Home
Resources
What is the Sen...

What is the Senior Managers and Certification Regime?

The Senior Managers and Certification Regime is a regulation designed to enhance the accountability and conduct of UK financial services firms and their employees.

Ali Abbas
Copy link Copy linkCopy to clipboard
Share on X Share on Facebook Share on Linkedin

Posted: 2021-04-27

What is the Senior Managers and Certification Regime?

The Senior Managers and Certification Regime is a regulation designed to enhance the accountability and conduct of UK financial services firms and their employees.

Administered by the Financial Conduct Authority (FCA), the Senior Managers and Certification Regime (SMCR) imposes a range of compliance obligations on individuals and firms, including training and certification requirements, with potentially significant penalties for non-compliance.

A brief history of SMCR

The SMCR was conceived in the wake of the 2008 financial crisis and followed the publication of the UK’s Parliamentary Commission on Banking Standards (PCBS). The PCBS recommended a new approach to accountability in the banking industry, with an emphasis on the conduct of senior management employees.

Introduced in 2016, the SMCR replaced the UK’s existing set of conduct rules: the Approved Persons Regime (APER). The SMCR was initially applied to the banking sector (banks, building societies, credit unions, and large investment firms) before it was expanded to dual-regulated insurance providers in 2018, and then to all FCA-regulated firms from December 2019.

The impact of Covid-19 on SMCR

The SMCR’s Conduct Rules were originally set to be introduced for UK solo-regulated firms by 9 December 2020 but the FCA pushed back the implementation deadline to offer firms more flexibility under Covid-19 pandemic restrictions. The new deadline for the implementation of the Conduct Rules was set for 31 March 2021.

What is the Senior Managers Regime?

The SMCR requires firms to ensure that senior employees are suitable for high responsibility roles. Accordingly, the SMCR’s Senior Managers Regime requires firms to conduct suitable due diligence on their senior managers including criminal record checks, credit checks and directorship checks.

Managers must be approved by either the FCA or the Prudential Regulation Authority (PRA) prior to assuming their positions, and be certified by those regulatory bodies once a year. Senior Managers Regime also requires firms to set out the obligations of each senior manager clearly in a Statement of Responsibilities.

What is the Certification Regime?

The SMCR’s Certification Regime seeks to address the risk posed by employees whose role may allow them to do ‘significant harm to the firm or its customers’. Under the Certification Regime, firms must implement a certification process for employees to ensure that they are fit and proper to perform their roles competently and safely. Although the specific certification process does not need to be approved by the FCA or the PRA, it should be suitably robust and involve, for example, a criminal record check.

What are the SMCR’s Conduct Rules?

The SMCR’s Conduct Rules are intended to raise a firm’s professional conduct and accountability standards, shaping both internal culture and policy. The rules establish minimum standards of conduct that can be judged by the FCA, and emphasise a need for responsibility at a personal and institutional level. The Conduct Rules apply to employees at every level of authority (ancillary employees may be exempt) and are split into two tiers:

  • Individual Conduct Rules. Applicable generally to most employees in a firm, the individual conduct rules require individuals to:
    • Act with integrity, care, skill, and diligence.
    • Cooperate with the FCA, PRA, and other regulators.
    • Treat customers fairly and act in their interests.
    • Observe proper market standards.
  • Senior Manager Conduct Rules: The second tier of conduct rules requires senior managers to:
    • Take steps to control their business effectively.
    • Ensure that their business is run in compliance with the relevant regulatory standards.
    • Delegate their responsibilities (where necessary) to an appropriately qualified person and provide oversight to ensure that the chosen person discharges those responsibilities correctly.
    • Disclose any necessary information to the FCA and PRA.

SMCR Compliance Considerations

Employee screening is the foundation of SMCR compliance. Firms must be confident that the individuals they appoint to senior management positions are capable of providing effective oversight and contributing to a culture of regulatory accountability. Accordingly, an SMCR employee screening solution should feature the following measures and processes:

  • A definition of a senior management role.
  • The specific background checks necessary for each senior management role.
  • The Statement of Responsibilities relevant to each senior management role.
  • Regulatory pre-approval (FCA, PRA) of senior managers.
  • Verification that senior managers understand their responsibilities and how to avoid compliance violations.
  • Definition and identification of Certified Persons.
  • Assessment of Certified Persons (with annual reassessment).
  • Training for all employees that are subject to Conduct Rules.

The penalties for SMCR non-compliance

Non-compliance with SMCR regulations carries both personal and institutional liability. SMCR penalties range from fines and financial restrictions to custodial sentences for individuals, and vary depending on the seriousness of the breach (as assessed by the FCA).

The FCA tends to impose financial penalties for SCMR breaches. In 2018, SMCR fines totalled £785,000, including a £321,000 fine for a senior manager of Barclays who breached the Individual Conduct Rules. Beyond addressing failures in accountability, due diligence, and professional fitness, the FCA’s approach to SMCR compliance focuses on incidents of market abuse, money laundering, and financial crime.

What is the future of SMCR?

The FCA has acknowledged the disruption to SMCR compliance caused by the Covid-19 pandemic restrictions. In April 2020, it issued guidance for firms seeking to use temporary arrangements to manage the challenges of the crisis such as staff absences and other health and safety concerns. With that in mind, the temporary modifications to SMCR compliance that were introduced as a result of the pandemic are set to be rolled back over the course of 2021 – with the expectation that those measures will end by 30 April 2021.


Some observers have pointed out that the number of SMCR enforcement actions has been relatively low. While the collective amount of SMCR fines has increased since 2017, almost one third of SCMR investigations that have been opened since its introduction have been closed with no action. The pace of SMCR investigations and the number of enforcement actions they generate are expected to increase as UK Covid-19 restrictions are rolled back.

Related resources

Regulatory Risk Management: How will Executive Order 14028 change the cybersecurity landscape?

Regulatory Risk Management: How will Executive Order 14028 change the cybersecurity landscape?

What is Executive Order 14028 and who must comply with the US regulation? And will it affect the cyb...

What is the US’ Community Reinvestment Act?

What is the US’ Community Reinvestment Act?

Are you aware of the latest updates to the Community Reinvestment Act in the US? Learn more about fi...

What regulations are there for the payment services industry?

What regulations are there for the payment services industry?

Discover the regulations shaping payment services, from PSD2 to AMLD6. Stay compliant with CUBE's in...

What is the CISO (Chief Information Security Officer) responsible for?

What is the CISO (Chief Information Security Officer) responsible for?

CISO's face a number of challenges with regulations constantly changing. Learn more about some of th...

View More