A guide to background checks in financial services, banking and fintechClarifying the rules around background checks to protect your business
Guide
Why are background checks important?
In the highly regulated world of financial services, banking, and fintech, ensuring the integrity and competence of senior managers and certified employees is paramount. The Senior Managers and Certification Regime (SMCR) provides a framework for holding individuals accountable and protecting both customers and the wider market.
This guide aims to clarify the rules around background checks required under SMCR, offering insights into best practices for due diligence, the types of checks necessary for different roles, and the importance of ongoing verification. By understanding and implementing these checks, businesses can mitigate risks and uphold their reputation in a competitive industry.
The Senior Managers Regime vs The Certification Regime
The legislation[1] has two elements. It’s important to note that the requirements of the senior managers regime are different from those of the certification regime, as they apply to two separate groups of qualified individuals.
Senior Managers
Those with a statutory duty of responsibility to take reasonable steps to prevent regulatory breaches in the areas of the firm for which they are responsible.
Certified Employees
Those employees whose role means it’s possible for them to cause significant harm to the firm or its customers.
Traditional banks, financial services providers, and fintech are all required to comply with both parts of the SMCR regulation (as are dual-regulated providers) and ensure that they are performing the right checks for each group.
What is the Senior Managers and Certification Regime? Learn more by exploring our detailed guide.
What background checks are required for the Senior Managers Regime?
Under the Senior Managers Regime, businesses must complete thorough due diligence to confirm that their managers are qualified to carry out the regulatory duties assigned to them. This is known as the Fit and Proper Test for Approved Persons.
But beyond the minimum background check requirements, there are a number of other background checks that can inform hiring managers of the risks surrounding each candidate. Adverse findings do not necessarily mean that a candidate is removed from the hiring process; instead, it’s up to the employer to see which risks they can (and want to) mitigate.
It’s important to note that annual rechecks are required as part of the regulation.
It is a requirement for firms to perform annual assessments on the fitness and propriety of individuals. These assessments may include checks on an individual’s character, financial status, and criminal background.
As a best practice, we recommend performing the following checks annually on your SM&CR population. We can support you in determining the appropriate level of checks based on your background policy and employment risk matrix.
Background checks include:
- Identity
- Adverse Financial
- Criminal Record Check
- Global Sanctions
- Directorship Search
- Fraud Prevention
- Social Media
- Civil Litigation (if relevant)
What background checks are required for the Certification Regime?
Under the Certification Regime, businesses are again required to validate a candidate’s qualifications, competence and characteristics. You must confirm that candidates are ‘fit and proper’ to undertake the duties associated with the role, and then re-check on an annual basis.
Best practice for checks under the senior managers regime and the certificate regime include:
| Name of check | Description | Best practice checks for Senior Managers Regime | Best practice checks for Certification Regime |
| ID | Verification and validation of identity |  | |
| Adverse financial | Is there evidence of unfavourable finances, unpaid debts or a history of late payments? | | |
| Basic Criminal Record Check (CRC) * | Unspent convictions, cautions and reprimands | | |
| Standard Criminal Record Check (CRC) * | Spent and unspent convictions, cautions, reprimands, and warnings | | |
| 6 years occupational history | Proof of employment history | | |
| Qualifications | Verification of degrees, diplomas, professional courses and specialised qualifications | | |
| Sanctions | Restrictions on involvement in financial activities, typically due to criminal history | | |
| Civil litigation | Are there any ongoing or closed court cases (not involving criminal matters)? | | |
| CIFAS | Association with fraudulent behaviour or identity theft | | |
| Social media | Find, screen and analyse all accounts for risks | | |
| Professional membership | Verification of registration with required professional bodies and perform ongoing development | | |
| Gap analysis | Review the candidate’s prior experience and find out more about employment gaps | | |
| Right To Work | Verification of citizenship or the appropriate visas giving the candidate the right to work | | |
| FCA registers | Verification that the candidate is registered and authorised by the FCA | | |
| Directorship | Find history of past and present directorships, including any conflicts of interest | |
* Our team of experts can support determining the correct level of Criminal Record Check required for the specific role.
The key differences in our recommendations for your Senior Manager and Certified Regime are a Directorship Search and the level of Criminal Record Check you perform. Although not all the checks listed above are required, these are the checks we believe can provide you with a comprehensive view of an individual at the point of hiring and a continued assessment of their character in role.
We also recommend performing international checks on individuals who have resided overseas in the last five years.
When are banks, FinTechs and financial services institutions required to perform SMCR checks?
Providers regulated under the FCA and PRA are required to perform background checks in three scenarios:
#1
When they hire new senior managers or certified employees.
#2
When employees are internally promoted into one of these roles.
#3
An annual assessment of a person’s fitness and propriety to confirm any changes that may impact their ability to perform in the role.
How long do background checks take to complete?
On average, background checks for a regulated employee can take 2 to 4 weeks to complete. However, this can vary depending on several factors:
The extent of automation and digitisation used
and whether your background-checking platform integrates with the candidate hiring platform
The level of checks you are performing on an individual
The involvement of third-party providers
such as Criminal Record Bureaus and International Checks
Speed to hire is an important factor in today’s hiring market, especially because candidates are applying for multiple jobs within the financial services and fintech industry. HR teams should consider automation to efficiently screen and hire the best candidates where possible.
That being said, time savings are not the only benefit of automating the employment screening process within SMCR.
At a company where a single individual is tasked with performing all hiring checks, the perception might be that it’s cheaper to keep everything in-house. However, in terms of time savings and risk mitigation, especially from a GDPR point of view, an integrated background checking process can offer a real return on investment.
If you’re recording all the checks offline on spreadsheets, how are you ensuring that you’re purging the data correctly after the employee has left the organisation? Or re-checking as employees are internally promoted to new roles? There are many considerations.
James Marsden, Background Checking Specialist, Experian.
Key Takeaway
There are different recommendations for SM and CR background checks, and FCA businesses are required to perform these upon hiring and transfer, as well as re-checking annually. With speed to hire and risk mitigation both affecting financial organisations, automating the background checking process is key.
Do I need to complete background checks on entry-level staff?
Most definitely, background checks should be performed at every level, even though they’re not required by law. Not only is this generally good practice, but these checks can help to prevent reputational damage caused by adverse findings in the checks.
Regulated references vs standard employment references
Standard employment references typically go through the HR department, and include basic checks to verify identity, skillsets and performance. They are not specific to regulated industries, and past employers are not legally required to provide references.
Alternatively, regulated references take on more of a compliance angle, with insight into the ‘fit and proper’ status of employees. The FCA is involved in these checks, revealing any past disciplinary actions associated with the employee. Regulated references also include ‘fair’ references from past employers and are specific to regulated companies.
| Regulated references | Standard employment references | |
| Who performs this? | Compliance department | HR department |
| Requirements of past employers | Must provide fair references | Not legally required to provide references, but if they do, they must be fair |
| Regulatory involvement | Involves previous disciplinary action from the FCA and PRA (the regulators) | Does not involve regulators |
| Why is this performed? | To meet the ‘fit and proper’ requirements of SM and CR regulation | To validate the applicant’s claims in terms of identity and skills |
What background checks should you be performing on your non-SM&CR staff?
This can depend on various factors, including system access, infrastructure, and the roles and responsibilities of an individual. We can assist you with assessing your roles and determining the correct level of checks required to protect your business and employees.
As a baseline best practice, we recommend performing the following checks:
- Identity Check
- Adverse Financial Check
- Fraud Prevention Check
- Criminal Record Check (the role will determine the level required)
- Two to three years of occupational history depending on the role
Annual re-verification is as important for entry-level staff as those in senior roles.
Top tip for background checking
As a compliance or HR manager at an FCA-regulated company, you’re likely to be performing hundreds of background checks each year. If this is a slow and manual process for you, it’s safe to say that candidates are also feeling inconvenienced by the process.
Keep the top candidates engaged by removing the manual back-and-forth nature of SMCR checks. Partnering with a platform that can integrate with the most popular candidate platforms, like Workday, Success Factors and Oracle, streamlines the process and reduces friction for hiring managers and candidates alike.
Just because one bank does it one way, another bank on the same street could do it completely differently. As a regulated background checks provider, we can help support each bank to work out their own risk parameters in accordance with the results they’d find on the reports.
Kayleigh Haywood, Background Checking Consultant, Experian.
Key Takeaway
Fraud and reputational damage can be caused by employees at all levels. Although it’s not required by law to perform these checks, we highly recommend a thorough background screening process for all employees. It’s important you you understand which of your employees fall within the SM&CR roles. To save time, streamline the experience by integrating your background-checking provider into the candidate platform.
Should I hire high-risk candidates?
To help determine this, we recommend a thorough background checking policy and risk matrix, understanding the role of the employee, the checks you are performing, and the potential adverse information these can highlight. This allows you to decide as a business what risks you’re willing to accept and where you would like to implement a dispensation process.
When employment screening checks return adverse findings, following these policies (or setting them up if you haven’t already) will help you make difficult decisions without bias.
Imagine that a candidate’s report highlights a couple of CCJs that are not yet satisfied. The next step is to consider the level of outstanding payments, whether the person can afford to pay instalments, their risk for potential bribery/fraud, and their role within your business. You ask these questions while determining how these can fit into your employment risk matrix.
Kayleigh Haywood, Background Checking Consultant, Experian.
Key Takeaway
SM&CR checks provide you with the background data on potential and current employees, but it’s up to your compliance and HR teams to determine the level of risk associated with each candidate, with reference to your hiring policies. When deciding whether to hire ‘high-risk’ candidates, consider your risk matrix and the mitigation measures available.
Hiring with confidence
Screening for fraud, criminal history, and employment credentials is not only an SM&CR requirement, but it also helps compliance managers and HR personnel identify and manage the risks associated with every candidate in the hiring process.
As the only FCA-regulated background checking provider, our full range of background screening services support with your essential regulatory reporting. With a dedicated UK-based team, your account manager is only one phone call or email away when you need extra support or clarification.
Related products
[1] Senior Managers and Certification Regime, The Financial Conduct Authority
