Reimagining your SM&CR Compliance Strategy: Getting Started (Part One)

A fundamental shift is playing out across financial services in the UK, with upcoming Senior Managers and Certification Regime (SM&CR) regulation holding leaders to unprecedented levels of accountability. While many firms may understand the terms of the new regulation on paper, they may be unsure of its practical implications across technology, processes, and people. This regulation places criminal and financial responsibility on senior managers in the UK financial services sector. SM&CR will make them personally liable for their employee’s actions and introduce annual individual fitness and propriety testing. Ultimately, the regulation aims to urge governance-related improvements in financial services firms—fostering cultures of accountability to prevent criminal activity from happening in the first place.

The SM&CR was enacted by the Financial Conduct Authority (FCA) to replace the existing Approved Persons Regime. The goal of imposing a “duty of responsibility” and improving accountability is to remove ambiguity, and clarify individual responsibilities inside financial services firms. The FCA wants to see a cultural change through a genuine interest by the industry, rather than by firms merely “checking the box”.

This new regulation has three key parts:

  • Senior managers are accountable for the actions of their teams and personally liable if something goes wrong
  • Material risk takers—defined by the FCA as those whose professional activities have a material impact on an institution’s risk profile—must confirm their “fitness, skill, and propriety” through an annual certification
  • The introduction of five conduct rules to FCA-authorised firms:


  1. Act with integrity
  2. Act with due care, skill, and diligence
  3. Be open and cooperative with regulators
  4. Pay due regard to customer interests and treat them fairly
  5. Observe proper standards of market conduct
  6. Phase one became effective in March 2016 and impacts banks, building societies, credit unions, and dual-regulated investment firms. Phase two – to be implemented over 2018 and 2019 – is expected to impact all regulated financial services firms, including wealth management and consumer credit. Firms covered under the new regulation must assess the impact of the new accountability and responsibility rules.

Why is this important now? The biggest takeaway for your organisation is simply to get started with the actionable steps that you can take today:



  • Determine who your certified people are.
  • Communicate the timeline and implications to these individuals. Conduct rules are good practice to implement and make real in your organisation. We have seen this in our previous work helping a leading bank to design program and responsibility assignments that helped to advance the organisations regulatory compliance priorities.
  • Consider conducting a high-level impact assessment to identify where the change will hit the business the most, mapping incremental changes to make the transformation less painful, and ensuring that key stakeholders are prepared for compliance.

While these short-term action items can help organisations prepare for immediate regulatory needs, the real opportunity is for firms to look beyond the walls of their organisation and examine the implications for customers: their most important stakeholders. We believe the SM&CR presents a greater opportunity for firms to establish reimagined, more customer-centric cultures. Putting this theory into practice in prior regulatory scenarios, North Highland helped one leading bank segment its customers based on need and service access, using insight from the segmentation to redesign how advisors assessed their clients’ financial situations. In the next part of this series, we’ll explore how the SM&CR presents a similar opportunity, enabling organisations to re-orient their cultures around customer-centricity and provide differentiated experiences to customers.

Click here to read Part 2 of this series.