Senior Managers and Certification Regime: a practical overview
The Senior Managers and Certification Regime (SMCR) remains one of the most operationally demanding frameworks in UK financial services regulation. Extended to all FCA solo-regulated firms in December 2019, it imposes a tripartite structure — Senior Manager Functions (SMFs), Certification Functions, and the Conduct Rules — each with distinct obligations and consequences for failure. Despite more than four years of implementation, the FCA continues to identify significant gaps in firms' arrangements, particularly around the ongoing fitness and propriety assessment process and the accuracy of Statements of Responsibilities (SoRs).
At the core of the regime is the Senior Manager Function designation. Firms must map every prescribed responsibility to a named individual, ensure that individual has adequate resources and authority to discharge it, and document this in the SoR. The FCA's supervisory work has found that SoRs are frequently treated as one-time documents rather than living records. Regulators expect them to be updated promptly whenever responsibilities shift — including on appointment of a new SMF, changes to reporting lines, or material changes to business model. Under SUP 10C, firms must submit updated forms (Form A, B, D or I depending on circumstance) within defined timeframes; late notifications remain a source of enforcement action even where the underlying conduct is not itself problematic.
Certification under SMCR applies to individuals who are not SMFs but who perform Significant Harm Functions as defined in SYSC 27. These roles — including client-dealing functions, material risk-takers, and CASS oversight — must be assessed as fit and proper at appointment and at least annually thereafter. The annual certification cycle is frequently under-resourced. Firms must document how they assessed competence, financial soundness, and honesty, and must maintain records that can be produced on FCA request. A common failing is treating the assessment as an HR checkbox exercise rather than a genuine risk-based review; the FCA expects boards and NEDs to actively challenge the process rather than ratify lists.
The Conduct Rules in COCON apply to almost all employees (with limited exceptions for ancillary staff). Individual Conduct Rules 1–5 cover honesty, skill and care, cooperation with regulators, proper market conduct, and customer treatment. Senior Manager Conduct Rules add requirements around effective organisation, delegation, information and escalation. Firms must train all in-scope staff on the rules applicable to them within a reasonable period of taking up their role, and must report Conduct Rule breaches to the FCA within defined notification periods. The breach reporting obligation is a particular area of supervisory focus: the FCA has been clear that under-reporting is itself a concern, and that firms should err on the side of notification where there is genuine uncertainty.
Practical recommendations
Firms reviewing their SMCR arrangements should audit SoR accuracy against current organisational reality, stress-test the annual certification process against FCA expectations in FG20/1, and review Conduct Rule training records for completeness. Where there are incumbent SMFs who have not updated their SoRs in more than 12 months, a gap analysis is prudent before any supervisory engagement arises.