The Senior Managers and Certification Regime (SM&CR) has been part of the regulation of the UK financial services sector for a number of years. This was implemented initially in the banking sector in 2016 and rolled out fully to Insurers in 2018. It has attracted criticism as being unwieldly, inappropriate and deterring people from assuming roles of responsibility, stifling both progression and succession within an organisation.
Following a review of SM&CR, HM Treasury (HMT), the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) have released their proposals for reform which are now open for consultation until 7 October 2025. These are aimed at improving the efficiency of the regime and address ways in which it can be improved generally whilst ensuring that the integrity and safety of the UK’s financial system remains uncompromised.
Although the Regulators’ overall view is the regime has been successful (which reflects the FCA’s finding from its review in 2019), the proposals seek to reduce some of the administrative burdens associated with it with a view to boosting growth of the financial services sector. The PRA and FCA propose amending their rules and guidance following the consultation, whilst HMT will look to legislative change by amending the Financial Services and Markets Act 2000 (FSMA) to provide further powers to the regulators to adapt SM&CR requirements going forward.
Should legislative change be enacted, the FCA has confirmed that additional reform will be considered such as modifying the process to report conduct breaches.
Proposals
The main proposals include terminating Certification Regime (CR), improving the approval process for Senior Management Functions (SMF) and removing certain ‘Statement of Responsibilities’ (SoR), as well as adapting the so-called ‘12-week rule’ by which a person may be temporarily appointed as SMF without approval from the relevant regulator.
Terminating CR – HMT proposes to remove the CR and replace the annual ‘fit and proper’ test with a more flexible and proportionate regime. Generally, not all firms have certification functions (particularly smaller organisations). Although arguably some of these functions are important, for example CASS oversight and algorithmic trading, there will be concern that in effect this imposes a higher test.
Improving the SMF approval process. Where identified as low risk, HMT proposes removing regulatory pre-approval, and for firms to conduct checks themselves reducing the administrative burden. The FCA has proposed to reduce the complexities of the application form, whilst the PRA proposes to update its guidance on the same to make it easier for firms to go through the assessment process. These proposed changes sound helpful, but the issue for many is whether there will be better reasoning given for refusal of applications and if the processing period is made quicker.
Removing certain SoR requirements. It is proposed there be greater flexibility on how firms draft SoRs. The emphasis here is on proportionality, with the understanding that it is common for employees to have overlapping responsibilities with other functions of the business. Where a firm is solo-regulated, the FCA proposes that updated SoRs are to be submitted every six months (rather than every time there is a change). In our experience, this has been an area of difficulty for may firms and the easing of administrative burden in this regard is clearly helpful to the industry.
However, the PRA does not propose providing as much flexibility for firms that are dual regulated and it proposes a six-month rule but, where there is more than one change, all changes are submitted.
Criminal Check Process. If a firm has already submitted criminal checks to the relevant regulator, then it is proposed those can be used again if a further application is made for an individual in respect of another SMF in the same organisation.
Adapting the ‘12-week rule’. Both the FCA and PRA propose to update guidance on this rule including illustrative examples of when the rule can be applied. This appears to be a helpful change as it is an area where firms struggle.
Changing qualification for ‘enhanced’ SM&CR. Currently there are six thresholds which, if met, mean that a firm will be classified as ‘enhanced’ for SM&CR purposes. Four of these relate to business size, e.g. assets under management (£50B or more as a 3-year rolling average). The FCA proposes to increase the thresholds by 30% meaning that some firms will no longer be considered ‘enhanced’.
Although a coordinated review of the regime is overdue and some of the proposed changes will be welcomed by firms and practitioners, it is questionable whether these proposals are more cosmetic than provide fundamental change. Will they go far enough to address the real problems firms face in complying with the regime and encourage growth?
Background to the Senior Managers and Certification Regime
Following the 2008 financial crisis, public confidence in the financial services was, unsurprisingly, and understandably, low. As a result, the Parliamentary Commission for Banking Standards was formed and provided recommendations on how to improve accountability of senior management. Following the Financial Services (Banking Reform) Act in 2013, SM&CR launched, as part of an amendment to the Financial Services and Markets Act 2000 (FSMA).
This regime was introduced to improve consumer trust in the financial sector and to better the integrity of these institutions by creating a system which allows firms and regulators to hold people to account. The FCA identifies the aims of the SM&CR as threefold:
- to encourage staff to take personal responsibility for their actions
- improve conduct at all levels and
- make sure firms and staff understand clearly (and show) who does what.
The regime consists of three parts — The Senior Managers Regime; The Certification Regime and The Conduct Rules.
The SM&CR operates differently depending on the size of the firm and where solo-regulated, in a bid to make the application of SM&CR proportional. This is split into ‘enhanced’; ‘core’ and ‘limited scope’. It is up to the firm to determine what category they fall into, based on the rules set by the FCA.
Where a firm is ‘dual regulated’, i.e. by the PRA and FCA, they must also consider the PRA conduct rules and breach reporting requirements.
Senior Managers Regime (SMR)
To perform key roles, classed as ‘Senior Management Functions’ or SMFs, the individual needs FCA or PRA approval before commencing the role – although there is an exception for temporary SMF where they hold this role for less than 12 weeks at a given time.
As defined by the FCA, SMFs are a type of ‘controlled function’, meaning that they ‘relate to regulated activities carried out by a firm that are specified by the FCA or the PRA’. Examples of SMFs include CEO; CRO; MLRO.
Under SMR, each SMF must have a ‘Statement of Responsibilities’ (SoR). This states what is their responsibility, and what they will be made accountable for. This is submitted to the FCA every time a SMF is appointed, and therefore operates on an ongoing basis. Additionally, in accordance with FSMA, those holding a SMF have a ‘duty of responsibility’ – any breach of an FCA requirement would mean that they would be held accountable, with s66(5) FSMA giving the FCA and PRA authority to enforce this duty. SMR also requires criminal record checks, the collection of regulatory references (when requested) and ensuring any delegation of senior management responsibilities is reasonable (which the FCA recognise is a necessity in regard to larger firms).
The more onerous requirement is ensuring that SMFs (and certification staff) are “fit and proper” which includes an annual assessment. This is established by considering three measures:
- Honesty, integrity and reputation
- Competence and capability and
- Financial soundness.
Full guidance can be found under the Fit and Proper Test for Employees and Senior Personnel (FIT) part of the FCA handbook.
Certification Regime (CR)
Unlike SMFs, individuals who fall within this regime do not need to be approved by the FCA but nevertheless, firms must still undertake a ‘fit and proper’ assessment of them on appointment and on an annual basis. Not all firms will have certification functions (often the case in smaller organisations which include CASS oversight and algorithmic trading as defined in the Senior Management Arrangements, Systems and Controls (SYSC) part of the FCA Handbook.
Conduct Rules (Rules)
The FCA outlines six individual Rules and an additional four that apply only to SMFs which deal with the running of the business of the firm.
Training is mandatory under the Rules to ensure that individuals have understood the relevance of their duties in relation to their role within the firm. The Rules also establish a reporting mechanism. Under the Rules, firms are required to report conduct breaches by non-SMF employees that resulted in disciplinary action (such as a formal written warning, or dismissal), on an annual basis using the prescribed form. This differs from the more stringent requirements for SMFs which requires reporting within seven days. The report must be made regardless of whether the disciplinary action has been appealed by the employee.