SM&CR for Investment Firms — Senior Managers & Certification Regime Guide

What Is the SM&CR?

The Senior Managers and Certification Regime (SM&CR) is the FCA's framework for individual accountability in financial services firms. It replaced the previous Approved Persons Regime and applies to all FCA solo-regulated firms, including investment firms. The SM&CR has three components:

1. The Senior Managers Regime — requires individuals performing Senior Management Functions to be pre-approved by the FCA
2. The Certification Regime — requires firms to certify that employees in specified roles are fit and proper
3. The Conduct Rules — sets behavioural standards for all employees

The SM&CR is designed to ensure that senior individuals take personal responsibility for the activities they oversee, that firms properly assess the fitness and propriety of key employees and that there is a clear framework for holding individuals accountable when things go wrong.

Senior Management Functions

Investment firms must identify which Senior Management Functions (SMFs) apply to their business and ensure that each function is held by an appropriate, FCA-approved individual. The core SMFs for investment firms include:

Governing functions: - SMF1 — Chief Executive: the person with ultimate responsibility for the management of the firm's business - SMF3 — Executive Director: a director involved in day-to-day management (each executive director holds this function) - SMF9 — Chair: the chair of the governing body (for firms with a separate chair) - SMF27 — Partner: for firms structured as partnerships

Required functions: - SMF16 — Compliance Oversight: the person responsible for the firm's compliance function. Every firm must allocate this function - SMF17 — Money Laundering Reporting Officer: the person responsible for the firm's compliance with the MLR 2017. Every firm must allocate this function

Systems and controls functions: - SMF24 — Chief Operations: the person responsible for the firm's internal operations and technology - SMF2 — Chief Finance: the person responsible for the firm's financial affairs

For smaller investment firms, individuals may combine SMFs — for example, the CEO may also hold the compliance oversight function (SMF16) in firms where a separate compliance director is not warranted, subject to appropriate conflict management.

Statements of Responsibilities

Each SMF holder must have a Statement of Responsibilities (SoR) that clearly describes their individual responsibilities and the areas of the firm's business for which they are accountable. The SoR must be:

• Submitted to the FCA as part of the SMF approval application
• Kept up to date — any material changes must be notified to the FCA within seven business days
• Consistent with the firm's management responsibilities map (see below)

The SoR is a critical document in any enforcement investigation. The FCA will use it to determine which individual was responsible for a particular area of the business when a failure occurred. Firms should draft SoRs carefully, ensuring they accurately reflect how responsibilities are allocated in practice — not merely how they appear on an organisational chart.

The Management Responsibilities Map

Every investment firm must maintain a management responsibilities map (MRM) that provides an overview of the firm's governance structure, including:

• The allocation of responsibilities among SMF holders
• The reporting lines between SMF holders and the governing body
• How responsibilities are shared or divided where more than one individual has responsibilities in a particular area
• The governance arrangements for any committees (e.g., risk committee, audit committee, remuneration committee)

The MRM must be a single, coherent document — not a collection of organisational charts and terms of reference. It should enable the FCA to understand, at a glance, who is responsible for what within the firm.

The Certification Regime

The Certification Regime applies to employees who are not SMF holders but whose roles could pose a significant risk of harm to the firm or its clients. These include:

• Significant management functions — managers who report directly to SMF holders or are responsible for significant business areas
• Client-dealing functions — employees who deal with clients on behalf of the firm (including investment advisers, portfolio managers and traders)
• Material risk takers — employees whose activities could materially affect the firm's risk profile
• Algorithmic trading — employees responsible for algorithmic trading systems or strategies

Firms must: - Identify all Certification Regime roles within the organisation - Assess each employee's fitness and propriety before they begin the role - Reassess fitness and propriety at least annually - Maintain records of all assessments and their outcomes - Not allow an employee to perform a Certification Regime role unless they have been certified as fit and proper

The FCA does not pre-approve certified persons — this is the firm's responsibility. However, the FCA may investigate and take action against individuals in Certification Regime roles if they breach the Conduct Rules.

The Conduct Rules

The SM&CR establishes two tiers of Conduct Rules:

Individual Conduct Rules (apply to all employees except ancillary staff): 1. Act with integrity 2. Act with due skill, care and diligence 3. Be open and cooperative with the FCA, PRA and other regulators 4. Pay due regard to the interests of customers and treat them fairly 5. Observe proper standards of market conduct

Senior Manager Conduct Rules (additional rules for SMF holders): SC1. Take reasonable steps to ensure the business is controlled effectively SC2. Take reasonable steps to ensure the business complies with regulatory requirements SC3. Take reasonable steps to ensure any delegation is to an appropriate person and is overseen effectively SC4. Disclose appropriately any information of which the FCA would reasonably expect notice

The Duty of Responsibility

Under section 66B of FSMA, the FCA can take enforcement action against an SMF holder if: - There is a contravention of a relevant requirement by the firm - The SMF holder was responsible for the area of the firm's business where the contravention occurred - The SMF holder did not take reasonable steps to prevent the contravention

This is the "duty of responsibility" — and it reverses the previous burden of proof. The FCA does not need to prove that the SMF holder was personally at fault; it must show the contravention occurred within their area of responsibility. The SMF holder must then demonstrate they took reasonable steps to prevent it.

Fitness and Propriety Assessments

Both SMF and Certification Regime assessments must evaluate:

Honesty, integrity and reputation: - Criminal records checks (DBS or equivalent) - Regulatory references from previous employers (mandatory since March 2020) - Credit checks and adverse financial history - Disclosed and undisclosed regulatory investigations or sanctions

Competence and capability: - Relevant qualifications (e.g., CFA, CISI, IMC for investment management roles) - Experience in the specific function or role - Evidence of continuing professional development - Performance history and any concerns raised by previous employers

Financial soundness: - Personal insolvency history (bankruptcy, IVAs, County Court Judgements) - Outstanding financial obligations that could create conflicts of interest

Common SM&CR Compliance Issues

• Responsibility gaps — areas of the firm's business not clearly allocated to any SMF holder. The MRM must cover all significant activities without gaps or overlaps
• Stale SoRs — Statements of Responsibilities that do not reflect current operational reality. SoRs must be updated promptly when responsibilities change
• Weak certification processes — annual certification treated as a formality rather than a genuine reassessment. Firms should establish robust assessment criteria and document the basis for each certification decision
• Conduct Rules training — failure to train all relevant employees on the Conduct Rules, including providing practical examples of what compliance looks like in their specific role
• Regulatory references — failing to obtain references from previous employers or providing incomplete references when requested. Since March 2020, regulatory references are mandatory and must follow a prescribed template

Practical Recommendations

Map your SM&CR population comprehensively. Identify every individual who holds an SMF, every role that falls within the Certification Regime and every employee subject to the Conduct Rules. Maintain a register and review it at least annually.

Draft SoRs with enforcement in mind. The SoR is the document the FCA will use to assign individual accountability. Ensure it accurately reflects how the firm operates in practice — not how it operates on paper. Where responsibilities are shared, make the boundaries explicit.

Invest in regulatory references. The obligation to provide and obtain regulatory references is one of the most operationally demanding SM&CR requirements. Establish a process for responding to reference requests promptly and for following up with previous employers who are slow to respond.

Train on the Conduct Rules annually. The Conduct Rules apply to all staff — not just senior managers. Training must be practical and role-specific, with examples of how each rule applies in the employee's day-to-day activities. Maintain records of attendance and completion.