The Senior Managers and Certification Regime (SM&CR) replaced the Approved Persons Regime (APR) for the majority of solo-regulated firms on 9 December 2019. It aims to reduce harm to consumers and strengthen market integrity by setting a new standard of personal conduct for everyone working in financial services.
Extension of SM&CR implementation periods for solo-regulated firms: Following a request from the FCA, the Treasury has made a statutory instrument to delay, from 9 December 2020 until 31 March 2021, the deadline for solo-regulated firms to have undertaken the first assessment of the fitness and propriety of their Certified Persons.
We welcome the publication of the statutory instrument. Aligned with this, we have consulted to change the same date in the FCA Handbook, the deadline for when firms need to have certified their staff. We received predominantly positive feedback to the corresponding changes we recommended in our consultation. This includes extending to the same deadline the following requirements:
• the date the Conduct Rules come into force, for staff who are not Senior Managers or Certification Staff
• the deadline for submission of information about Directory Persons to the Financial Services Register
The SM&CR applies to almost every solo-regulated firm, from very small firms (including sole traders and limited permission consumer credit firms) to some of the largest global firms. It also applies to branches of non-UK firms with permission to carry out regulated activities.
Read more about:
- the 3 parts of the SM&CR
- Certification Regime
- Conduct Rules
- Senior Managers Regime
- SM&CR categories for solo-regulated firms
- our guidance for solo-regulated firms
- important considerations
The SM&CR sets a new standard of conduct in financial services, ensuring:
- greater personal accountability at all levels
- minimum standards of conduct
- staff in key jobs are fit and proper to perform their roles
The regime consists of 3 key parts: the Certification Regime, the Conduct Rules and the Senior Managers Regime.
The Certification Regime applies to employees whose role means it's possible for them to cause significant harm to the firm, its customers or the market more generally. These roles are called 'Certification Functions'.
These people won't need to be approved by us. Instead, firms will need to check and certify that they are fit and proper to perform their role at least once a year.
Make sure that you:
- understand which of the Certification Functions apply to your firm (Limited Scope firms may not have any Certification Functions)
- identify the individuals within your firm that need to be certified on an annual basis
- ensure that the annual fitness and propriety checks for Certification staff and Senior Managers fit into your firm’s existing HR and other processes
To apply Regulatory References and Criminal Records Checks:
- assess how the Criminal Records Checks and Regulatory Reference requirements fit into your firm’s existing recruitment processes
- ensure that your firm has the appropriate processes to obtain Criminal Records Checks for new Senior Managers and confirm your firm is registered with the DBS, Disclosure Scotland or Access NI (as relevant)
- ensure that your firm has the appropriate processes to obtain and provide regulatory references (see pages 41-42 of SM&CR Guide for solo-regulated firms (PDF) for more information).
Firms should demonstrate that they are making regular, thorough and consistent assessments of the fitness and propriety (F&P) of Senior Managers and Certification Staff. We expect:
|Fitness and propriety|
|Positive indicators||Negative indicators|
|F&P checks identify new issues with staff – some fail.||F&P checks identify nothing new; a ‘rubber stamp’ exercise.|
|Relevant SMFs actively oversee the F&P process and ensure appropriate reporting.||Relevant SMFs have delegated the F&P process and cannot demonstrate adequate oversight and reporting.|
|Competence assessment demonstrates that thought has been given to each specific role (including managers).||Competence assessment is perfunctory and/or cannot be evidenced as being objective.|
|Development plans are put in place as a result of F&P assessments.||No development needs are identified.|
|Managers are adequately trained in the firm’s approach to F&P and understand what is expected of them.||Managers are poorly trained and/or have inadequate guidance as to what is expected of them in terms of F&P.|
|A detailed F&P process has been introduced and integrated into existing HR/performance management processes (it covers what happens if someone fails F&P).||F&P is considered (without review) to already be covered by pre-existing HR/performance management processes and/or there is no process for dealing with someone who fails F&P.|
|F&P panels – which include senior managers - are convened to consider marginal cases.||Process for considering marginal F&P cases either does not exist or is rarely convened.|
|Firm has appropriate criteria and a robust process for identifying certification staff on an ongoing basis.||Identification of certification population is ad hoc and/or a burdensome manual process.|
|Regulatory references disclose misconduct/relevant concerns and are produced in a timely manner.||Regulatory references fail to provide the necessary information and/or are not available promptly.|
Small firms may need to interpret some of these indicators in a proportionate way, but they should still give thought to the intention of the indicators, and this should not reduce the effectiveness of their fit and proper assessments or the Certification Regime.
For more information, read section 9 of the SM&CR Guide for solo-regulated firms (PDF). You can also listen to our podcast on the Certification Regime, which covers the practical steps firms need to take.
Only individuals who meet the criteria for one or more of the Certification Functions come within the Certification Regime. However, if firms want to extend similar fit and proper assessments to individuals who are outside the Certification Regime on a voluntary basis, they can do so.
The Conduct Rules set minimum standards of individual behaviour in financial services. By applying the Conduct Rules to a broad range of staff, we aim to improve individual accountability and awareness of personal conduct issues across firms.
The Conduct Rules will apply to almost all employees who carry out financial services activities, or linked activities, in a firm. Some Conduct Rules apply to all employees, while others only apply to Senior Managers.
To apply the Conduct Rules, make sure that you:
- can identify your firm’s ancillary staff (ie those to whom the Conduct Rules do not apply)
- understand the Conduct Rules training and reporting requirements for Senior Managers and all other staff
- consider how staff will be made aware and trained so that they understand how the conduct rules apply to them in their roles
When training staff on the Conduct Rules, we expect:
|Positive indicators||Negative indicators|
|Relevant SMF can demonstrate appropriate involvement/oversight of training.||Relevant SMF has limited knowledge of training approach and/or has delegated with limited oversight.|
|Training is interactive and uses realistic scenarios.||Simple computer-based training only – with little attempt to tailor to role.|
|Examples/scenarios draw out nuances of how the rules apply to each type of role.||Training only gives obvious examples of breaches – for example, fraud or not attending mandatory training - which do not draw out nuances.|
|Line managers are involved in training delivery, not just HR or the project team.||Training is delivered by a HR, compliance or the project team with no line management involvement.|
|Training is reinforced regularly and built into on-boarding.||Training is a one-off exercise and/or not built into on-boarding.|
|Effectiveness of Conduct Rules training is assessed.||No measures of the effectiveness of Conduct Rules training.|
|Training is put in the context of the overall regime.||Training is not put in context of the overall regime.|
|Regime/Conduct Rules are presented as a step change in regulatory expectations.||Regime/Conduct Rules are presented as nothing new, simply ‘what we do already’.|
|Conduct is linked to F&P and performance assessments.||Conduct rule not linked to F&P or performance assessments.|
Find out more about the reporting requirements for Conduct Rule breaches.
The most senior people ('Senior Managers') who perform key roles ('Senior Management Functions') will need our approval before starting their roles.
Every Senior Manager will need to have a 'Statement of Responsibilities' that clearly says what they are responsible and accountable for.
Our Guidance on Statements of Responsibilities and responsibilities maps can help you prepare these documents. For more information, read section 4 of the SM&CR Guide for solo-regulated firms (PDF).
If you were required to submit a Form A for functions required under the new regime, this had to be done by 11.59pm on 8 December 2019. Please note Authorisations has a 90-day statutory period to determine applications, as such, depending when you submitted the application, it wouldn't have been determined by commencement of the new regime. As long as you submitted applications for required functions by the deadline, the FCA won’t take any further action.
For solo-regulated firms, there are 3 categories under the SM&CR:
- Limited Scope
You are responsible for determining which category you fall into, based on the rules. It's important to make sure you are correctly categorised, as your category determines how the SM&CR applies to you.
Find out more about categorisation for solo-regulated firms.
The SM&CR Guide for solo-regulated firms is a summary of our final rules and guidance on SM&CR. It gives an overview of how the SM&CR works.
The Guide was last updated in July 2019. In this update, we included:
- information on claims management companies
- an explanation of the policy relating to the Head of Legal role
- an update to the definition of client dealing
- an explanation of the status of partnerships
- an update to the section on territoriality
- clarification of the definition of oil market participants and energy market participants that fall within the Limited Scope category
- clarification on thresholds for Enhanced firms (relating to the reporting process)
We have also published guidance to help solo firms with producing Statements of Responsibilities and (for enhanced firms) responsibilities maps. This guidance explains the purpose of these documents and contains questions for firms to consider.
Delegating Senior Management responsibility
Senior Managers can delegate to others – this is a necessity in larger firms. However, this does not reduce their accountability for what they delegate.
Senior Managers should ensure that any delegation is reasonable in itself, that the individuals to whom they have delegated are appropriate, for example with suitable skills, and they should retain an appropriate level of oversight (see DEPP 6.2.9E for guidance on what we consider to be reasonable steps in terms of delegation).
CEOs and Chairs
The CEO of a firm can also be the Chair, unless there is another rule that forbids it (for example, under SYSC 4.3A.2, the Chair of a common platform firm’s management body cannot also be the CEO).
In general, the SM&CR itself does not introduce new governance requirements.
Governing bodies and Senior Management Functions
SMFs are not restricted to members of the governing body. In Core firms, many holders of SMFs will, in practice, be members of the governing body. However, Compliance Oversight (SMF16) and MLRO (SMF17) are examples of functions that will often be held by individuals who are not. For Core firms, we will automatically convert the existing holders of the equivalent controlled functions to the SM&CR.
One other point to consider is that the SMF3 executive director function extends beyond members of the governing body to include ‘a person in accordance with whose directions or instructions (not being advice given in a professional capacity) the directors of that body are accustomed to act’.
Compliance Oversight and MLRO functions
In solo-regulated firms, the SM&CR does not introduce any new requirements for firms to create a Compliance Oversight function or an MLRO function.
The rules about which types of firm are required to have these functions remain the same as under the APR. Approval to hold an SMF is required only where the function exists in the firm.