How to prepare as the Senior Managers and Certification Regime extends to all FSMA authorised firms

03 January 2017

In October 2015, HM Treasury published a policy paper on extending the Senior Managers and Certification Regime (SMCR), which currently broadly only applies to banks and insurers, to all firms that are authorised under the Financial Services and Markets Act 2000 (FSMA).

The government plans to implement these reforms by way of the Bank of England and Financial Services Act 2016 and intends to implement the extended regime in March 2018. (Although note that some changes, such as those relating to regulatory references - outlined below, will be effective before that date).

The extended SMCR will replace the current Approved Persons Regime for affected firms.

This insight looks at what the change means for firms from a regulatory and employment law perspective.

Key features

In the run up to 2018, board members, HR professionals, compliance and risk officers and senior managers need to consider how to prepare for the following key features of the extended regime.

  • Regulatory pre-approval for specified "Senior Managers". Firms will be required to submit robust documentation on the scope of these individuals' responsibilities in a Statement of Responsibilities and the firm's management, governance arrangements and risk profile in a new Management Responsibilities Map.
  • Enhanced individual accountability.
  • A statutory "duty of responsibility". This is to be applied consistently to all senior managers across the financial services industry. The statutory duty will give the regulators a new ground to take enforcement action against senior managers and there are two elements to this new ground.
    1. The first element is that the firm has contravened regulatory requirements and that the breach occurred in the part of the business for which the senior manager is responsible.
    2. The second element is that the regulator must show that the individual failed to take the steps that it is reasonable for a person in that position to take to prevent a regulatory breach from occurring.
  • Delegation and Supervision. There will be a new conduct requirement for appropriate delegation and supervision by senior managers. If senior managers delegate any of their responsibilities, they will remain ultimately responsible for that responsibility and so must continue to supervise. Delegation also needs to be to a person with the appropriate skill set.
  • Certification. Firms will have to certify as fit and proper any individual who performs a function that could cause significant harm to the firm or its customers. This applies both at the time of recruitment and annually thereafter. Note the transfer of responsibility for approval from the regulators to the firm.
  • Training and Records. Firms will need to comply with new notification, training and record-keeping obligations and will need to have processes in place to ensure records are kept up to date.

The New Regulatory Framework

This will have three components.

  • The Senior Managers Regime (SMR)
  • The Certification Regime (CR)
  • Conduct Rules


The SMR will directly replace the Approved Persons Regime (APR) in its application for individuals performing the senior roles in the firm (known as Senior Management Functions SMFs). Individuals who are already approved will be "grandfathered" into relevant roles in the new regime.

When planning a new senior appointment or a material change in the role of a currently approved individual, an application will have to be prepared and submitted to the regulators for approval accompanied by a Statement of Responsibility.


This will apply to individuals who are not carrying out SMFs but whose roles have been deemed capable, by the regulators, of causing significant harm to the firm or its customers.

The firm itself will be required to assess the fitness and propriety of employees performing these key roles and to formally certify this at least annually. The roles ("significant harm functions") are also specified by the regulators in rules but the appointments do not require prior regulatory approval.

Conduct Rules

These will apply to senior managers, certified persons, directors and other employees involved in the provision of functions and will replace the old statements of principle made under the APR. The Act also provides for the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) to be able to make the Conduct Rules apply to some non-executive directors. Firms will be expected to embed the Conduct Rules in their employment documentation and to provide appropriate training.


It is expected that the new rules which came in for banks, building societies and insurers in relation to whistleblowing on 7 March 2016 and 7 September 2016 will be extended to other firms. Details of these rules have not been provided. However, we would expect them to be not dissimilar to those already in place.

Broadly speaking, these rules significantly expand the scope of disclosures to include what are being termed "reportable concerns". These not only include PIDA (Public Interest Disclosure Act) and regulatory disclosures but also any kind of misconduct from breaches of the firm's policies and procedures to behaviour that harms the reputation or financial well-being of a firm. The rules will also require firms to:

  • appoint a whistleblowing champion who will be responsible for overseeing the effectiveness of whistleblowing policies and training;
  • report annually to the board about the operation of whistleblowing policies and procedures;
  • notify the regulator in the event of an unsuccessful defence of an Employment Tribunal claim;
  • establish a whistleblowing channel;
  • notify staff of these services; and
  • alter wording in settlement agreements to make clear that staff should not be deterred from whistleblowing.

Regulatory references

Final rules for regulatory references have been published by the FCA and PRA. These broadly apply to senior managers and CR staff and insurers. These new rules take effect on 7 March 2017.

These references will be introduced to help prevent the recycling of "bad apples". The new rules require banks and insurers to request and provide references (for which there is a template) going back six years (except for serious issues where there is no time limit). Firms will also need to keep references updated where new information arises which would have changed what they included in the reference. References, including updated references, do need to be fair to employees so it will be good practice to give employees the opportunity to comment on the information. Firms will need to consider the increased litigation risk that this new requirement will hold.

Additional costs

Additional Costs may arise in preparing the documentation for roles that are subject to the prior approval of the regulators, for example, the preparation of the new "statements of responsibility" and the new "responsibilities map". (This is possibly offset by the reduction in the number of appointments that will require prior approval).

There are likely to be costs for the firm in complying with the certification requirements.

There may be some additional costs associated with ensuring employees are notified about the Rules of Conduct that will apply to them and that they receive appropriate training.

Ten things to consider now

  1. Who will be a Senior Manager?
  2. How will key responsibilities be allocated? What processes will be adopted for agreeing statements of responsibility with Senior Managers?
  3. What arrangements will be made to reflect increased personal accountability for Senior Managers e.g. legal expenses and/or indemnification?
  4. The identification of Certified Persons.
  5. The potential impact on remuneration arrangements.
  6. How to ensure uncertified employees do not inadvertently perform certified functions.
  7. Consider to what extent contracts for senior managers and CR staff will need to be tailored. For instance, you may want to include a clause giving the firm express termination rights where an individual fails to discharge their duties as outlined in the statement of responsibilities and make compliance with the Conduct Rules a contractual requirement.
  8. Check your policies and procedures are fit for purpose. Specifically, you will want to check the disciplinary and capability procedures and the firm's whistleblowing policy.
  9. Consider whether a policy addressing regulatory reference rules is required.
  10. Training. Senior managers, CR staff and others subject to the Conduct Rules must understand what is required of them under the new rules and are clear on what their responsibilities are.

NOT LEGAL ADVICE. Information made available on this website in any form is for information purposes only. It is not, and should not be taken as, legal advice. You should not rely on, or take or fail to take any action based upon this information. Never disregard professional legal advice or delay in seeking legal advice because of something you have read on this website. Gowling WLG professionals will be pleased to discuss resolutions to specific legal concerns you may have.