilities documents precisely what each Senior Manager is accountable for. This isn't a job description listing tasks. It's a regulatory document defining areas of accountability that the FCA will assess you against if things go wrong.

Statements must include clear description of responsibilities within the firm's governance structure, identification of specific business areas or management functions the individual is responsible for, and prescribed responsibilities where applicable.

Common mistakes include statements that are too vague, copying job descriptions rather than focusing on regulatory accountability, and failing to update statements when responsibilities change.

Senior Managers have a duty of responsibility requiring them to take reasonable steps to prevent regulatory breaches in their areas of responsibility. What constitutes reasonable steps depends on circumstances but typically includes understanding regulatory requirements in your area, ensuring adequate resources and systems exist, implementing appropriate controls and monitoring, identifying risks and escalating concerns, and taking action when issues are identified.

Fitness and Propriety

Before appointing a Senior Manager, you must submit an application to the FCA demonstrating they're fit and proper. The assessment covers honesty, integrity and reputation including any regulatory breaches, convictions, or adverse findings in previous roles. It examines competence and capability based on relevant qualifications, training, and experience. Financial soundness is considered, including outstanding judgements, insolvency, or bankruptcy.

The FCA has 90 working days to assess applications, extendable in complex cases. Incomplete applications or those raising concerns take longer. Individuals cannot perform their functions until FCA approval is granted.

The Certification Regime

For staff in significant-harm roles who aren't Senior Managers, you must certify annually that they remain fit and proper. This means conducting assessments considering their conduct, competence, qualifications, training, and any complaints, disciplinary matters, or regulatory concerns.

Certification isn't a tick-box exercise. You must have evidence supporting your assessment that the individual remains fit and proper.

Regulatory References

When employing individuals in Senior Manager or Certification roles, you must request references from their previous FCA-regulated employers covering at least the past six years. The reference must ask specific questions about regulatory breaches, disciplinary actions, and reasons for leaving.

When you receive reference requests, you must provide full and accurate information. Failing to disclose relevant information in regulatory references is itself a regulatory breach. Recent enforcement actions have targeted firms providing inadequate references.

Consumer Duty and SM&CR

Since Consumer Duty's introduction in July 2023, the FCA expects Senior Managers to demonstrate how they're ensuring good customer outcomes in their areas of responsibility. Statements of Responsibilities increasingly reference Consumer Duty obligations explicitly. Monitoring and management information should evidence consumer outcomes tracking. Senior Managers must demonstrate reasonable steps taken to deliver good outcomes.

The intersection of SM&CR accountability and Consumer Duty requirements heightens personal risk. If poor consumer outcomes result from inadequate oversight in your area of responsibility, you're accountable under SM&CR's reasonable steps requirement.

How Buckingham Capital Consulting Helps

Since 2013, we've helped payment institutions, EMIs, and banks implement and maintain effective SM&CR frameworks that satisfy the FCA whilst remaining proportionate.

We establish SM&CR frameworks from scratch or enhance existing arrangements through identifying required Senior Management Functions for your business, designing clear Statements of Responsibilities that satisfy FCA expectations, implementing the Certification Regime with assessment processes and documentation, training senior management and staff on Conduct Rules and obligations, and preparing governance documentation.

When appointing new Senior Managers, we support the approval process by drafting Statements of Responsibilities that accurately reflect the role and responsibilities, completing Form A applications comprehensively, advising on fitness and propriety assessment and documentation, preparing supporting materials addressing any potential concerns, and managing the application through FCA review.

Your Statements should evolve as your business changes. We review existing Statements identifying gaps, vagueness, or misalignment with actual responsibilities. We update Statements to reflect current structure and accountability, ensure prescribed responsibilities are properly allocated, and align Statements with Consumer Duty obligations where relevant.

We help you build robust assessment processes for both Senior Managers and Certification staff including assessment criteria aligned with regulatory expectations, documentation standards providing evidence of assessments, escalation processes for concerns identified during assessments, and annual certification processes that go beyond tick-box compliance.

All staff must understand and comply with Conduct Rules. We provide tailored training on Conduct Rules covering individual and Senior Manager specific rules, reasonable steps expectations for Senior Managers, practical examples relevant to your business model, and record-keeping satisfying FCA expectations.

We help you establish compliant regulatory reference processes including templates for requesting references covering required information, processes for assessing references received and identifying concerns, procedures for providing references ensuring full and accurate disclosure, and documentation satisfying regulatory requirements.

If you're uncertain whether your current SM&CR arrangements meet FCA expectations, we conduct comprehensive gap analysis assessing Statements of Responsibilities for clarity and completeness, evaluating fitness and propriety assessment processes, reviewing Certification Regime implementation, assessing Conduct Rules training and compliance, and reviewing regulatory reference practices. We provide prioritised remediation recommendations with clear timelines and accountability.

SM&CR isn't a one-off implementation. It requires ongoing attention. We provide retained support helping you manage SM&CR changes as roles evolve, advise on complex accountability questions when responsibilities shift, support annual Certification assessments, and prepare for regulatory review of SM&CR arrangements.

The Bottom Line

The FCA takes SM&CR seriously because it's fundamental to their supervisory approach. When control weaknesses exist, the FCA examines whether Senior Managers took reasonable steps. For your firm, effective SM&CR means clear accountability, better governance, and reduced regulatory risk. For you personally as a Senior Manager, it means understanding precisely what you're accountable for and ensuring you can demonstrate reasonable steps in those areas.

Contact Buckingham Capital Consulting to discuss your SM&CR framework. With over a decade of specialist expertise helping payment institutions, EMIs, and banks implement effective accountability structures, we deliver solutions that satisfy the FCA whilst remaining proportionate to your business.

Email us at info@buckinghamcapitalconsulting.co.uk or call 0207 866 2512