SMCR Explained: The Senior Managers and Certification Regime (2026)
- 4 days ago
- 7 min read

SMCR
The Senior Managers and Certification Regime (SMCR) is the Financial Conduct Authority's framework for individual accountability in regulated financial services firms. It rests on three pillars: the Senior Managers Regime, which places named, personal responsibility on the most senior individuals in a firm; the Certification Regime, under which firms themselves certify annually that staff in significant roles are fit and proper; and the Conduct Rules, a set of basic standards of behaviour that apply across the workforce. Introduced after the 2008 financial crisis to embed personal responsibility at senior levels, SMCR applies to FCA and PRA-authorised firms, and in 2026 it is being reformed to make it more proportionate while preserving its core principle of individual accountability.
This guide explains how SMCR works, who it applies to, the obligations it imposes, and the reforms taking effect in 2026. It is written for senior managers, compliance officers and boards of regulated firms.
The three pillars of SMCR
The Senior Managers Regime applies to individuals who hold Senior Management Functions (SMFs), the most senior decision-making roles in a firm. Each SMF holder must be approved by the FCA before taking up the role, must have a Statement of Responsibilities setting out precisely what they are accountable for, and, in larger firms, features in a management responsibilities map showing how accountability is allocated across the business. Certain Prescribed Responsibilities must be allocated to SMF holders. Underpinning all of this is the Duty of Responsibility: a senior manager can be held personally accountable if a regulatory breach occurs in the area for which they are responsible and they did not take the steps a reasonable person in their position would have taken.
The Certification Regime covers employees who are not senior managers but whose roles could cause significant harm to the firm or its customers, known as certification functions. These individuals do not require FCA approval, but the firm must assess and certify that they are fit and proper to perform their role, at least annually. The Conduct Rules are a set of high-level standards, divided into rules that apply to almost all staff and additional rules that apply to senior managers, covering matters such as acting with integrity, due skill and care, and treating customers fairly. Firms must ensure staff understand the rules that apply to them and must report certain breaches to the FCA.
Who SMCR applies to
SMCR applies to firms authorised under the Financial Services and Markets Act, including banks, insurers, investment firms, asset managers and consumer credit firms, as well as PRA-regulated firms and certain third-country branches. Firms are categorised according to their size and complexity. Most firms are Core firms, subject to the baseline requirements. A small number of large, complex firms are Enhanced firms, subject to additional requirements including a full management responsibilities map and a wider set of Prescribed Responsibilities.
Certain firms with a narrower regulated activity are Limited Scope firms, subject to a reduced set of requirements.
Payment institutions and e-money institutions authorised solely under the Payment Services Regulations and Electronic Money Regulations sit outside the full SMCR at present; their senior individuals are instead approved under the fitness and propriety regime for PSD and EMD individuals. The FCA has stated that it sees value in extending SMCR to the payments and e-money sector, and a future extension would bring these firms within the regime, but any such change requires the Treasury to consult and legislate. Firms in the sector should understand the direction of travel and the good governance practices SMCR embodies, since stronger individual accountability is the clear regulatory expectation regardless of the precise legal vehicle.
The main Senior Management Functions
The specific SMFs that a firm must fill depend on its category and structure, but a number are common. These include the Chief Executive function, the Executive Director function, the Chair, the Compliance Oversight function, and the Money Laundering Reporting Officer function. Each of these roles must be filled by an individual who has been approved by the FCA and who maintains their fitness and propriety throughout their tenure. Enhanced firms have additional functions, including the Other Overall Responsibility function that captures senior individuals with responsibility for a business area not otherwise covered by an SMF.
What SMCR requires firms to do
In practical terms, compliance with SMCR involves a recurring set of activities. A firm must identify all of its SMF roles and ensure each is held by an FCA-approved individual; prepare clear, firm-specific Statements of Responsibilities for each SMF holder, and, where required, maintain a management responsibilities map; operate an annual certification process for staff in certification functions; provide Conduct Rules training and refresh it; carry out and document fitness and propriety assessments, including criminal record checks and regulatory references for relevant individuals; and report Conduct Rule breaches to the FCA where required. The FCA increasingly uses SMCR as an enforcement tool against individuals, with personal fines and prohibition orders imposed on senior managers who failed to take reasonable steps to prevent failures, which makes clear responsibility allocation and documented decision-making essential.
The 2026 SMCR reforms
SMCR is being reformed in phases. The Phase 1 reforms, which the FCA and PRA finalised in 2026, are aimed at making the regime more proportionate and less administratively burdensome without changing its core architecture, and take effect in two stages, on 24 April 2026 and 10 July 2026. Among the changes, the validity period for a new senior manager's criminal record check is extended from three months to six months, firms no longer need to obtain a fresh criminal record check for internal moves within the same firm or group, firms have twelve weeks to submit an SMF application rather than needing approval within that period, and the financial thresholds for being an Enhanced firm are raised by around 30 per cent, with a mechanism to update them periodically, so that fewer firms fall within the Enhanced category. Firms also gain more time to report updates to Statements of Responsibilities, and duplication within the Certification Regime is reduced.
Phase 2, which involves more fundamental change and requires primary legislation, is expected to be taken forward through a forthcoming Financial Services Bill and may in due course move SMCR out of the Financial Services and Markets Act so that more of the regime can be set through regulator rules. Separately, changes tackling non-financial misconduct take effect from 1 September 2026. Firms should keep the reform programme under review, because the detail continues to develop through 2026.
How Buckingham Capital Consulting can help
Buckingham Capital Consulting advises regulated firms on implementing and maintaining SMCR. We help firms identify their SMF roles and firm category, prepare Statements of Responsibilities and, where required, management responsibilities maps, design and run the annual certification and fitness-and-propriety process, and put in place Conduct Rules training and breach-reporting procedures. We also advise firms on the 2026 reforms and on how the proposed extension of SMCR to payments and e-money would affect governance arrangements, so that firms in that sector can adopt the right practices ahead of any change.
If you need to implement SMCR, review your existing arrangements, or prepare for the 2026 reforms, contact our team for an initial assessment.
Frequently asked questions
What are the three parts of SMCR?
SMCR has three components. The Senior Managers Regime places named, personal accountability on individuals holding Senior Management Functions, each of whom must be approved by the FCA, must have a Statement of Responsibilities, and is subject to the Duty of Responsibility for the area they control. The Certification Regime requires firms to assess and certify, at least annually, that staff in roles capable of causing significant harm are fit and proper, without those individuals needing FCA approval. The Conduct Rules are baseline standards of behaviour that apply to almost all staff, with additional rules for senior managers. Together the three parts are designed to embed individual accountability and good conduct throughout a regulated firm.
Which firms are subject to SMCR?
SMCR applies to firms authorised under the Financial Services and Markets Act, which includes banks, insurers, investment firms, asset managers and consumer credit firms, together with PRA-regulated firms and certain third-country branches. Firms are categorised as Limited Scope, Core or Enhanced according to their activities, size and complexity, with Enhanced firms subject to the most extensive requirements. Payment institutions and e-money institutions authorised only under the Payment Services Regulations and Electronic Money Regulations are not currently full SMCR firms; their senior individuals are approved under the separate PSD and EMD individual fitness regime. The FCA has proposed extending SMCR to the payments and e-money sector, but that change requires further consultation and legislation before it takes effect.
What is a Statement of Responsibilities?
A Statement of Responsibilities is a document that sets out, clearly and specifically, the areas of the business for which an individual Senior Management Function holder is personally accountable. Every SMF holder must have one, and it must be kept up to date as responsibilities change. In larger, Enhanced firms, the individual Statements of Responsibilities are complemented by a management responsibilities map that shows how accountability is allocated across the whole firm and how the various responsibilities fit together. Statements of Responsibilities matter greatly in practice because they define the scope of the Duty of Responsibility: if a regulatory breach occurs in an area covered by a manager's statement, that manager may be held personally accountable if they failed to take reasonable steps.
Can a senior manager be personally fined under SMCR?
Yes. One of the defining features of SMCR is that it enables the FCA to hold individuals personally accountable, and the regulator increasingly does so. Under the Duty of Responsibility, a senior manager can face enforcement action, including personal fines and prohibition orders that prevent them from working in regulated financial services, where a regulatory breach occurs in the area for which they are responsible and they did not take the steps a reasonable person in their position would have taken. Recent enforcement has reinforced this trend, which is why clear allocation of responsibilities, documented decision-making and active engagement with compliance are so important for anyone holding a Senior Management Function.
What is changing under the 2026 SMCR reforms?
The Phase 1 reforms, finalised by the FCA and PRA in 2026 and taking effect on 24 April 2026 and 10 July 2026, are intended to make the regime more proportionate without altering its core principle of individual accountability. Key changes include extending the validity of a new senior manager's criminal record check from three to six months, removing the need for fresh checks on internal moves within a firm or group, giving firms twelve weeks to submit an SMF application, raising the Enhanced-firm financial thresholds by around 30 per cent so that fewer firms are caught by the Enhanced regime, and reducing certain reporting and certification burdens. A more fundamental Phase 2, requiring primary legislation, is expected through a forthcoming Financial Services Bill, and separate rules on non-financial misconduct take effect from 1 September 2026.
