What Is the SMCR? A Complete Guide to the Senior Managers and Certification Regime

Maintaining trust and accountability is paramount for financial firms operating in the UK and beyond. The Senior Managers and Certification Regime (SMCR) stands at the forefront of this effort.

Designed to address shortcomings exposed by past misconduct in the financial industry, the SMCR not only enhances governance but also underscores the critical role of ethical behaviour in fostering a stable and transparent market. Whether you’re a seasoned compliance professional or poised to implement SMCR in your firm, this guide provides an in-depth explanation and best practices for successfully navigating the framework.

Overview of The SMCR

The Senior Managers and Certification Regime (SMCR) is a regulatory framework intended to foster accountability and reduce misconduct among senior managers in the financial services sector. 

The SMCR was introduced in the UK by the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) in March 2016 in response to the widespread misconduct that led to the 2008 global financial crisis. It replaced the Approved Persons Regime (APR) as a much more robust framework for individual accountability and initially applied to banks, building societies, credit unions, and PRA-regulated investment firms. In December 2019, the FCA expanded the SMCR to include all FCA solo-regulated firms, such as asset managers, insurers, and consumer credit firms.

Regulatory Context: Why The SMCR Exists

The SMCR’s primary purpose is to reduce misconduct in financial services firms by ensuring that senior managers and key personnel are clearly accountable for their decisions and actions. It encourages firms to establish stronger governance frameworks overall and clearly define individual responsibilities, so there are no ambiguities or misunderstandings.  

These stricter conduct standards strengthen consumer protections by promoting ethical behaviour and transparency. They also mitigate financial and compliance risks to individual firms, leading to greater industry-wide stability. 

Both firms based in the UK and those with UK entities must comply with the SMCR’s stringent rules to remain in good standing with the FCA. For example, U.S.-based financial firms are directly subject to SMCR if they operate through UK subsidiaries or branches. Noncompliance with SMCR by a UK entity of a foreign firm could result in financial penalties, reputational damage, or regulatory scrutiny that impacts the parent company.

Similar regulations exist worldwide, such as the Senior Executive Accountability Regime (SEAR) in Ireland and Australia’s Banking Executive Accountability Regime (BEAR). 

Key Components of The SMCR

The SMCR is divided into three main components: the Senior Managers Regime, the Certification Regime, and Conduct Rules. 

Senior Managers Regime

The bulk of the SMCR comprises rules that spell out the specific responsibilities of senior managers. Senior managers are assigned to their positions following regulatory approval and are deemed critical to their firm’s operations and governance. Hence, their adherence to an accountability regime is crucial. 

Under the SMCR, senior managers must: 

• Act in a way that demonstrates accountability, ethical leadership, and compliance with regulatory expectations
• Clearly define and document role-specific responsibilities for all employees in Statements of Responsibility 
• Ensure robust oversight of their team and that regulatory requirements are met across their area of responsibility
• Identify key risks and establish controls to mitigate them
• Regularly review and document decisions and actions taken to ensure they are reasonable and defensible
• Promote a culture of compliance by setting expectations and leading by example
• Maintain detailed records to demonstrate their compliance with responsibilities, especially during investigations

Certification Regime

The Certification Regime applies to employees who are not senior managers, but perform roles that could pose a significant risk to the firm or its clients, such as client-facing staff, risk management personnel, and traders. These employees fulfil what the SMCR deems “significant harm functions,” or duties which, if performed out of compliance with conduct standards, could severely jeopardise the firm’s reputation or financial stability. 

Under the Certification Regime, firms must: 

• Evaluate employees’ competence, skills, qualifications, integrity, and adherence to conduct standards
• Certify annually that these employees are fit and proper to perform their roles
• Keep a record of all certifications for regulators to review as needed

Conduct Rules

The SMCR’s Conduct Rules are divided into two tiers. The first tier — the Individual Conduct Rules — applies to all employees in a firm except for those in ancillary roles, such as receptionists. Examples of Conduct Rules include: 

• Act honestly and with integrity in all professional dealings
• Exercise skill, care, and diligence in the performance of duties
• Avoid actions that could compromise the market’s integrity or the firm’s reputation
• Treat customers fairly and communicate in a clear, transparent manner
• Work with regulators in an open and cooperative manner

The second tier applies specifically to senior managers and includes the additional requirements of ensuring regulatory compliance and taking steps to prevent regulatory breaches in their areas of responsibility. 

Why The SMCR Matters in Financial Services

The SMCR is more than just another regulatory framework financial firms need to comply with — it codifies ethical behaviour and mutual respect in an industry that depends upon both internal and public confidence. 

• Promotes accountability and trust: By clearly defining individual responsibilities, SMCR ensures that senior managers and employees are accountable for their actions, building trust within organisations and with external stakeholders.
  
• Improves corporate culture: Encourages ethical decision-making and transparent communication, leading to widespread integrity and professionalism.
  
• Reduces risk and improves governance: By emphasising personal accountability, SMCR minimises the likelihood of misconduct and strengthens overall governance frameworks.
  
• Drives a proactive culture shift: Compliance is integrated into daily operations rather than treated as an afterthought.

If the benefits of the SMCR weren’t enough to demonstrate its importance, the consequences of noncompliance should serve as an incentive for firms to follow the regime. 

Firms that fail to comply with SMCR regulations risk significant financial penalties and reputational damage. Senior managers can be held personally accountable for failures in their areas of oversight, leading to fines, bans, or even criminal charges. Noncompliance can also result in regulatory enforcement actions that disrupt business operations and erode client trust.

Compliance Essentials For Implementing The SMCR

While most UK financial firms and international firms with UK entities are regulated by the SMCR, there are certain cases in which a previously unregulated firm or individual must implement or comply with the SMCR. For those unfamiliar with the SMCR, implementing it may feel overwhelming. 

The following checklist is intended to help entities that are brought under the SMCR to establish a suitable conduct framework for compliance. 

Preparation and Documentation

1. Define roles and responsibilities clearly: Assign and document specific duties for senior managers using Statements of Responsibility to ensure there is no ambiguity.
2. Develop a Responsibility Map: This will outline how individual responsibilities connect to overall governance structures.
3. Conduct a gap analysis: Identify areas of non-compliance and implement corrective measures before SMCR implementation.
4. Establish internal policies and procedures: Ensure policy consistency across the organisation to align with SMCR requirements.
5. Document the process: Thorough documentation of processes and decisions will create a robust audit trail for regulatory review.

Training and Certification Process

1. Provide regular training programs: Make training mandatory for employees at all levels and tailor it to their roles and responsibilities under SMCR.
2. Focus training on specific components: Training should cover Conduct Rules, the Duty of Responsibility, and the importance of compliance in daily operations.
3. Establish a certification framework: Managers and staff in significant harm functions should be assessed annually for fitness and propriety.
4. Incorporate best practices in certification: Certification should include verifying qualifications, evaluating performance, and assessing ethical behaviour.
5. Use case studies and real-world scenarios: Training scenarios should clearly illustrate SMCR requirements and expectations, as well as consequences for noncompliance.

Ongoing Monitoring and Updates

1. Adopt compliance technology: Implement internal compliance tracking mechanisms, such as automated compliance tools or dashboards, to monitor adherence to SMCR in real time.
2. Establish an audit cadence: Schedule regular internal audits to assess compliance performance and identify any weaknesses in processes or controls.
3. Consult with experts: Engage third-party reviewers to conduct an independent evaluation of your SMCR compliance framework and practices.
4. Promote continuous professional development: Offer training and resources that keep staff up-to-date with regulatory changes and evolving best practices.
5. Update framework as needed: Review and update Statements of Responsibility and the Responsibility Map periodically to reflect changes in organisational structure or regulatory expectations.

Common Challenges in SMCR Implementation

Implementing the SMCR comes with several inherent challenges, chief among them the complexity of defining senior managers’ roles. 

Firms often struggle to align regulatory expectations with real-world job functions, leading to a lack of clarity in responsibilities. Overlapping duties can create ambiguities about accountability, resulting in disputes or gaps in compliance. Furthermore, frequent changes in organisational structures add to the complexity, requiring constant reassessment and realignment of senior manager roles. This underscores the importance of crafting detailed yet practical Statements of Responsibility.

Another significant hurdle is maintaining updated certifications. For large firms, especially, managing the volume of employees who require annual certification can be logistically challenging. Ensuring consistency across reviews is also difficult due to the subjective nature of assessing fitness and propriety — one person’s definition of integrity may differ from another’s. Systemic inefficiencies, such as reliance on manual processes or outdated systems, exacerbate the problem by causing delays and errors in certification tracking. Firms face regulatory scrutiny if they fail to meet certification deadlines or miss requirements, increasing the risk of penalties. 

Many firms struggle to integrate regulatory compliance into a healthy workplace culture. The perceived rigidity of SMCR rules can lead employees to view the requirements as burdensome, causing resistance or disengagement. Strict accountability standards, while necessary, may create a fear of making decisions or taking calculated risks. Achieving a balance between promoting ethical behaviour and avoiding micromanagement is essential for fostering a compliance-oriented yet positive work environment.

To mitigate these challenges, it’s critical that leadership communicate the purpose and benefits of SMCR clearly to staff at all levels, even those not in significant harm function roles. SMCR compliance expectations must be integrated into daily operations and training so that they become embedded in the company culture. The best way to reinforce this is to recognise and reward employees who demonstrate a commitment to both compliance and collaboration in their words and actions. Making compliance tools and resources — such as easy-to-access handbooks and digital dashboards — available to all employees can empower them to effectively manage their responsibilities as defined under the SMCR. 

Best Practices for SMCR Compliance

Firms can maintain SMCR compliance and ensure all employees are accountable for their roles by prioritising the following:

Proactive Risk Assessments

• Conduct regular risk assessments to identify potential regulatory vulnerabilities across the organisation.
• Develop a risk framework that aligns with SMCR requirements and addresses key areas such as governance, decision-making, and oversight.
• Leverage technology solutions such as compliance software to monitor, analyse, and mitigate risks in real time.
• Involve senior managers in scenario planning and stress testing to ensure they are prepared to manage and mitigate emerging risks.

Record-Keeping and Documentation

• Maintain detailed and accessible records of senior managers’ responsibilities through Statements of Responsibility.
• Keep records of all certifications and fitness assessments, ensuring they are updated annually.
• Document key decisions and actions taken by senior managers to provide evidence of reasonable steps in case of regulatory investigations.
• Use centralised systems or compliance platforms to manage documentation, making it easy to access and audit when needed.
• Establish audit trails to track how compliance processes are implemented and monitored across the organisation.

Building a Compliance-Oriented Culture

• Provide ongoing training for all employees on SMCR requirements, including the Conduct Rules and their implications.
• Clearly communicate the purpose and benefits of the SMCR to promote understanding and buy-in across the workforce.
• Encourage open communication by creating an environment where employees feel safe to raise concerns without fear of reprisal.
• Senior managers should model ethical behaviour and demonstrate a commitment to compliance in their actions.
• Recognise and reward employees who contribute to a culture of accountability, fostering alignment with regulatory expectations.
• Regularly review and reinforce the organisation’s core values, ensuring they reflect and support SMCR principles.

Next Steps

The SMCR represents more than a regulatory requirement — it provides a framework that embeds accountability, ethical decision-making, and robust governance into the very fabric of the financial services sector. By embracing the regime’s principles and best practices, firms can reduce regulatory risks, strengthen consumer trust, and create a culture where compliance drives business excellence. 

While implementation may pose challenges, developing proactive strategies and providing continuous employee training can help firms thrive under the SMCR. StarCompliance’s dedicated SMCR platform offers a comprehensive and flexible solution to help firms maintain compliance and transparency. With tools for managing Responsibility Maps and ensuring complete version control of critical documentation, it takes the risk of manual errors out of the equation while saving time and stress. 

With configurable features, multi-jurisdictional support, and future-ready architecture, StarCompliance empowers firms to stay aligned with FCA regulations while fostering a culture of accountability and ethical behaviour. Request a demo today to see the platform in action. 

Andy Atkinson

Andy Atkinson joined StarCompliance in 2022 and is the Head of Product Management for Star’s Accountability & Competency solutions. Andy has over 25 years of experience in product management, business development, and business analysis. He’s dedicated more than 15 years of his career to the financial services sector, delivering solutions to support regulated entities in the UK for Training & Competency and the Senior Managers & Certification Regime (SMCR). As global accountability regimes continue to emerge, Andy is using his deep knowledge and understanding of SMCR to develop fit-for-purpose solutions that can meet the needs of accountability regimes around the globe. Prior to Star, Andy worked at Redland Business Solutions and Mutual Vision.

Read more