Senior Managers and Certification Regime - Are you prepared?

26 minutes de lecture
26 septembre 2019


The Financial Conduct Authority (FCA) published its Final Rules on the extension of the Senior Managers and Certification Regime (SMCR) to all solo-regulated firms in July 2019[1]. All FCA solo-regulated firms authorised under the Financial Services and Markets Act 2000 (FSMA) will, from 9 December 2019, be subject to the SMCR which aims to strengthen individual accountability in financial services. It is therefore a culture and governance issue as much as a compliance and legal issue.

In this article, Sushil Kuner and Simon Stephen summarise the key changes and explore the practical considerations for solo-regulated firms.

Firms should treat the implementation of the SMCR seriously. One of the main purposes of the SMCR is to make it easier for the FCA to bring enforcement action against senior management and other accountable individuals. There is therefore a risk that Senior Managers who have been allocated responsibility for implementation of the SMCR also face potential enforcement action.

To put it into context the FCA's Enforcement Annual Performance Report for 2017/18[2] highlighted a stark increase in the number of open investigations relating to firms' culture and governance, demonstrating the high priority the FCA is giving to culture and governance issues. As at 31 March 2018, there were 61 such cases open compared to only 15 as at 1 April 2017.

Key changes under the SMCR

New Categories of Firms

The SMCR replaces the FCA's Approved Persons Regime (APR) and already applies to insurers, UK banks, building societies, credit unions, branches of foreign banks operating in the UK and the largest investment firms regulated by the Prudential Regulation Authority (PRA) and the FCA.

The SMCR introduces three categories of firm; Limited Scope, Core and Enhanced. Obligations of firms under the SMCR will depend on what category they fall into.

Most firms are likely to be Core firms, which will have a baseline of SMCR requirements applied.

Broadly speaking, Limited Scope firms will be subject to the fewest requirements under the SMCR and this covers all firms that currently have a limited application of the APR, including limited permission consumer credit firms, Claims Management Companies, sole traders and authorised professional firms whose only regulated activities are non-mainstream regulated activities.

A small proportion of solo-regulated firms will be Enhanced firms due to their size, complexity and potential impact to consumers and financial markets. These firms will be subject to extra rules. Key examples of Enhanced firms include:

  • firms with assets under management of £50 billion or more as a three year rolling average;
  • firms with total intermediary regulated business revenue of £35 million or more per annum, calculated as a three year rolling average;
  • firms with annual revenue generated by regulated consumer credit lending of £100 million or more, calculated as a three year rolling average; and
  • mortgage lenders or administrators (which are not banks) with 10,000 or more regulated mortgages outstanding.

New Categories of Individuals and Controlled Functions

Under the APR, the FCA approves individuals to carry out certain 'controlled functions'. These generally comprise two kinds of Approved Persons; the CF30 or 'Customer' function and the 'Significant Influence Functions' that are carried out by those closely involved in the running of the firm, for example, Directors and those in charge of compliance. Under the APR, Approved Persons are subject to the FCA's Statements of Principles and Code of Conduct for Approved Persons (APER) which set out standards of behaviour the FCA expects of them. They also need to ensure that they meet and abide by the rules laid out in the FCA's sourcebook relating to the Fit and Proper test for Approved Persons (FIT).

The SMCR replaces the APR and creates two new categories of controlled function - 'Senior Management Functions' (SMFs) and 'Certified Functions'.

Senior Management Functions

People who hold a SMF ("Senior Managers") will generally be the most senior people in the firm with the greatest potential to cause harm or impact upon market integrity and will need to be approved by the FCA before starting their role. The FCA has prescribed a number of SMFs and which SMF a firm needs will depend on the category of firm, i.e. whether it is a Limited Scope, Core or Enhanced firm.

The FCA has confirmed that the head of legal function is not a SMF, due to the difficulty in applying the Senior Managers Regime to lawyers as a result of restrictions arising from legal privilege. Those performing this function will instead be subject to the Certification Regime and Conduct Rules (see below).

Every Senior Manager will have a 'Statement of Responsibility' which will need to clearly set out what the Senior Manager is responsible and accountable for. These will need to be sent to the FCA when applying for the Senior Manager to be approved under the SMCR. Senior Managers will also have 'Duty of Responsibility' under FSMA.

Core and Enhanced firms will also be subject to certain 'Prescribed Responsibilities' which are in addition to the inherent responsibilities that are an essential part of a Senior Manager's role. The FCA prescribes these responsibilities to ensure that a Senior Manager is accountable for key conduct and prudential risks. Notably, the Prescribed Responsibilities include accountability for the performance by the firm of its obligations under the Senior Managers Regime, including implementation and oversight, and performance by the firm of its obligations under the Certification Regime.

Certified Functions

A Certified Function will be held by any employee whose role means that it is possible for them to cause significant harm to the firm or its customers. The FCA has prescribed the various Certification Functions and not all of those will apply to all firms; firms will only be required to apply those that are relevant to their business. Unlike the SMFs, holders of a Certified Function will not require pre-approval from the FCA. This will apply to the current APR CF30/Customer Function such that they will no longer require approval from the FCA. Instead, firms will need to check and confirm ('certify') that these individuals are fit and proper to perform their role at least once a year, and issue them with a certificate allowing them to perform the 'Client Dealing Function' once satisfied of their fitness and propriety.

Firms will therefore need processes in place to ensure that those responsible for certification are promptly made aware of anything which may impact the assessment (including a breach of the Conduct Rules).

It should be noted that in its recent Policy Statement 19/20, the FCA made clear that the scope of the Client Dealing Function excludes an individual who has no scope to choose, decide or reach a judgement on what should be done in a given situation and whose tasks do not require them to exercise significant skill.

Conduct Rules

Senior Managers and Certified Functions will have to continue to abide by the rules contained in FIT as to fitness and propriety, Under the SMCR the scope of conduct rules is, however, much broader. All of a firm's employees, including SMFs, Certified Functions and Non-Executive Directors, but not ancillary staff (e.g. receptionists), will need to comply with the FCA's Code of Conduct for Staff Sourcebook (COCON). So, for example, all employees (and not just the senior management) will need to comply with the obligation to treat customers fairly.

This therefore establishes a new set of minimum standards of individual behaviour in financial services. All employees - whether conducting regulated or unregulated activities - may therefore be held to account by the FCA. Internal consequence management will need to take this into account and firms will need to be able to report on conduct breaches internally as well as to the FCA.

Breaches of conduct rules are also likely to have to be reflected in regulatory references (including updating references already given when subsequent breaches are uncovered). This includes references requested for employees moving from a non-certified role to a certified role - further demonstrating the need for accurate tracking and linked up processes.

Summary Key Final SMCR Requirements for solo regulated firms

The table below summarises the key final SMCR requirements for each category of solo regulated firm, from a practical perspective.

Final SMCR Requirements for Solo Regulated Firms Enhanced Core Limited Scope
Senior Managers Regime
Pre-approval by the FCA of SMFs, except to allow cover for an SMF where the absence is temporary or unreasonably unforeseen and the appointment is for less than 12 consecutive weeks
Assessment of fitness and propriety before application to the FCA for approved of an individual as an SMF
Annual assessment of fitness and propriety of SMFs
Criminal record checks before application to the FCA for approval of an individual as an SMF[3]
Regulatory references to be obtained before appointing an individual as an SMF and to be given where another FCA authorised firm makes such a request[4]
Statements of responsibilities for each SMF holder [N.B. these must be submitted as part of any application to the FCA to approve an individual as an SMF. It should be updated after any approval when there has been any significant change in the responsibilities of the SMF]
Allocation of certain prescribed senior management responsibilities among SMFs  
Criminal records checks before the appointment of any board director who is not an SMF  
An up-to-date comprehensive Responsibilities Map to be maintained which describes a firm's management and governance arrangements    
Ensuring that, at all times, one or more of a firm's SMFs has overall responsibility for each of the activities, business areas and functions of the firm    
Ensuring that a person becoming an SMF has all the information and material that they could reasonably expect to have to perform their responsibilities    
Certified Functions
Ensuring that any employee performing a certification function is issued with a certificate before performing that function[5].
Annual renewal of certificates for all employees continuing to perform certification functions[6]
Assessment of fitness and propriety before issuance or renewal of certificates for certified functions[7]
Regulatory references to be obtained before appointing an individual to perform an FCA certification function, and to be given if asked by another firm making such a request[8]
Reporting information to the FCA about the firm's Directory Persons, including its certification employees
Conduct Rules
COCON directly applies to firms' employees, other than ancillary staff
Breaches of COCON to be reported to FCA
Sufficient notification to all persons subject to COCON of the rules that apply to them
All reasonable steps taken to ensure that all persons subject to COCON understand how COCON applies to them

Transitional arrangements - automatic conversion

Individuals at Core and Limited Scope firms (including branches) will be automatically converted wherever possible, with no action required by firms. As such, all firms should consider whether any changes to their current approvals are required ahead of the Commencement Date. If there has been no substantive change in a currently approved individual's role before and after the Commencement Date, firms will not have to apply for re-approval. Individuals who are not currently approved, or require additional approvals, will need to apply for each new SMF.

Enhanced firms will need to notify the FCA who they want to assign to the new SMF regime, but they will not have to re-apply for approval if the proposed SMFs can be mapped directly from the APR.

The FCA has specified, for all firms, which current controlled functions under the APR may be mapped across to the SMCR. These differ depending on whether the firm is a Limited Scope, Core or Enhanced firm.

Next Steps & Implementation Dates

All affected solo-regulated firms will move to the SMCR from 9 December 2019 ("the Commencement Date"). By the Commencement Date, all solo-regulated firms will have to:

  • identify the classification of their firm;
  • identify who the Senior Managers will be;
  • ensure that each of the firm's Senior Managers has a Statement of Responsibilities;
  • identify their Certified Function holders, although they will have a period of 12 months from the Commencement Date to complete the initial certification process;
  • train any Senior Managers and Certified Function holders on the Conduct Rules contained in COCON ensuring that they understand how the rules apply to their roles (although firms will have a period of 12 months to train all other staff on conduct rules);
  • ensure that the annual fitness and propriety checks for Certified Function holders and Senior Managers fit into the firm's existing HR and other processes;
  • assess how the new criminal records checks and regulatory reference requirements fit into the firm's existing recruitment processes;
  • ensure that they have the appropriate processes to obtain criminal records checks for new Senior Managers and confirm the firm is registered with the DBS, Disclosure Scotland or Access NI (as relevant);
  • ensure that they have the appropriate processes in place to obtain and provide regulatory references; and
  • identify who the firm's ancillary staff are (i.e. to whom the Conduct Rules do not apply).

In addition to the above, Core firms will need to:

  • determine whether any changes need to be made to any existing approvals, or add new ones, ahead of conversion;
  • determine whether the firm has a Chair. If so, they will need to determine whether the Chair is Executive or Non-Executive. It they are a Non-Executive Chair of a governing body, the firm will need to submit a Form K to convert that individual from CF2 (Non-Executive Director) to SMF9 (Chair) under the new regime. Executive Chairs will need to apply for the SMF9 function using Form A;
  • understand which forms are required, to amend approvals where appropriate;
  • identify which of the current Approved Persons will no longer be approved; and
  • allocate certain FCA Prescribed Responsibilities applicable to their firm to the relevant Senior Manager and clearly include them within their Statement of Responsibilities.

Enhanced firms will have higher duties and in addition to responsibilities to responsibilities of Core firms, should:

  • check that the firm and individual details are correct. It any changes need to be made, the relevant form should be submitted on the FCA's Connect portal;
  • determine whether any existing approvals need to be amended, or new ones added, ahead of conversion;
  • ensure that each activity, business area and management function has been allocated to a Senior Manager under the Overall Responsibility requirement;
  • ensure that appropriate handover procedures are in place;
  • prepare and submit to the FCA the following documents using Connect:
    • a Form K notifying the FCA of which currently approved individuals should be converted to a mapped SMF;
    • a Responsibilities Map; and
    • a Statement of Responsibilities for each of the firm's Senior Managers (a failure to submit these documents by the deadline will mean the firm is in breach of the FCA's rules and may result in action being taken by the FCA).

It should be noted that Form K must be submitted by 23.59 on 24 November 2019 and that it is already available on the FCA's Connect portal.

Senior Management Functions will appear on the FCA's Financial Services Register on 9 December 2019. Therefore, on or shortly after 9 December 2019, firms should check the FCA Register to ensure they have the correct Senior Management Functions.

Practical Considerations

There is much that firms need to do in order to comply with the SMCR and as such, firms should do what they can, as early as they can, to be ready. This means that many firms will, in practice, need to overhaul their internal procedures to ensure that, not only do they reflect the SMCR and COCON, but that they are joined up and aligned. SMCR is also not just a 'compliance' issue but is something the whole firm will need to be part of. For example, information relating to misconduct investigations or disciplinary sanctions will need to feed into both the certification and reference processes.

MI is a key part of managing conduct risk and Senior Managers will also need to be suitably informed with relevant data and information in order to carry out their duties. Firms should review how MI is tracked and reported.

Firms will also need to think about how to create a culture of accountability. Senior Managers will play a key role with the 'tone from the top' and leading by example and firms should plan how this would work within their culture.

Some of the practical considerations for firms include:

  • reviewing job descriptions and contracts to ensure they reflect the new regime (for example updating contracts of employment for Senior Managers);
  • allocating responsibility for the implementation of the SMCR to a Senior Manager;
  • establishing a working group, across all stakeholders, and creating a project plan;
  • reviewing policies and procedures, ranging from reference and disciplinary processes to regulatory reporting procedures;
  • developing training for all staff in respect of their obligations under COCON; and
  • having a clear and transparent consequence management process.

If you are affected by the SMCR, now is the time to start planning for implementation. We would be delighted to advise you on how the SMCR applies specifically to your business, how to practically implement it and to review all relevant firm policies and procedures to ensure they are compliant under the new regime.


[1] FCA Policy Statement PS19/20 - 'Optimising the Senior Managers & Certification Regime - Feedback to CP19/4 and Final Rules' dated July 2019
[2] FCA - Enforcement annual performance report 2017/18
[3] This requirement does not apply to sole traders without employees
[4] The obligation to ask for regulatory references does not apply to sole traders without employees
[5] This does not apply to internally managed Alternative Investment Funds and certain firms that only carry out benchmark activities
[6] This does not apply to internally managed Alternative Investment Funds and certain firms that only carry out benchmark activities
[7] This does not apply to internally managed Alternative Investment Funds and certain firms that only carry out benchmark activities
[8] This requirement does not apply to sole traders without employees

CECI NE CONSTITUE PAS UN AVIS JURIDIQUE. L'information qui est présentée dans le site Web sous quelque forme que ce soit est fournie à titre informatif uniquement. Elle ne constitue pas un avis juridique et ne devrait pas être interprétée comme tel. Aucun utilisateur ne devrait prendre ou négliger de prendre des décisions en se fiant uniquement à ces renseignements, ni ignorer les conseils juridiques d'un professionnel ou tarder à consulter un professionnel sur la base de ce qu'il a lu dans ce site Web. Les professionnels de Gowling WLG seront heureux de discuter avec l'utilisateur des différentes options possibles concernant certaines questions juridiques précises.



Télécharger en tant que PDF