FCA - Senior Managers and Certification Regime – A Catalyst for Change?

FCA - Senior Managers and Certification Regime – A Catalyst for Change?
Extending the SM&CR to all FCA-authorised firms

“The aim of the SM&CR is to reduce consumer harm and strengthen market integrity by focusing on people and their personal accountability, not just on firms. The SM&CR has already been implemented in some firms, including banks, building societies and insurers. We are extending the SM&CR to all authorised firms in December 2019. This will embed consistent standards of personal conduct for all individuals working in financial services and highlight the individual accountability of senior managers so that consumers are treated fairly and market integrity is enhanced. We will work with firms and trade associations to ensure that the regime is implemented effectively and firms and individuals understand what they need to do”.

FCA Business Plan 2019/20
“SM&CR is a catalyst for change - an opportunity to establish healthy cultures and effective governance in firms by encouraging greater individual accountability and setting a new standard of personal conduct”.

FCA Statement 14/05/2019

“…the Senior Managers and Certification Regime now defines the responsibilities and accountability of senior managers in authorised firms in a way which applies to all activities they conduct whether they are regulated activities or not...”

Andrew Bailey - Report on the Financial Conduct Authority’s further investigative steps in relation to RBS GRG – June 2019



Executive Summary

The Senior Managers and Certification Regime (SM&CR) will be extended to all Financial Conduct Authority (FCA) regulated firms from December 9, 2019.

The SM&CR regime will replace the current ‘Approved Persons’ regime and will affect more than 47,000 firms including wealth managers, asset managers, stockbrokers, financial advisors, consumer credit firms and insurance intermediaries along with the UK branches of both EEA and non-EEA firms. In other words, all FCA ‘solo-regulated’ firms.

It would be a grave mistake for firms to regard this as an administrative change to the Approved Persons regime. The extension of the SM&CR to all solo-regulated firms is intended to create a culture of greater individual accountability within financial services firms, following its implementation in banks in March 2016 and in insurers in December 2019.

New Link Consulting believes that the preparation for, and implementation of, the SM&CR presents firms with a genuine opportunity to ensure the right governance and culture exist within the firm and that these can be used to drive better outcomes for consumers.

New Link Consulting can provide:
• Technical/Regulatory advice on SM&CR, Governance, Culture and Conduct Risk
• Project/Programme Management
• Delivery of Senior Managers Regime
• Design and Implementation of Certification Process/System
• Resource Augmentation
• SM&CR Programme Review and Assurance

A Three Tier Regime


Firms caught by the SM&CR will need to first identify which one of the three ‘tiers’ is applicable, as the regime requirements become more onerous and complex in each tier.

The FCA will notify firms which tier applies to them during Q.3 but it is relatively simple to use the FCA’s tool to work out your SM&CR firm type and waiting for FCA notification will be leaving preparations very late. Some firms may elect to apply a higher tier than strictly applies, for example in anticipation of business growth.

A. The Senior Managers Regime

This applies to only the most senior individuals in the firm, who will be registered with the FCA under ‘Senior Management Functions’ (SMFs). The main functions that have been designated as SMFs are the Chief Executive, Executive Directors, Compliance Oversight and the MLRO.

Senior Managers will have a duty to take reasonable steps to prevent regulatory breaches in the areas of the firm for which they are responsible. So not only are they responsible for their own conduct, they are also responsible for the teams and departments that they lead.

Senior Managers will need to understand and articulate precisely what it is that they are responsible for, and to document this through a one-page Statement of Responsibility.

Key Components of the SM&CR Regime

There are 3 key parts to the SM&CR, each of which looks relatively straightforward in principle but can be challenging to implement.

B. The Certification Regime

This will cover individuals who carry out roles that have the potential to cause harm to a firm or its customers. Examples include ‘Significant Management’ functions, Proprietary Traders, CASS Operational Oversight, Material Risk Takers and Algorithmic Trading functions.

The firm is required to have a robust certification process in place with annual renewals of certificates.

Some of the many challenges with the Certification

Regime include:

• Identification of individuals/roles that require certification

• Designing and implementing the process for determining fitness and propriety and suitable qualification

• Keeping certificates up to date (an annual requirement)

• Keeping track of joiners, leavers and [other] organisational changes

• Interaction with existing HR systems

During 2020 the FCA will be producing the ‘Directory’ of individuals certified by firms under this regime.

C. The Conduct Rules

The FCA rules contain a set of Individual Conduct Rules that apply to all in-scope employees.

The following rules will apply to all employees:

• You must act with integrity

• You must act with due skill, care and diligence

• You must be open and cooperative with the FCA, the PRA and other regulators

• You must pay due regard to the interests of customers and treat them fairly

• You must observe proper standards of market conduct

Three additional rules will apply to Senior Managers. These require them to take ‘reasonable steps’ to ensure the parts of the business for which they are responsible are ‘controlled effectively’, comply with relevant regulatory requirements and that they delegate effectively.

Firms need to design training to ensure that those who are subject to the rules have an awareness and broad understanding of all of the rules, and, critically, that they also have a deeper understanding of the practical application of the specific rules which are relevant to their responsibilities

Roadmap to December 9, 2019

An illustrative roadmap of
the steps required to achieve
SM&CR compliance.
Keys to Success

For many organisations, implementation of SM&CR is complex and requires extensive planning, resources and thought.

The most effective way to make sure that SM&CR is embedded within the business is to ensure business ownership of, and senior management engagement with, the SM&CR implementation project.

Senior management engagement in the SM&CR is critical to success. This should be supported by Compliance, who have a role to play in advising the business, and the HR Department who will often be responsible for maintaining the Certification Regime.


Case Study

The UK subsidiary of a Middle-Eastern bank was caught by the first ‘wave’ of SM&CR in 2016. The complication was that some senior decision-makers within the scope of the regime were located in the bank’s home country.

Members of our Non-Financial Risk team worked with the Senior Management, Compliance and HR teams in the bank to produce responsibility statements and maps. The firm complied with the SM&CR requirements on time and on budget

New Link Consulting Works with Clients to
Address all of These Challenges
By combining deep regulatory domain knowledge with extensive experience in operational design, business architecture, process improvement, project and programme delivery and technology deployment, we help firms to deliver a lasting and proportionate response to regulatory change. This blend of subject matter expertise and delivery agility enables us to tailor our services to meet the specific requirements of each client assignment.

We would be delighted to meet with you to discuss these issues and how we can help you with your SM&CR Programme

Please contact us for further information

Claire Lincoln-White

Peter Brooke


Practice Lead
Anti-Financial Crime &
Non-Financial Risk

Andrew Hovell


Anti-Financial Crime &
Non-Financial Risk

Expert Practitioners,
Passionate Entrepreneurs

Based in London, the beating heart of the global Financial Services industry, New Link Consulting provides a comprehensive portfolio of consultancy services to our clients, including buy-side, sell–side and market intermediaries. Innovation is at the heart of what we do – from our core service delivery through to our approach to developing industrywide solutions. New Link Consulting’s core areas of expertise include Regulation, Operational Risk and Control, Process Improvement and Business Integration.

Our Engagement Leads uniquely combine a deep industry knowledge, gained through years of direct experience working within City financial services organisations, with innovative change management skills. This subject matter expertise enables us to tailor our services to meet the explicit requirements of our clients. This results in a collaborative approach to problem solving and exceptional delivery standards, even when dealing with the most complex and challenging engagements

New Link Consulting LLP,
1st Floor, 65 Leonard Street, London, EC2A 4QS,
United Kingdom
+44 (0)203 826 9700


Need any help?

New Link Consulting has the expertise and practical experience to help you move forward as a GDPR compliant organisation.

Our modular approach can be used to customise assistance where appropriate. Gaps in compliance may already be clear and if so our trusted execution experience will allow the gaps to be closed with confidence.

Our consultants have many years of experience dealing with regulatory and data implementations across the financial sector and beyond. By drawing on a wealth of practical experience we can assure our clients a first rate service.

We can also include assistance from our legal partners to interpret the regulation according to your bespoke needs. Translating these interpretations into requirements that fit your business. Our cyber-security partners are well placed to provide expertise surrounding data storage, usage and security