The highly anticipated FCA Consultation Paper (CP17/25) on the extension of the Senior Managers and Certification Regime (SMCR) to all financial services firms was released yesterday, 26 July 2017. The SMCR is already place for banks, building societies, credit unions and PRA designated investment firms.

The proposals are designed to develop an accountability system that focuses on senior manager and individual responsibility, and it forms a key part of the FCA’s ‘Culture & Governance Priority’ with an overarching aim to reduce harm to consumers.

Deloitte has worked closely with a range of banks and insurers since the proposed SMR rules were first announced in July 2014. Currently we are assisting our asset management clients and other financial services firms to prepare for the extension. Our extensive experience to date suggests early engagement from firms is vital to prepare for implementation of the proposed changes. Below we outline the key components of the extension and steps which firms should be taking in order to prepare for implementation in 2018. 

Categorisation of firms in scope of SMCR extension

The extended SMCR will impact a diverse and extensive range of firms, with varying business models and governance structures. Accordingly, the FCA has proposed to take a proportionate and flexible approach; splitting SMCR requirements into ‘limited’, ‘core’ and ‘enhanced’ categories*.

  • Limited Scope Firms – will have fewer requirements than Core Firms and covers firms which currently have a limited application of APER;
  • Core Firms – will have a baseline of SMCR requirements, most firms will fall within this category; and
  • Enhanced Firms – approximately 1% of firms who will be subject to additional requirements.

*Which category a firm falls into will depend upon its size, complexity and potential impact on consumers.

The below flowchart as outlined on page 14 of CP17/25 can assist firms to determine if the Limited, Core or Enhanced regime applies. 

Figure 1


The SMCR extension echoes existing requirements already in place for banks

The proposed extension requirements reflects the three existing components of SMCR:

Senior Managers Regime - Senior Management Functions (“SMFs”) will replace existing Significant Influence Functions outlined in APER.  SMFs are likely to be those individuals in a firm who are decision makers and who have the greatest potential to cause harm or impact upon market integrity and include roles such as the Chair, Chief Executive, Executive Directors, Partners, Compliance Oversight, and Money Laundering Reporting Officer. SMF allocation will be dependent on whether the firm is categorised as a Limited, Core or Enhanced firm.

Certification Regime - requires firms to annually certify the fitness and propriety of certain key employees in ‘significant harm-functions’ that could “have a big impact on customers, the firm and/or market integrity”. This replaces FCA regulatory approval for individuals who are not Senior Managers and include roles such as persons holding a significant management function, traders, CASS oversight, client dealing roles, material risk takers, and anyone who supervises or manages persons performing a role that is required to be certified.

Conduct rules – seek to replace existing Approved Persons principles with a “new set of enforceable rules that set basic standards of good personal conduct, against which the regulator can hold individuals to account”.

The SMCR for insurers

Insurers already apply a revised version of the Approved Persons Regime (APER) and the Senior Insurance Managers Regime (SIMR). The PRA and FCA are separately consulting on extending the SMCR to insurers and PRA CP14/17 and FCA CP17/26 respectively were also published on 26 July.

Some of the key proposed changes for insurers include:

  • The application of the Certification Regime which will apply to employees who are not SMFs but who hold a role which could cause significant harm to the firm or its customers;
  • The application of the Conduct Rules which propose new, high-level standards of behaviour that will apply to almost all employees who undertake activities within a firm;
  • The application of the Duty of Responsibility, which will enable the regulators to hold Senior Managers in insurance firms accountable if a breach of a regulatory requirement occurs in their area of responsibility; and
  • Amendments to the Prescribed Responsibilities that firms will need to allocate amongst SMFs. 

Additional changes for banks

The FCA has also proposed some changes to the existing SMCR for banks:

  • An additional Prescribed Responsibility has been proposed which requires the SMF to make sure that the firm trains its staff in Conduct Rules and complies with the FCA notification requirements.
  • Applying the Partner Senior Management Function (SMF 27) to banking firms.

What steps should firms be taking now?

The consultation will close on 3 November 2017. A Policy Statement containing final rules is expected in summer 2018. Our extensive experience of implementation of the SMCR within the banking sector suggests early engagement from firms will be vital to prepare for the changes proposed within CP17/25. The key areas in which firms can make progress now are:

  • Identify a dedicated and senior project sponsor early to allow for adequate planning and assignment of responsibility for the implementation of SMCR;
  • Determine whether the ‘limited’, ‘core’ or the ‘enhanced’ regime will apply and the scope of the changes required;
  • Socialise the SMCR requirements to senior management to ensure early engagement and assist with the transition process;
  • Reflect on whether current governance arrangements are clear, transparent and aligned to legal entity structure;
  • Determine the impact to your firm’s functions and processes, start mapping changes that are needed to meet SMCR requirements particularly employee processes; and
  • Consider any key issues that the SMCR brings to your firm and feed this back within the consultation process. 

Natasha de Soysa - Partner, Governance in Financial Services, Deloitte

Natasha leads Deloitte’s Financial Service Governance practice in the UK and across EMEA. She brings insight into the practical challenges associated with developing, implementing and reviewing governance frameworks. Natasha has worked with a number of FTSE 100 banks and insurers, as well as global financial institutions headquartered overseas on structural reform-related development of governance frameworks, board evaluations and internal audits of governance. Over the last 18 months Natasha has worked with many firms to implement the Senior Managers Regime and Senior Insurance Managers Regime.

Email | LinkedIn

Chan Cindy

Cindy Chan - Partner, Risk Advisory, Deloitte

Cindy Chan has over 19 years of financial services consulting and audit experience. She has extensive experience in supporting firms in regulatory risk assurance reviews and conduct risk projects including complaints handling, product development and governance, sales and suitability assurance, as well as Section 166 Skilled Person reviews and enforcement cases.

Email | LinkedIn

Cq5dam.web.231.231.desktop (1)

Dominic Graham - Director, Risk Advisory, Deloitte

Dominic has over 20 years’ experience in delivering regulatory change projects. He is a highly experienced programme manager with a technical focus on the UK regulators’ expectations on banking firms’ governance arrangements. He is Deloitte’s lead Director for both the Senior Manager Regime and Skilled Persons Reviews. 

Email | LinkedIn


Rebecca Walsh - Manager, Financial Services Risk Advisory, Deloitte

Rebecca specialises in Governance and Senior Management Arrangements within Financial Services Firms. She has extensive experience of advising firms on achieving successful implementation and ongoing compliance with the requirements and application of the Senior Managers and Certification Regime (SMCR) for a range of banking, insurance and investment firms.

Email | LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.