Senior Managers and Certification Regime: A Plain-English Guide
The Senior Managers and Certification Regime (SMCR) is the FCA's framework for making senior people at regulated firms personally accountable for what happens on their watch, and for making sure everyone in a regulated role is fit and proper to be there. It applies to almost every FCA-regulated firm in the UK, including small IFAs, mortgage brokers, insurance brokers, and wealth managers. From 1 September 2026, the new PS25/23 framework on non-financial misconduct slots into SMCR rather than sitting alongside it — so understanding SMCR is the foundation for getting PS25/23 ready.
This guide explains SMCR in plain English: who it applies to, what the three tiers are, what each tier requires, and what changes from September 2026. It is written for compliance officers and principals at firms with 1–50 staff who want to understand the regime without wading through hundreds of pages of FCA Handbook.
The plain-English summary
SMCR has three tiers of people:
- Senior Managers — the most senior people responsible for specific regulated activities at the firm. They need FCA pre-approval and are personally accountable.
- Certification staff — people in functions that could harm customers or the firm if performed badly. They don't need FCA pre-approval, but the firm must certify them as fit and proper every year.
- Conduct rules staff — almost everyone else, who must follow basic rules of behaviour.
The regime was rolled out to almost all UK financial services firms by December 2019. It replaced the older Approved Persons Regime. It exists because the FCA wants to be able to identify, hold to account, and where necessary sanction the specific individuals responsible for failures — not just the firms.
Who SMCR applies to
SMCR applies to:
- All firms regulated by the FCA, except limited-permission consumer credit firms and some specialised vehicles
- Banks, insurers, building societies (under separate but very similar rules)
- All "solo-regulated" firms (the FCA's term for firms regulated by the FCA only, not the PRA) — IFAs, mortgage brokers, insurance brokers, wealth managers, payment firms, consumer credit firms, claims management companies, and so on
Within solo-regulated firms there are three sub-categories:
| Category | Description | What it changes |
|---|---|---|
| Limited Scope | Smaller, lower-risk firms (sole traders, very small firms with simple permissions) | Fewer SMFs required; no certification regime in some cases |
| Core | Standard category — most small and mid-sized solo-regulated firms | Full SMCR applies in standard form |
| Enhanced | A small number of larger firms identified by the FCA based on size and complexity | Additional SMFs and responsibilities required |
The FCA's SMCR for solo-regulated firms page sets out which category your firm sits in. Most small IFAs, mortgage brokers, and insurance brokers are Core firms.
Tier 1: Senior Managers
A Senior Manager is someone who holds a Senior Management Function (SMF) at the firm. SMFs are FCA-approved roles with personal regulatory accountability for specific parts of the firm's business.
For a Core firm, the SMFs typically required are:
| SMF code | Role | Who holds it |
|---|---|---|
| SMF1 | Chief Executive | Most senior executive (often the principal at a small firm) |
| SMF3 | Executive Director | Executive directors (only relevant if the firm has a board) |
| SMF9 | Chair of the governing body | Chair (only relevant if the firm has a board with a designated chair) |
| SMF16 | Compliance Oversight | The compliance officer |
| SMF17 | Money Laundering Reporting Officer (MLRO) | The person responsible for AML compliance |
| SMF27 | Partner | Partners in LLPs or partnerships |
A small firm with three people might have one person holding SMF1 + SMF16 + SMF17 — multiple SMFs concentrated in one principal. That is permitted, but the FCA expects clear documentation of how that person manages the workload and the conflicts.
What a Senior Manager has to do
Each SMF holder has:
1. A Statement of Responsibilities (SoR). A short document setting out the specific things they are responsible for at the firm. The SoR is filed with the FCA and updated when responsibilities change.
2. Prescribed Responsibilities. A defined set of responsibilities that must be allocated to one or more SMF holders. Examples include "performance by the firm of its obligations under the Senior Managers Regime" and "compliance with the firm's obligation to monitor and assess the effectiveness of internal controls."
3. Duty of Responsibility. Under COCON SC1, an SMF holder is personally accountable if a regulatory breach happens in their area and they did not take "such steps as a person in the position could reasonably be expected to take" to avoid it. This is the test the FCA applies in enforcement.
4. Senior Manager Conduct Rules. In addition to the individual conduct rules, SMF holders must comply with four senior manager rules:
| Rule | Plain-English |
|---|---|
| SC1 | Take reasonable steps to ensure the business is controlled effectively |
| SC2 | Take reasonable steps to ensure the firm complies with regulatory requirements |
| SC3 | Take reasonable steps to ensure delegated functions are properly managed |
| SC4 | Disclose appropriately any information the FCA would reasonably expect to know |
5. Annual F&P certification. SMF holders must be re-assessed for fitness and propriety each year. Our F&P assessment guide walks through the process.
Becoming an SMF holder
A new Senior Manager has to be approved by the FCA before they can perform the function. The application is via Form A under SUP 10C.9. The FCA considers the candidate's fitness and propriety and may interview them. Approval can take 1–3 months. The firm must not allow the person to act in the SMF until approval is granted.
When an SMF holder leaves a function, the firm must notify the FCA via Form C within 7 business days. If they leave because of misconduct or a significant concern, the firm must explain — under SUP 15.3 notification rules.
Tier 2: Certification Staff
The certification regime covers people who are not SMF holders but whose roles could cause significant harm to customers or the firm. The FCA does not pre-approve certification staff — the firm must certify them as fit and proper, every year, and re-certify annually.
Common certification functions at small firms include:
- Customer-dealing function (CF30) — anyone who deals directly with retail clients on regulated business (financial advisers at IFAs, mortgage advisers, insurance advisers)
- CASS oversight function — the person responsible for client money / client assets (where applicable)
- Material risk taker — anyone whose role could materially affect the firm's risk profile (rare at small firms)
The list is in SYSC 27 with category-specific functions in surrounding sections.
What certification involves
For each certified person, every year the firm must:
- Gather inputs (performance, conduct breach record, self-declaration, training records)
- Apply the FIT 2 considerations (honesty/integrity/reputation, competence/capability, financial soundness)
- Issue a written certificate of fitness and propriety, signed by an SMF holder
- Maintain records for the duration of employment plus six years
Certification is a continuous obligation, not just an annual snapshot. If a trigger event occurs during the year (conduct rule breach, criminal conviction, financial difficulty, NFM finding), the firm must re-assess outside the annual cycle.
A certified person whose certification is withdrawn cannot continue to perform the certified function. The firm must tell the person, update the FCA's Directory, and notify under SUP 15 if there are regulatory implications.
Tier 3: Conduct Rules Staff
Conduct rules apply to almost everyone at an FCA-regulated firm — not just senior managers and certified staff. The exceptions are narrow: ancillary staff (e.g. cleaners, security guards) whose role has no FCA-regulated component.
For a small IFA with 8 employees including the principal, an adviser, an administrator, and a paraplanner, the breakdown might be:
| Person | Tier | Why |
|---|---|---|
| Principal | SMF1 + SMF16 + SMF17 | Senior Manager (multiple SMFs) |
| Adviser | Certified (CF30) | Customer-dealing function |
| Paraplanner | Certified (depending on role) | If they advise customers, CF30 |
| Administrator | Conduct rules staff | Not SMF, not certified |
The five individual conduct rules
The individual conduct rules are listed in COCON 2.1. Plain-English version:
| Rule | What it means |
|---|---|
| Rule 1 | Act with integrity |
| Rule 2 | Act with due skill, care, and diligence |
| Rule 3 | Be open and cooperative with the FCA, PRA, and other regulators |
| Rule 4 | Pay due regard to the interests of customers and treat them fairly |
| Rule 5 | Observe proper standards of market conduct |
For the full breakdown of each rule and how it applies to small firms, see our COCON conduct rules guide.
What the firm has to do for conduct rules staff
For each conduct rules person, the firm must:
- Train them — make sure they understand the rules that apply to their role, with practical examples
- Identify breaches — have a way to detect when a rule has been broken (HR reports, supervisory observations, complaints)
- Investigate suspected breaches — using a documented process
- Report breaches to the FCA — via the annual REP008 return for conduct rules staff
- Take action where appropriate — disciplinary, training, supervision, or escalation to F&P
How PS25/23 changes the picture from 1 September 2026
PS25/23 does not create a new tier or a new role. It expands the scope of behaviour that engages the existing conduct rules — specifically, the individual conduct rules at Tier 3 and the senior manager conduct rules at Tier 1.
The changes:
1. New rule, COCON 1.1.7FR. Makes explicit that the individual conduct rules apply to serious non-financial misconduct (bullying, harassment, sexual misconduct, discrimination, violence with sufficient connection to work) at non-bank firms.
2. Updated FCA guidance on which rules NFM can engage:
| Conduct rule | How NFM can engage it |
|---|---|
| Rule 1 (integrity) | Bullying, harassment, or discrimination demonstrates a lack of integrity |
| Rule 2 (skill, care, diligence) | A manager mishandling an NFM allegation may breach Rule 2 |
| SC1 (control of business) | A senior manager who fails to establish NFM processes breaches SC1 |
| SC2 (regulatory compliance) | A senior manager who fails to ensure NFM compliance breaches SC2 |
3. F&P assessment guidance — serious NFM is now a relevant factor in F&P assessments under FIT 2.2.
4. Existing reporting mechanisms apply. REP008 for non-SMF conduct breaches. SUP 15.3 for SMF breaches within 7 business days.
For practical preparation steps, see our PS25/23 deadline guide and what small firms must do before September 2026.
SMCR for a small firm in practice
What does SMCR actually look like at, say, a 6-person mortgage broker?
Senior Manager: The principal holds SMF1 (CEO), SMF16 (Compliance Oversight), and SMF17 (MLRO). They have a Statement of Responsibilities filed with the FCA. They've been allocated all the Prescribed Responsibilities. They have to comply with the four senior manager conduct rules and undergo annual F&P assessment.
Certified staff: The four mortgage advisers each hold CF30. They undergo annual F&P assessment, are certified by the principal, and appear on the FCA Directory.
Conduct rules staff: The administrator does not hold a certification function but is conduct rules staff. They are trained on the five individual conduct rules and any breaches are reported via REP008.
Annual cadence:
- F&P assessments for SMF + certified staff (typically March–April for many firms aligning with year-end)
- Conduct rules training (annual refresher)
- Compliance manual review (including SoR for SMF holders)
- REP008 submission (annual, covering conduct rule breaches in the prior year)
- Directory updates (when staff change roles, leave, or are appointed)
Ongoing:
- Notify FCA of SMF appointments via Form A (pre-approval) and departures via Form C (within 7 business days)
- Notify SUP 15.3 for material conduct issues
- Re-assess F&P on trigger events outside the annual cycle
From 1 September 2026, add NFM monitoring and investigation to the ongoing list.
Three things small firms get wrong about SMCR
1. Treating SMCR as a one-time setup task. It isn't. SMCR is a continuous obligation. Statements of Responsibilities need updating when roles change. Certification has to happen every year. Conduct rules apply every day. Reporting deadlines (REP008, SUP 15) recur annually or on trigger.
2. Underestimating the Duty of Responsibility. The personal accountability of SMF holders is the central feature of SMCR. The FCA can and does take action against individual senior managers — not just firms. Every SMF holder should be able to explain what they are accountable for and how they discharge that accountability.
3. Assuming size protects them. Smaller firms get less FCA scrutiny on average, but enforcement actions against principals at small firms do happen — particularly where there has been customer detriment, money laundering failures, or significant conduct issues. The regime applies the same way regardless of firm size.
What to do next
If you are setting up SMCR or reviewing your existing implementation:
- Use our COCON conduct rules guide for a deep-dive on the individual rules
- Use our F&P assessment guide to walk through the annual certification process
- Use our PS25/23 deadline guide to prepare for the 1 September 2026 changes
- Test your conduct rule mapping with our COCON Conduct Rules Self-Assessment
- If you are evaluating compliance tools, our guide on compliance software for small firms covers what to look for and what to avoid
SMCR is a framework, not a software product. The framework can be implemented with paper records, spreadsheets, or specialist tooling — what matters to the FCA is that the framework is applied consistently and documented.
Sources
- Senior Managers and Certification Regime (FCA)
- SMCR — Solo-regulated firms (FCA)
- COCON — Code of Conduct sourcebook (FCA Handbook PDF)
- COCON 2.1 — Individual conduct rules (FCA Handbook)
- COCON 3.1 — Senior conduct rules (FCA Handbook)
- SUP 10C — FCA senior management arrangements (FCA Handbook)
- SUP 10C.9 — Forms and notifications (FCA Handbook)
- SUP 15.3 — Notification requirements (FCA Handbook)
- FIT 2.2 — Fitness and propriety assessment (FCA Handbook)
- FCA Directory of certified persons
- PS25/23 — Tackling non-financial misconduct in financial services
This guide is for general information only and does not constitute legal or regulatory advice. Last reviewed: 21 April 2026.