The Senior Managers and Certification Regime: accountability in transition

The Senior Managers and Certification Regime was built to fix a specific problem. After the financial crisis, it had become impossible, in too many cases, to identify who at a regulated firm was actually responsible when things went wrong. The regime was the regulator’s answer: name the people, write down what they own, and hold them personally to it.

It has spent a decade doing exactly that. And it is now being substantially reshaped.

The FCA, the PRA and HM Treasury have now published the outcomes of their joint review of the regime. Taken together, the reforms distinguish among changes that are already in force, those that have been confirmed and are scheduled to come into force, and those that still depend on legislation. This is the most significant adjustment to senior management accountability in UK financial services since the regime began.

It is worth being clear about what it does and does not change.

What the regime actually does

The Senior Managers and Certification Regime sits in the FCA Handbook, primarily in SYSC, SUP and COCON, and in the PRA Rulebook for dual-regulated firms. It rests on four components.

The first is the Senior Managers Regime. Senior Management Functions, or SMFs, are the roles the regulator has decided require pre-approval. Under section 59 of the Financial Services and Markets Act 2000, anyone performing the role must be approved before taking it up. The list runs from the chief executive (SMF1) and the chairman (SMF9) through to the money laundering reporting officer (SMF17) and others. Each approved senior manager must have a written Statement of Responsibilities setting out, in plain terms, what they are personally accountable for. Firms above a certain size also maintain a Management Responsibilities Map showing how senior accountability fits together across the organisation.

The second is Prescribed Responsibilities. The regulator has specified a defined list of responsibilities that must be allocated to a named senior manager in scope. These cannot be left unallocated. They cannot be left to a committee. They belong to a person, and that person is accountable for them.

The third is the Certification Regime. This covers people who are not senior managers but hold roles that could cause significant harm to the firm or its customers. Under sections 63E and 63F of the Financial Services and Markets Act 2000, firms must assess these individuals as fit and proper and issue certificates to those found fit and proper at least annually. The regulator does not approve them directly. The firm carries that responsibility.

The fourth is the Conduct Rules in COCON. These apply broadly across regulated staff and set out individual standards of conduct, including acting with integrity, with due skill, care and diligence, being open and cooperative with regulators, paying due regard to customer interests, and observing proper standards of market conduct. Senior managers have additional rules on top, including the duty to take reasonable steps to ensure the business of the firm for which they are responsible is controlled effectively.

The structure is straightforward. If something goes wrong in your area, the regulator can find the document with your name on it, see what you said you would do, and ask whether you did it.

What is changing under the current reform package

The current reform package is largely a clean-up. The regulators describe it as making the regime more efficient and proportionate without weakening individual accountability. That is broadly right. The changes are useful, but they do not alter the structure of the regime.

Most of the current reforms are already in force. The main rule changes took effect on 24 April 2026. Improvements to regulatory reporting and processes are scheduled to apply from 10 July 2026. The changes aligned with the non-financial misconduct reforms are scheduled to apply from 1 September 2026.

One of the most practically helpful changes concerns the twelve-week rule. Under the previous version, if a senior manager left and a replacement needed to step in to cover, the firm had twelve weeks to submit and obtain approval for the new SMF. The revised rule gives firms twelve weeks to submit the application, and the candidate can act in the role until the FCA determines it. The accountability has not gone away. The procedural timetable has been adjusted to reflect better how approvals work in practice.

Criminal record checks have also been adjusted. The validity period for an SMF candidate’s check has been extended from three months to six. Checks are no longer required for internal moves within the firm or moves within a group. Neither of those changes weakens the underlying fit and proper test. They remove a duplication that adds cost and time without adding assurance.

The FCA has added Handbook guidance on the scope of SMF7, the Group Entity Senior Manager function, intended to reduce unnecessary applications where the individual does not actually meet the threshold. It has also clarified expectations around SMF18 and SMF22. For Prescribed Responsibilities, new guidance helps firms allocate them sensibly, including in circumstances where it makes sense to split a responsibility across more than one senior manager.

Statements of Responsibilities and Management Responsibilities Maps have been given more breathing room. Both solo-regulated and dual-regulated firms now have up to six months to notify changes, rather than the previous, tighter requirement. This reflects the reality that organisations restructure, redistribute responsibilities and run handover periods, and the documents need time to catch up.

The enhanced firm thresholds have been raised by around thirty per cent, with periodic reviews to keep them in line with inflation. The AUM threshold moves from £50 billion to £65 billion. Consumer credit lending revenue moves from £100 million to £130 million. The intermediary-regulated business revenue threshold increases from £35 million to £45 million. The practical effect is that the more onerous Enhanced SMCR regime will catch fewer firms, although the extent of any movement will depend on firms’ individual circumstances.

The non-financial misconduct rules

The non-financial misconduct changes will have the longest practical reach. The FCA has finalised them, but they are not yet in force. They are due to take effect later in 2026, with corresponding adjustments to COCON brought through in the current reform package.

Until now, the position has been uneven. The Conduct Rules in COCON have applied broadly across banks, and bullying or harassment in that context has long been capable of constituting a breach. For non-banks, the scope of COCON has been narrower, generally limited to conduct related to regulated activities. The FCA’s recent reforms close that gap.

A new rule, COCON 1.1.7FR, makes clear that serious non-financial misconduct, including bullying, harassment and violence towards a colleague, where there is a sufficient work-related link, can amount to a breach of the Conduct Rules at any SMCR firm. The FCA has published accompanying guidance, including flow diagrams, to help firms determine when COCON is engaged, where the boundary between work and private life lies, and what reasonable steps a manager is expected to take.

The Fit and Proper test has also been clarified. Non-financial misconduct can be relevant to a fitness and propriety assessment, including conduct outside work where there is a material risk it will be repeated at work, or where it is so serious that it materially risks damaging public confidence in the financial system. The FCA has been careful to say that firms are not expected to investigate trivial or implausible private-life allegations, and are not expected to monitor employees’ social media proactively.

The practical effect, for senior managers, is that the scope of conduct that can be raised with the regulator on a Form D has widened. The practical effect for firms is that HR processes, disciplinary frameworks, regulatory reference templates, and conduct rule breach reporting all need to be checked against the new rules well before September.

What may change next

The more substantive reform depends on legislation. HM Treasury has confirmed that it intends to amend the Financial Services and Markets Act 2000 to remove the Certification Regime from primary legislation and hand the framework to the FCA and PRA, allowing the regulators to design a more proportionate replacement in their own rulebooks. HM Treasury has also indicated that the regulators will be given flexibility to reduce the number of Senior Management Functions and to allow some current SMF roles to become notification-only rather than pre-approval.

Two points are worth clarifying. The first is that removing the Certification Regime from legislation does not mean firms stop certifying staff. The FCA has been explicit that it is designing a replacement and that firms should continue to operate the current regime until a new framework is in place. The second is that timing remains uncertain. The FCA has said it expects to consult later in 2026, but the legislative changes themselves are subject to the parliamentary timetable. Anyone planning operating model changes based on a particular legislative outcome is moving too early.

The broader direction still matters. HM Treasury has indicated a clear intention to reduce the regulatory burden associated with the regime. That points towards a lighter procedural framework, while leaving the core accountability principle in place. The eventual shape of that reform will depend on the legislation and on the regulators’ later consultation.

What good looks like

The firms where the regime works well share a consistent set of features, and the reforms do not change any of them.

The Statements of Responsibilities are real documents. They describe what a senior manager actually does, in language a regulator can read, and a successor can step into. They are not generic role descriptions copied from a template. They are updated when responsibilities move.

The Management Responsibilities Map is treated as a live document, not an annual compliance exercise. It is reviewed when the organisation changes shape. It is read by the people whose names appear on it, who notice when something shifts into their patch without being told.

Prescribed Responsibilities are properly allocated. Where the regime allows splitting a responsibility across more than one senior manager, that allocation is deliberate and documented, not a way to avoid a single point of accountability. Where a Prescribed Responsibility sits with a senior manager who lacks the authority, resources, or information to actually discharge it, that is treated as a problem to be fixed, not a fact to be managed around.

Conduct Rule breaches are taken seriously. Firms know that what they choose to investigate, how they investigate, and what they decide tells the regulator more about their culture than any number of policies. The non-financial misconduct rules will sharpen this. The firms that have already invested in honest reporting will find the September 2026 transition straightforward. The firms that have treated breach decisions as an internal HR matter, separate from the regulator’s view, will not.

And the boardroom takes the regime seriously, in the proper sense. The senior managers know what they have signed up to. They ask each other the questions the regulator would ask. They expect to be able to explain, in plain English, how they discharged their responsibilities in the period under review. That habit is the regime’s whole point.

A final thought

It would be easy to read the current changes and the direction of later reform as a softening of the regime. It is better understood as a simplification of the process. The regulators have been explicit that reducing the procedure does not reduce the substantive accountability standard. The Treasury’s burden-reduction objective is about administrative cost, not about personal accountability.

The regulators are stripping back procedural complexity so they, and the firms they supervise, can focus on what the regime is for: naming the people, writing down what they own, and holding them personally to it. That has not changed. The likely effect of later reform is a lighter procedural framework without any retreat from the core accountability principle.

Firms that have built their accountability frameworks properly will benefit from the reforms. Firms that have treated SMCR as a paperwork exercise will find the next round of change uncomfortable. The non-financial misconduct changes later in 2026 will be an early practical test of which category an organisation sits in.

The regime is changing. The accountability principle is not.