Recognised CPD Badge (transparent) 24 (1)
The Senior Managers & Certification Regime (SM&CR) was first introduced in 2016 for banks and then phased in until it was finally extended to include the remaining regulated firms at the end of 2019.

SM&CR aims to encourage greater accountability within firms whilst holding individuals responsible for their actions. The impact has been felt by board members and front office staff alike. The Regime is built upon the basic building blocks of corporate governance, culture and controls. 

Responsibility throughout a firm: 

We’re all aware of the prescribed responsibilities and the need to appoint a senior manager to ensure obligations under SM&CR are met. What happens after those prescribed responsibilities are assigned?

SM&CR goes further than assigning individuals certain responsibilities. Yes, SM&CR is meant to encourage greater individual accountability, but it also means accountability within the firm as a whole. Hence the obligation to follow the Code of Conduct. How well do we assess compliance with the Code?

Room for improvement:

The regulators’ post implementation feedback indicated some positive messages. There was greater accountability at senior level and clarity of responsibilities. However, feedback also indicated the need to focus on assessing manager competence and implementation below the management grade. How can we assess and demonstrate competence? 

Often messages can be forgotten or become lost amongst everyday tasks. Pointing to the need for messages to be repeated… with consistency. Firms may have amended their pre-SM&CR processes, but they need to ensure that the right conduct is being demonstrated. 

Raising awareness: 

Maintaining visibility means everyone understands not just what the Regime is, but also how it affects them. This means understanding how SM&CR is demonstrated during the course of normal business. Tailored training is needed to breathe life into the subject matter so that the training is relevant to each person within the firm. SM&CR should not become something assessed annually when someone’s certification or annual review is due but demonstrated consistently throughout the year. 

Like TCF, it should be embedded within a firm, part of the company values and culture. Firms might gather data relating to both positive and negative behaviours, for example:

  • # of complaints raised by type
  • # of breaches raised and their root causes
  • Speed with which complaints are closed and issues resolved satisfactorily
  • # of successful quality assurance checks (eg call monitoring, file reviews, suitability assessments)
  • # of whistleblowing cases raised
  • Feedback from customers
  • Findings from monitoring and audit exercises 

Firms should consider the data available and how that data is used to support the corporate culture. Data could enable firms to identify any individual behaviours which are not acceptable as well as help identify development needs. 

In addition, firms have policies and procedures which staff are required to follow. What happens when someone doesn’t follow those procedures? How easily is it identified, recorded, escalated and resolved?

Where a firm has various systems within the business, how easily can data be shared between teams? If compliance identifies market abuse or a developing trend towards non-compliance, how does that feed into the HR processes for recordkeeping and competence assessments?

Data sharing: 

There is a great deal of regulatory focus on data collation. The FCA has indicated that the amount of data received has grown exponentially. This trend is set to continue. As the volume of regulatory reporting increases, there is an even greater challenge for firms to collate reliable data. One developing trend being discussed is the shift from pushing data to regulators to pulling data via APIs. This emphasises the importance of accurate, reliable and timely data not just to inform internal decision making and to take proactive action, but to provide reliable data to the authorities. 

How Ruleguard can help you: 

Ruleguard is an industry-leading software platform designed to help regulated firms manage the burden of evidencing and monitoring compliance. It has a range of tools to help firms fulfil their obligations across the UK, Europe and APAC regions. 

Our end-to-end technology solution is designed to help firms reduce the cost and regulatory risk arising from compliance with accountability regimes. Fitness and Propriety and Certification workflows allow you to automate the assessment of individuals joining the firm and on a regular basis afterwards. Conduct Rule training progress and Conduct Breaches can also be tracked with the same system. 

Dashboards and MI provide real-time insights and regular reporting outputs and give HR and Compliance teams the necessary reassurance that everything is on-track. 

Please contact us for further information on: Tel: 020 3965 2166 or hello@ruleguard.com

Compliance & Board Assurance_  Getting it Right


Ruleguard hosts regular events. 

To register your interest or learn more, please click here. 


White Papers:

Request a complimentary copy of our White Paper on Best Practice in Third-Party Risk Management click here. 

Further resources:

See our blog page for further articles or contact us via: hello@ruleguard.com 

Visit our website to find out more about how Ruleguard can help: 

Contact the author 


Head of Client Regulation| Ruleguard