Unpacking the UK Senior Managers and Certification Regime.

The Senior Managers and Certification Regime (SMCR) is a significant component of the regulatory framework for financial services firms in the UK. It was implemented through amendments to the Financial Services and Markets Act 2000 and aims to strengthen individual accountability and standards of conduct in the financial sector.

Core Components

The SMCR framework consists of three main pillars:

1.?????? The Senior Managers Regime

This covers the approval, responsibilities, and accountability of senior managers. Firms must ensure certain designated senior management functions are allocated to qualified individuals who are then personally accountable for any misconduct under their oversight.

2.?????? The Certification Regime

This mandates the certification of employees involved in certain key functions that could pose a risk of significant harm to the firm or its customers. Certification confirms the fitness and propriety for their role based on qualifications, training, competence and personal characteristics. Certificates must be renewed annually.

3.?????? Conduct Rules

These are high-level rules setting basic standards of behaviour for nearly all financial services staff at regulated firms. They apply directly alongside company codes of conduct. Breaches must be reported to the regulator.

Additionally, the regime requires firms to maintain clear management responsibility maps outlining reporting lines and governance arrangements. It also introduces a criminal offence of causing a financial institution to fail.

The Senior Managers Regime

The first core component of the SMCR relates to senior managers at financial institutions. It applies to UK banks, insurers, and large investment firms as well as overseas banks operating in the UK. The main requirements are:

• Pre-approval of senior managers by the appropriate regulator (FCA and/or PRA)
• Allocation of "prescribed responsibilities" among senior managers
• Statements of responsibilities outlining senior managers' roles
• A duty of responsibility for senior managers
• Ongoing fitness and propriety assessments

Key steps firms should take for effective implementation and compliance:

Identifying Relevant Senior Management Functions

• Review the list of "designated senior management functions" like chief executive, executive director, and heads of key business areas
• Add any "prescribed responsibilities" assigned to the firm by regulators
• Determine which functions apply based on the firm's activities and structure

Pre-approval of Senior Manager Candidates

• Assess fitness and propriety prior to applying for approval, considering qualifications, training, competence and personal characteristics
• Obtain regulatory references from previous employers to inform assessments
• Submit applications to the appropriate regulator well in advance of start date
• Maintain records of initial and ongoing fitness and propriety assessments

Allocating and Documenting Prescribed Responsibilities

• Distribute prescribed responsibilities among eligible senior managers
• Avoid assigning too many responsibilities to one individual
• Document allocations clearly in governance maps and statements of responsibilities
• Keep prescribed responsibility records up to date through regular reviews

Duty of Responsibility and Oversight

• Ensure senior managers understand their duty of responsibility under section 66A(5) of FSMA
• Maintain open communication channels between senior managers and oversight committees
• Provide adequate oversight of senior management by board and non-executive directors
• Facilitate collaborations between senior managers of different business units

Assessing Ongoing Fitness and Propriety

• Carry out annual fitness and propriety reassessments of approved senior managers
• Review performance, breaches, and concerns objectively
• Report adverse findings to regulators in a timely manner

?

The Certification Regime

The certification regime requires firms to assess the fitness and propriety of employees in certain functions that could cause significant harm, known as "certification functions." These include:

• CASS oversight functions
• Proprietary traders
• Significant management functions
• Functions requiring qualifications
• Managers of certification employees
• Material risk takers
• Client-dealing functions
• Algorithmic trading functions

The main obligations are:

• Issuing certificates annually to employees deemed fit and proper
• Conducting fit and proper assessments considering qualifications, training, competence and personal characteristics
• Renewing certificates every 12 months
• Maintaining accurate records of certified employees

To comply with the certification regime, firms should:

Identify All Applicable Certification Functions

• Review the full list of defined certification functions
• Analyze employees' roles to identify all functions performed
• Include contractual and temporary staff alongside permanent employees

Assign Qualified Individuals as Certificate Issuers

• Designate senior staff with adequate expertise as certificate issuers
• Ensure a sufficient number of issuers based on the size of the workforce

Define Robust Fitness and Propriety Assessment Processes

• Set out clear criteria for assessing qualifications, training, competence, and personal characteristics
• Standardize assessment templates across the organization
• Establish formal channels for considering input from references, managers, and HR

Issue Certificates to Employees Meeting Requirements

• Provide certificates prominently listing all applicable certification functions
• Issue certificates prior to employees commencing certification functions
• Set up timely renewal processes to facilitate annual reassessments

Manage Changing Employee Functions and Leavers

• Evaluate if new certificates are needed when employee functions change
• Confirm that expires or cancelled certificates are promptly returned
• Update employee records and regulatory reporting in case of leavers

Managers that implement purposeful, well-documented processes will be able to comply efficiently as certification workload scales with business expansion.

?

Conduct Rules

The SMCR introduces a common baseline of conduct standards that apply directly to most employees of regulated firms, known as "conduct rules." These are:

• Rule 1: You must act with integrity.
• Rule 2: You must act with due care, skill and diligence.
• Rule 3: You must be open and cooperative with the FCA, the PRA and other regulators.
• Rule 4: You must pay due regard to the interests of customers and treat them fairly.
• Rule 5: You must observe proper standards of market conduct.

Additionally, senior managers must:

• Rule SC1: Take reasonable steps to ensure that the business of the firm complies with regulatory requirements.
• Rule SC2: Take reasonable steps to ensure that the business of the firm is controlled effectively.
• Rule SC3: Take reasonable steps to ensure that any delegation of responsibilities is to an appropriate person and that they oversee its operation.
• Rule SC4: Disclose any information of which the regulator would reasonably expect to be notified.

To comply with conduct rules, firms must:

Formally Communicate Applicability to Employees

• Identify all staff in scope aside from ancillary staff like receptionists.
• Inform staff of conduct rules during onboarding and through periodic reminders.
• Highlight any rules especially relevant to certain functions or activities.

Provide Extensive Rules Training

• Include conduct rules in all compliance and ethics training programs.
• Offer classroom, online or blended training to suit different needs.
• Refresh training annually or when rules are added or amended.

Secure Management Endorsement and Lead by Example

• Have senior leaders reinforce importance of conduct rules through messages and own behaviour.
• Incorporate conduct rules adherence into performance management processes.
• Reward good practice and address poor conduct promptly and proportionately.

Enable Confidential Breach Reporting

• Create clear, accessible internal channels for staff to report breaches confidentially.
• Protect whistleblowers from retaliation and investigate reports objectively.
• Report qualifying breaches to regulators within timeline.

Robust conduct rules compliance supports positive culture and minimizes conduct risks across firms.

Management Responsibilities Maps

Enhanced scope firms must maintain and regularly update comprehensive "management responsibilities maps" setting out their governance and management arrangements. Specifically, these should include:

• Reporting lines and allocation of responsibilities between senior managers and board members.
• Details of joint or shared responsibilities.
• Responsibilities reserved to the board.
• Group management arrangements and interconnections.
• Outsourced functions and third-party service provider responsibilities.
• Biographies of senior managers, board members and others referenced.

Firms can ensure maps remain current and usable by:

• Creating centralised databases or repositories for map components like documents, organisational charts, and biographies.
• Establishing recurring calendar invites for map reviews aligned to internal meetings like risk committee updates or board sessions.
• Aligning map updates with planned governance or organisational changes.
• Consolidating any existing related documents like risk inventories into an integrated map.
• Distributing updates widely after formal approvals to maintain visibility.

Keeping maps accurate and inclusive preserves institutional knowledge across leadership transitions, acquisitions, restructuring, or rapid growth.

?

Implementation challenges

While the SMCR aims to foster accountability and raise standards across the financial sector, implementing the various requirements is quite a challenge. Despite its extensive requirements, some SMCR provisions contain ambiguities that could lead to inconsistent applications across firms if not prudently interpreted in line with regulatory principles and objectives. Key areas requiring careful deliberation include:

Defining “Reasonable Steps” in Senior Manager Conduct Rules

Senior managers must take “reasonable steps” to ensure firm compliance and controls under Conduct Rules SC1 and SC2. Firms should interpret “reasonableness” as necessitating demonstrated diligence in identifying and mitigating risks through governance mechanisms, rather than simply lack of direct involvement in any breaches.

Allocation of Responsibilities Like Financial Crime Prevention

While provisions like designating overall financial crime responsibility seem to impose exclusivity, the rules allow flexibility in allocation across multiple senior managers for large firms. However, accountability should remain clear through oversight by governance committees.

Addressing Overlaps Between Senior Management Functions

Despite some functional overlaps, responsibilities should be allocated based on relevance, not used interchangeably. Firms should also assign sub-responsibilities to operational managers already performing designated senior management functions where possible, rather than introduce excessive holders of the “other overall responsibility” or local responsibility functions.

Distinguishing Regional and Group Management Roles

Regional heads based in UK branches of global firms should retain genuine autonomy over local operations within their authority, while Group heads assume responsibilities requiring international coordination and alignment. Careful delineation reinforces local accountability.

Defining Responsibilities and Reporting Lines

Unclear allocation of responsibilities and reporting relationships can lead to gaps or overlaps in authority and undermine accountability. Firms should define and delineate these comprehensively in governance documentation like committees' terms of reference, then align statements of responsibilities, organisational charts, and maps accordingly.

Increasing Administrative Overhead

The volume of fitness and propriety assessments, certificates to issue and renew, and records to update creates substantial administrative workload. Firms can minimise this through automation, digitisation, and integrated human capital management systems. Centralised co-ordination also helps avoid duplication of effort across business units.

Encouraging Rule Adherence Without Stifling Employees

Imposing extensive conduct rules directly on staff may inadvertently create a disempowered or fearful culture. Training should emphasise the rules' role in protecting employees and customers while positive communication from leadership gives assurance. An independent whistleblowing channel relieves perceptions that reporting will risk employment.

Preserving Institutional Knowledge

High turnover of certified staff or senior management can lead to loss of technical expertise and business insights. Firms should document processes comprehensively, encourage knowledge sharing through collaboration tools and communities of practice, and retain accessible archives of governance material like maps. Secondments across business units also broaden experience.

Meeting the “Spirit of the Law” in Key Definitions

Firms should construe definitions bearing on accountability, culture and conduct in line with the SMCR’s aims, not just technical specifications. For instance, the bonus-based criteria defining Material Risk Takers should be viewed as a proxy for actual influence, with appropriate individuals treated as Material Risk Takers irrespective of compensation structure.

?

Conclusion

Implementing the Senior Managers and Certification Regime represents a defining shift in the UK financial sector's governance framework, introducing substantial changes in firms' processes and workforce management practices.

The SMCR also requires extensive operational, technological and cultural changes. Gaining visible commitment from senior leaders is vital through active participation in implementation and communication reinforcing the SMCR’s importance. Firms need comprehensive assessments of necessary adaptations to governance, infrastructure and culture to support design. Coordination across functions needs focused teams with senior programme managers, embedding subject matter experts from impacted areas.

By approaching implementation as a collaborative, transparency-focused exercise, firms can comply effectively while realising the benefits of increased individual accountability, conduct standards and risk governance.

Ultimately, commitment from both leadership and employees is fundamental to embedding the regime's behavioural tenets into institutions' core values and culture. The regime's multifaceted requirements demand significant coordination. However, by allocating accountability clearly, monitoring compliance actively, and fostering an ethical culture, firms can successfully meet regulatory expectations while enhancing business performance.