Senior Managers and Certification Regime: What You Need

Why does the Senior Managers and Certification Regime matter for your business?

The Senior Managers and Certification Regime protects your reputation and builds trust with clients. It sets clear accountability standards, reduces risk, and keeps your business compliant. By following SMCR, you show integrity and help to safeguard the future of your business.

The Senior Managers and Certification Regime (SMCR) has been in operation since 2016, originally designed as a background check to increase operational integrity and conduct across the financial services sector. While those core principles remain at the heart of SMCR today, we must acknowledge that the sector – and society as a whole – is very different today, and this regulatory obligation is more important than ever.

What businesses must follow SMCR conduct rules?

SMCR conduct rules affect:

• Banks
• Credit unions
• Dual-regulated insurers, which are those regulated by the FCA and PRA
• All FCA-regulated firms, such as investment managers, financial advisers, insurance brokers and mortgage lenders/brokers.
• Consumer credit providers such as retailers offering store credit and automotive businesses that offer financial products.

SMCR conduct rules apply if your organisation carries out regulated financial services activities or employs individuals who could cause harm to customers or markets.

Support staff (e.g. receptionists, cleaners, IT support) whose roles do not relate to financial services are exempt from SMCR.

Less obvious businesses where SMCR applies

Even if your core business isn’t finance, if your company offers store credit or automotive finance then staff involved in regulated activities such as credit agreements or finance operations must comply with the conduct rules.

You can check for FCA regulated companies on the FCA’s Financial Services Register.

Even if you aren’t in the financial space or legally obliged to comply with conduct rules, we recommend that it’s beneficial and good practice to do so voluntarily, as SMCR conduct rules can provide a [[link to benefits section]]range of benefits[[/]].

How often should SMCR checks be completed?

SMCR is not a one-time check. Ongoing screening and regular recertification checks are vital for all FCA-regulated businesses, albeit the frequencies of these may differ. Typically SMCR checks should be conducted when an employee is first hired and every year thereafter.

That’s why, as well as including different checking processes for new hires and existing employees, tailored screening for specific roles should be mapped out to avoid over- or under-screening.

What are the benefits of SMCR?

Ensures compliance with regulatory requirements

Employee screening and background checks are one of the most effective ways for firms to ensure they comply with regulations and legal obligations. This in turn helps your business avoid non-compliance penalties, which can be anything from fines and financial restrictions to custodial sentences.

Establishes strong governance and accountability

SMCR conduct rules centre around integrity, managing risks responsibly, and treating customers fairly, which are all principles that arguably form the foundation to any trustworthy and well-run business. Putting this kind of due diligence in place shows everyone from your stakeholders to your customers, that you care about doing the right thing and hold your organisation to high standards.

Improves hiring and staffing quality

SMCR compliance requires individuals to have the appropriate level of knowledge, skills, and experience for their roles. By confirming that they meet these standards, you strengthen the overall caliber of your workforce. More than this you can reduce the chance of HR issues down the line, as you’ve hired competent staff with proven integrity.

Increases industry credibility and confidence

Investors, clients, customers, and partners alike value high standards and robust governance, and this expectation is increasing. By following SMCR conduct rules you show that your business is transparent and values trust and integrity. This in turn goes a long way in helping you stand out amongst competitors who may not hold themselves to the same high standards, particularly if they’re not legally bound to follow SMCR compliance.

Mitigates risk across the business

Risk management is at the core of SMCR helping to minimise regulatory, financial, operational, legal and reputational liabilities. Thorough employee screening can help confirm that those appointed to senior positions are fit and proper, and do not pose a risk to both stakeholders and your customers.

Protects customers

By ensuring that staff who hold positions of power and responsibility are appropriately vetted, you can be confident that they have the right skills and integrity to act in your customer’s best interest. In turn, this can foster stronger brand loyalty and positive sentiment amongst your consumers.

Sets the foundation for future business activities

This is a benefit for organisations not currently required to comply with SMCR, as it helps set the foundation in case you plan to expand into regulated activities or partner with regulated firms. Adopting a SMCR-style framework is good practice and prepares your business for a smooth and efficient transition into future regulated operations.

Strengthens company culture

Providing staff with a clear list of duties and conduct expectations while encouraging personal responsibility can bring a new dimension of quality and pride to the job, while reducing the risk of misconduct. This helps strengthen company culture, enhance performance, and ultimately improve your credibility and reputation.

A brief history of SMCR

Following the 2008 banking crisis and conduct failures, such as the manipulation of LIBOR, the Parliamentary Commission on Banking Standards (PCBS) was created to provide recommendations on how to improve standards across the banking sector.

The PCBS recommended a new accountability framework for senior managers, designed to clearly establish who is responsible for what within a financial institution, as well as encourage honesty and high-quality conduct standards at all levels of an organisation.

These regulations were initially just for the banking sector. However, further legislative changes extended the regime to all Financial Services and Markets Act 2000-authorised firms.

Elements of the SMCR and fit and proper test

What is the Senior Managers Regime?

The Senior Managers Regime is the first part of the legislation and states that those working in a senior position must be FCA- or PRA-approved before taking up the role. They must also be certified by both regulatory bodies at least once a year. The framework also expects companies to assign each senior manager a ‘statement of responsibilities’ that outlines their obligations and expected deliverables.

According to FCA guidelines, companies must be satisfied that a senior manager is fit and proper to perform the role. This can be assured by undertaking the appropriate due diligence, such as criminal record checks, credit checks, and directorship checks.

What is the ‘fit and proper’ test?

The HMRC ‘fit and proper’ test is a core component of SMCR as it is the benchmark in which individuals are checked against when assessing their suitability for a role. The test can be used for all staff, but is essential for company’s beneficial owners, officers, and managers (BOOMs), and should be carried out whenever a BOOM joins the business or moves to a new position.

This assessment is crucial within financial services, where it helps prevent individuals from using their position to commit fraud or mismanage funds. It’s also useful in sectors such as healthcare and education, where it helps ensure patient and child safety.

The ‘fit and proper’ test is made up of three parts:

1. Checking if the applicant has any unspent convictions.

2. Evaluating the risk that the business could be used for money laundering or terrorist financing.

3. Assessing the individual’s honesty, integrity, skills, experience, and financial soundness.

What is the Certification Regime?

The Certification Regime is the second part of the legislation and applies to ‘employees whose role means it’s possible for them to cause significant harm to the firm or its customers’.

These people do not have to be FCA- or PRA-approved, however, businesses must still ensure they are able to do their job competently and safely. Again, this is both when they start and once a year or more going forwards. Although certified employees aren’t required to undergo a criminal record check under SMCR, it’s usually good practice to do so.

What are the SMCR’s conduct rules?

The SMCR requires that a code of conduct – the conduct rules – are established annually to set basic standards of good personal conduct, against which the FCA can hold people to account. They apply to all employees and can help shape a company’s culture, standards, and policies, while also encouraging positive behaviours.

There are two tiers to the conduct rules, those for all staff members and those for senior managers specifically.

*Inapplicable for non-approved Non-Executive Directors.

**Applicable for non-approved Non-Executive Directors in limited-scope firms.

How to undertake SMCR checks

Every organisation will understandably have its own screening requirements specific to their company’s goals, roles, and needs. However, these initial steps will help create a strong foundation for any SMCR process:

1. Decide who will be responsible for the process, including whether they are performed in-house or outsourced (more on this route later).

2. Create a clear SMCR policy and include the specific checks required for each role, as well as assessment criteria. This will help standardise the process and ensure consistency.

3. Undertake the checks using industry-specific databases, such as the FCA register. This will give you a clear picture on whether an individual has been restricted or banned from working within financial services. It can also help verify their qualifications and experience.

It’s important to remember that different roles require different levels of checks. Having a clear framework in place will make sure you’re conducting the right ones for each position. Also, as well as typical new hire and regular rescreening checks, prepare a process for undertaking checks whenever someone gets promoted or changes roles.

Best practice for conducting SMCR checks

Consider the user journey

This is something many companies overlook, so can be an advantage in helping you attract and retain top talent. To get the information required for SMCR checks, your candidate or employee will need to answer questions and provide certain details. This process should feel smooth and effortless in order to provide an optimised and positive experience of your onboarding journey and overall brand. Using integrated systems means the user won’t have to input the same details for multiple background checks. This is something we can help with.

Ensure effective communication

Communicating clear and relevant information to your candidate throughout the checking process is important to not only provide a stress-free experience, as mentioned above, but in making sure you get all the information you need in one go. Any communication and messaging should be tailored for different candidate groups, such as new hires and existing staff.

Think of it as a cultural change

At its core, SMCR is to ensure the honesty, integrity, and capability of your workforce. The FCA is clear that compliance should not simply be seen as a ‘box-ticking exercise’ but rather a wider cultural shift within a business to help ensure transparency across the sector. Position your company’s thinking so everybody is clear on the ‘why’ behind these checks.

We can help

Outsourcing your SMCR checks with us can ensure peace of mind for your HR teams by freeing up the time, cost, and resource that goes into robust background screening.

• We’re the only FCA-regulated screening provider.
• Faster, more accurate financial checks using Experian’s own bureau data.
• Dedicated UK-based reference team – experts in regulated referencing and senior hires.
• Flexible, role-based screening with no unnecessary checks nor wasted spend.
• Seamless ATS integration for checks directly from your system.
• Digital ID and remote ID verification for fast bulk checks and rechecks.
• Enterprise-grade, UK-based, ISO-certified data security standards.
• Audit-ready reporting for internal or FCA audits.
• Trusted by regulated sectors with a proven record supporting banks, insurers, retailers and more.