management

SMCR for Financial Advice Firms: A Practical Compliance Guide

SMCR for Financial Advice Firms: A Practical Compliance Guide

Written by

Alan Gurung

Co-Founder & CEO

Sharing links

LinkedIn
Twitter / X
Email
Copy URL

See what Advisory AI does with your real meetings

Last updated •

Summarize with AI

Get articles like this monthly

See what Advisory AI does with your real meetings

TL;DR: Under SM&CR, named senior managers are personally accountable for specific responsibilities, with certification of relevant staff shifting from FCA pre-approval to annual internal review. The regime requires contemporaneous proof that reasonable steps were taken to prevent breaches, across the full spectrum of directly authorised firms from networks and consolidators to large institutions. Start with your statements of responsibility: if they no longer reflect actual accountability, every certification and conduct rule record built on top of them is structurally compromised.

SM&CR (also written SMCR in search contexts) creates individual regulatory accountability for named senior managers, requires firms to certify relevant staff annually, and applies conduct rules to almost all employees. When the FCA examines your files, it is not checking whether a policy exists. It is looking for contemporaneous proof that named individuals took reasonable steps to prevent breaches, at the point advice was given.

The December 2019 SM&CR extension brought every directly authorised financial advice firm inside the regime, and the bar rose further when Consumer Duty came into force for open products in July 2023, with full implementation completed by July 2024. This guide gives you a practical roadmap: how to map roles, draft compliant statements of responsibility, run annual fitness and propriety assessments, and build audit-ready files that hold up under scrutiny.

A Practical Guide to SMCR Requirements

The Senior Managers and Certification Regime reduces consumer harm and strengthens market integrity by making individuals personally accountable for their conduct and competence. The regime replaced the Approved Persons regime and changed where accountability sits: the FCA now examines whether named senior managers took reasonable steps to prevent breaches, rather than treating the firm as an undifferentiated entity.

According to FCA guidance, three categories of firm apply, proportionate to size and complexity:

  • Limited Scope: Exempt from some baseline requirements, typically firms with a narrow permissions set.

  • Core: Baseline requirements apply. Most financial advice firms fall here.

  • Enhanced: Applies to firms whose size, complexity, and market impact warrant additional requirements, including a formal Management Responsibilities Map.

For most financial advice firms, Core regime obligations centre on appointing the correct SMF holders, drafting compliant statements of responsibility, certifying relevant staff annually, and maintaining structured records of conduct rule training.

Mapping SMCR to Your Internal Roles

Firms below the Enhanced threshold often do not maintain dedicated single-function executives for every SMF, and dual or triple-hatted structures, where one individual holds SMF1, SMF16, and SMF17, are standard across firms operating leaner governance structures. SM&CR permits this arrangement provided each function carries its own Statement of Responsibility clearly describing the responsibilities for that specific role. At network and consolidator scale, the picture changes: multiple SMF holders, formal governance layers, and a Management Responsibilities Map make individual accountability lines explicit across a larger population of senior managers. The documentation obligation is the same in both structures, but the complexity of mapping it scales with the firm.

Breaking Down the 3 SMCR Pillars

SM&CR rests on three interlocking components, each with distinct documentation requirements:

  1. Senior Managers Regime: Covers designated SMF holders who require FCA pre-approval. Their responsibilities are fixed in a statement of responsibility.

  2. Certification Regime: Covers staff in roles that could cause significant harm to customers or the firm. Firms certify these individuals annually rather than seeking FCA approval for each person.

  3. Conduct Rules (COCON): Apply to almost all employees, with an additional four rules that apply only to senior managers. Firms must train staff on these rules and document that training.

The FCA's supervisory approach to SM&CR treats the three pillars as interlocking: gaps in certification evidence undermine conduct rule enforcement, and undocumented responsibilities leave senior managers unable to demonstrate they took reasonable steps to prevent breaches.

How SMCR Changed Accountability

Before SM&CR, it was possible for a firm to be found non-compliant without any individual being held personally responsible. The regime ended that position. Now, every prescribed responsibility is assigned to a named senior manager, and the statements of responsibility provide the FCA Enforcement team with a documented road map of accountability when something goes wrong.

Before SM&CR

Under SM&CR

Firm-level accountability only

Named individual accountability per prescribed responsibility

Approved Persons sign-off

Annual internal certification for relevant staff

FCA pre-approval for most senior roles

Pre-approval only for SMFs, firms certify the rest

Generic conduct standards

COCON rules applied role-specifically with training evidence required

Limited record-keeping structure

Contemporaneous, retrievable documentation required at all levels

How to Draft Effective Statements of Responsibility

A Statement of Responsibility (SoR) is the central document tying a named individual to their prescribed responsibilities within the firm. It is what the FCA reads first when investigating a breach, and what your senior managers rely on to demonstrate they acted within their defined scope. The SoR must be self-contained: it cannot reference other documents, and FCA guidance expects descriptions of each responsibility to be concise and sufficient for an FCA Enforcement officer to understand the scope of accountability without referring to any other document.

Mapping SMF Roles in Advice Firms

For IFA firms, the most commonly held SMFs are:

SMF

Function

Typical holder

SMF1

Chief Executive

Owner or Managing Director

SMF16

Compliance Oversight

Compliance Officer or Principal

SMF17

Money Laundering Reporting Officer

Often same as SMF16

SMF16 designates the individual personally accountable for the firm's compliance with FCA rules and serves as the primary regulatory contact alongside SMF1. For most financial advice firms, this is the most operationally sensitive function, as it now encompasses Consumer Duty implementation responsibility.

Phase 1 of the SM&CR reforms, effective 24 April 2026, changed the SMF application process materially. Firms now have 12 weeks to submit a replacement SMF application rather than to obtain approval within 12 weeks. The candidate may act in the role while the application is under review, with Senior Manager Conduct Rules applying throughout. The same reforms extended the validity period for criminal records checks for SMF candidates from three to six months, and removed the requirement for CRCs on internal or intragroup moves. These details are time-sensitive: confirm all Phase 1 reform specifics against the FCA's primary guidance before acting on them, as implementation details may have been updated since publication.

Drafting a Compliant SoR: Key Items

Every statement of responsibility must include:

  • The individual's full name and all SMFs they hold within the firm

  • A clear, specific description of each prescribed responsibility assigned to them

  • No cross-references to external policy documents or other files

  • A standalone summary sufficient for an FCA Enforcement officer to understand the scope of accountability

  • A date of preparation and version number to track updates

When Responsibility Maps Are Required

Management Responsibilities Maps are mandatory only for Enhanced firms. For Core financial advice firms they are not required, but are considered good governance practice where one individual holds multiple SMFs and clarity of accountability needs to be demonstrable. If your firm manages a complex multi-adviser structure or sits close to the Enhanced threshold, maintaining a responsibility map reduces the risk of accountability gaps appearing during a supervisory visit.

When to Update Your SMCR Statements

Update your statements of responsibility when:

  1. A senior manager's responsibilities change materially

  2. The firm reorganises its structure

  3. A new prescribed responsibility is introduced by the FCA

  4. An SMF holder leaves and their responsibilities transfer to another individual

FCA guidance expects updates when material changes occur, not only during scheduled annual reviews. Under the Phase 1 reforms effective 24 April 2026, firms have up to six months to notify the FCA of changes to SoRs following a structural or responsibility change, submitting only the latest version on a batched basis. This six-month window is a submission deadline, not a licence to leave internal records stale: the internal obligation to update documentation when a material change occurs remains immediate. This window applies to SoR updates, not to conduct rule breach notifications: breaches triggering disciplinary action carry a separate 7-business-day notification requirement under the SUP 15.11 conduct-reporting route. FCA forms were updated on 10 July 2026 under PS26/6: confirm the current form name against the FCA Handbook or with your compliance officer before submitting. New SMF appointments require prior FCA approval before the individual takes up the role.

How to Certify Your Firm's Relevant Staff

The Certification Regime transfers responsibility for approving relevant individuals from the FCA to the firm itself. Rather than seeking FCA pre-approval, you assess each individual annually and certify in writing that they are fit and proper to perform their function.

Which Staff Require SMCR Certification

Certification applies to individuals performing Certification Functions, roles the FCA identifies as carrying significant harm potential regardless of seniority. For IFA firms, the Client Dealing Function is commonly a key Certification Function. The FCA interprets this function to cover individuals who have contact with clients in connection with advising on investments or arranging deals and who exercise a significant amount of discretion, judgement, or technical skill. Financial advisers and wealth managers performing these functions require annual SM&CR certification. Administrative staff performing purely administrative functions with no involvement in client advice, and those who do not exercise significant discretion or judgement, typically do not require certification.

Mapping Staff to Certification Functions

Role

Certification required?

Certification function

Financial adviser (retail investment)

Yes

Client Dealing Function

Wealth manager (retail)

Yes

Client Dealing Function

Paraplanner (if advising or arranging)

Firm-specific: verify role scope

Client Dealing Function

Administrator (no client advice contact)

No

N/A

Annual Certification Sign-Off Procedures

The annual certification process for each relevant individual should follow this sequence:

  1. Gather evidence across the F&P pillars: honesty and integrity, competence and capability, financial soundness

  2. Review CPD records, complaints history, and any regulatory references received

  3. Conduct credit and criminal record checks where required

  4. Assess the evidence against the F&P standard

  5. Record the assessment outcome with supporting evidence retained on file

  6. Issue the written certificate, signed by an authorised individual

  7. File the certificate and all supporting evidence for the mandatory retention period

Managing Role Changes for Certified Staff

When a staff member moves from a non-certified to a certified role, you need to complete a full F&P assessment before they begin performing the Certification Function, not after. Moving from a certified to a non-certified role does not remove the obligation to retain historical certification records for the applicable retention period.

Who Must Follow SMCR Conduct Rules

The Conduct Rules (COCON) apply to almost all employees in FCA-regulated firms, not just senior managers or certified individuals. The primary exception is ancillary staff with no connection to regulated activities.

Individual Conduct Obligations

Five Individual Conduct Rules apply to all Conduct Rules staff:

  1. Act with integrity

  2. Act with due skill, care, and diligence

  3. Be open and cooperative with regulators (this includes not concealing relevant information or misleading the FCA)

  4. Pay due regard to the interests of customers (this covers not recommending unsuitable products or failing to disclose material conflicts)

  5. Observe proper standards of market conduct

These five rules, set out in COCON 2.1, establish the minimum standard of personal conduct expected of anyone working in UK financial services. Rule 6, which requires conduct rules staff to act to deliver good outcomes for retail customers, was added separately for firms covered by Consumer Duty.

Conduct Rules for Senior Managers

Senior managers carry four additional rules on top of the standard five:

  1. Take reasonable steps to ensure effective control of the business for which they are responsible (SC1)

  2. Take reasonable steps to ensure FCA compliance across the business of the firm (SC2)

  3. Take reasonable steps to ensure appropriate delegation and oversight when delegating functions (SC3)

  4. Disclose appropriately any information the FCA or PRA would reasonably expect notice of (SC4)

These additional rules impose heightened obligations on those holding senior management positions.

Maintaining a Clear Conduct Audit Trail

Documenting conduct rule compliance requires evidence of training and evidence of annual declarations. Keep a log recording each training session by date, content, and attendee confirmation, alongside annual written attestations from every member of Conduct Rules staff.

Evie records client meetings via Microsoft Teams, Zoom, and Google Meet, then generates structured notes with action items and a draft follow-up email. These notes can populate specific fields in the fact-find section of back office systems including Intelliflo, Plannr, Curo, and Xplan (such as personal information, investment details, and employment details), supporting the creation of contemporaneous records. You can see the Intelliflo integration in detail, and watch Evie's meeting notes in a live demo.

Meeting FCA Standards for Annual F&P Assessments

The FCA's fitness and propriety standard applies to every SMF holder and every certified individual. Assessments must be completed at least once every 12 months, and they must be substantive, not a rubber-stamp exercise. The FCA's supervisory expectations are that assessments will sometimes identify new issues and that some individuals will not pass.

Key Components of Annual F&P Reviews

The three pillars of fitness and propriety each carry specific evidential requirements:

  1. Honesty, integrity, and reputation: Regulatory references from previous employers, complaints history, any disciplinary actions, and declarations of proceedings or investigations.

  2. Competence and capability: CPD records and attendance logs, professional qualifications, role-specific competency assessments, and evidence that the individual has the time available to perform their function properly.

  3. Financial soundness: Credit checks, proof of no outstanding judgment debts, and personal insolvency searches.

Key Records for Fitness Assessments

The following must be held on file for every individual subject to annual certification:

  • Written F&P assessment with the outcome recorded and dated

  • Criminal record check results, obtained within the applicable validity period

  • Credit check results retained on file

  • Regulatory reference requests sent and references received, with assessment notes

  • CPD records covering the assessment period, verified against the requirements relevant to the individual's role

  • Performance appraisal documentation or equivalent competency evidence

  • Signed annual declaration from the individual

Structuring Your Annual Review Files

SYSC 9.1.1R requires records sufficient to enable the FCA to monitor compliance, which means complete, accurate, contemporaneous, and organised for efficient retrieval. For SM&CR purposes, firms must retain each superseded SoR version for the period required under SYSC record-keeping rules. The applicable retention period for solo-regulated firms should be confirmed against the FCA Handbook or with your compliance officer before setting your document retention policy.

The link between SM&CR records and Consumer Duty is direct. Firms must now show not just that controls exist, but that they work and improve outcomes over time. A gap in your SM&CR documentation creates immediate Consumer Duty vulnerability because the FCA expects firms to allocate clear senior-manager accountability for delivering good customer outcomes under the Consumer Duty, even though the Duty is not itself a prescribed responsibility under SM&CR.

Fixing Common SMCR Documentation Flaws

The most frequent structural flaws in annual F&P files are:

  • Sign-off without evidence: Assessments completed as a formal sign-off without documented evidence attached

  • Disconnected CPD records: CPD records held in a separate system with no link to the F&P file

  • Missing reference logs: Regulatory reference requests not logged, so there is no evidence they were sought

  • Unretained credit checks: Credit checks completed but results not retained on the individual's file

  • No SoR version history: Makes it impossible to establish what responsibilities applied at a specific point in time

Building an Audit-Ready SMCR File

An audit-ready file is not one assembled the week before a supervisory visit. It is current, structured, and retrievable on any working day without manual reconstruction.

Certification Evidence Checklist

Use this checklist to verify that each certified individual's file is complete before the annual sign-off date:

  • Statement of Responsibilities current and version-controlled

  • F&P assessment completed within the last 12 months with outcome recorded

  • Criminal record check completed within the applicable validity window

  • Credit check completed and result retained on file

  • Regulatory references requested from previous employers (if applicable)

  • Regulatory references received and assessed, with notes retained

  • CPD records covering the full assessment period, verified against role-specific requirements

  • Competency or performance evidence from the assessment period

  • Conduct Rules training attendance confirmed for the period

  • Annual conduct rules declaration signed and dated

  • Certification issued in writing by an authorised individual

  • All documents filed under the individual's name with clear date references

Linking Documentation to Prescribed Responsibilities

Each document in the audit file should reference the individual SMF or certification function it relates to. When an adviser signs off a suitability report, that action connects to the SMF16 holder's responsibility for compliance oversight. When a paraplanner completes a fact-find, the quality of that file becomes evidence in the annual competency assessment.

We built Colin to give you objective, documented proof of competence. Colin checks suitability reports and fact-finds against FCA Consumer Duty requirements and COBS standards, covering client profiling completeness, risk assessment adequacy, and recommendation suitability. It produces pass/fail results per compliance checkpoint with specific remediation guidance for any check that fails, so the evidence in your annual F&P file is objective and reproducible rather than based on subjective recall. Colin is system-agnostic: it works on any suitability report regardless of how it was generated, not only documents created within AdvisoryAI. You can watch Colin in a demo to see how the pass/fail output maps to specific Consumer Duty and COBS requirements.

Evidence for Conduct Rule Breaches

Your firm must report senior-manager conduct-rule breaches resulting in disciplinary action to the FCA within 7 business days of concluding that disciplinary action, under the SUP 15.11 conduct-reporting route. Report serious breaches immediately. Report breaches by non-senior managers to the FCA annually via REP008. Document every breach investigation with the date identified, the nature of the conduct, the steps taken to investigate, and the outcome, retaining this documentation even if you assess the breach as minor.

Evidencing Staff Competence

Colin's compliance reports can provide objective, reproducible evidence that a specific adviser's documentation met FCA standards on a specific date. Rather than relying on a narrative assessment, your F&P file can reference dated compliance reports with specific pass/fail results on a particular suitability report, with remediation guidance for any checks that did not pass. The FCA expects annual certifications to be substantive, and dated compliance records provide that substance in a form that is directly retrievable under examination conditions.

Key SMCR Gaps Caught During FCA Reviews

FCA supervisory feedback and compliance practitioners consistently identify the same categories of failure. Understanding them is the first step to avoiding them.

Keeping Responsibility Statements Current

Outdated statements of responsibility are a common structural gap. Firms update their SMF holders when a senior person leaves but do not revise the SoR to reflect changed responsibilities. The result is a document that no longer reflects the individual's actual scope, which creates enforcement risk if the firm is investigated for a breach that occurred during the gap between the real change and the updated statement.

Update responsibility statements when material changes occur, not just on an annual review cycle. Structural changes, regulatory updates, and individual role changes all trigger an internal obligation to update the SoR promptly. Where the change results in a conduct rule breach, your firm must notify the FCA within 7 business days of concluding any disciplinary action under the SUP 15.11 conduct-reporting route. Your firm must notify the FCA of SoR changes resulting from structural or responsibility changes within six months under the Phase 1 reforms. Assign both review triggers to named calendar events owned by the SMF16 holder so neither falls through the cracks during busy review seasons.

Weak Certification Sign-Off Evidence

Annual certifications that consist of a single page with a signature and no supporting evidence may not satisfy the FCA's expectation of a thorough assessment. The FCA expects active senior management oversight of the F&P process, including the possibility that some assessments will produce a fail outcome that triggers remediation. A file with a clean pass on every individual every year and no supporting evidence may invite scrutiny.

Fixing Gaps in Conduct Rule Assessments

Role-specific conduct rule training is a frequent gap. Firms conduct a general COCON induction when staff join and assume that satisfies the ongoing requirement. It does not. You must provide annual training that addresses the specific conduct risks relevant to each role, with attendance records retained. A general all-staff compliance update does not demonstrate that Client Dealing Function holders received training on the conduct rules most relevant to their client-facing responsibilities.

How to Organise SMCR Files for FCA Scrutiny

The structure of your compliance file matters as much as its content. A file that contains the right documents but cannot be navigated quickly under examination conditions fails to demonstrate the organised record-keeping standard the FCA requires.

Structuring Evidence for SMCR Audits

When an FCA supervisor asks how a specific client file was assessed, you need to retrieve the answer quickly and show your reasoning. Atlas is the AI chat and intelligence layer within which Evie and Colin operate as capabilities, and it provides a conversational interface across documentation and client history. Compliance officers can query the platform in natural language to retrieve answers, with responses showing live status updates during processing, analysing the request, searching for a client, and loading a profile, and providing access to the reasoning used to reach each answer. The input field locks during processing to prevent duplicate requests.

The reasoning persists with each conversation, so older queries remain auditable. You can run a query, see the answer, and access the reasoning that produced it, rather than manually reconstructing the decision from multiple documents.

Atlas's Adaptive Thinking, released May 2026, makes this reasoning visible in real time. Advisers and compliance officers see each step as it happens and can expand any thinking block to read the full reasoning behind an answer. Reasoning persists across sessions, so the full chain of reasoning behind any query remains accessible for review. For firms cautious about black-box AI, this provides oversight rather than novelty: Atlas does not hide its work.

Fund and product research capability is on the Atlas roadmap as a near-term development item. Firms should confirm current availability directly with AdvisoryAI. You can see Atlas in action in a demo walkthrough.

Verifying Staff Competence for the FCA

Colin's compliance reports can function as dated, objective evidence of ongoing quality control across the adviser team. Present these reports as part of the F&P evidence pack for each certified individual: a series of compliance results across the assessment period demonstrates not just that training was completed, but that competence is evidenced in actual advice output.

Annual Firm-Level Compliance Checklist

Use this firm-level checklist at the start of each annual cycle:

  • Review all SMF holder statements of responsibility for accuracy and currency

  • Confirm all prescribed responsibilities are assigned to a named SMF holder

  • Identify any structural changes in the past 12 months that require SoR updates

  • Schedule F&P assessments for all certified staff before anniversary dates

  • Commission criminal record and credit checks within the applicable validity window

  • Request and process regulatory references for any new joiners

  • Verify CPD records meet the requirements relevant to each individual's role

  • Confirm Conduct Rules training has been completed and documented for all relevant staff

  • Obtain signed annual conduct rule declarations from all relevant staff

  • Issue written certifications to all individuals who pass the F&P assessment

  • File REP008 for any conduct rule breaches identified during the year

  • Review and update the firm's SM&CR policies and procedures

Reducing Documentation Burden

If you are looking for a practical way to reduce the documentation burden without adding compliance headcount, Colin performs a compliance check on the finished report before it leaves the adviser's desk, producing a documented record of compliance outcomes with remediation guidance for any check that does not pass, so your documentation holds up under FCA scrutiny.

Request a demo to see how Colin works with your existing compliance workflow, or start a 14-day free trial with no credit card required. AdvisoryAI runs on a monthly rolling agreement with a 30-day money-back guarantee, or an annual plan at a 10% discount, so there is no long-term commitment required to evaluate it against your real workflow.

FAQs

What Are the Annual F&P Assessment Requirements?

Firms must assess fitness and propriety at least once every 12 months for all certified staff and SMF holders, covering honesty and integrity, competence and capability, and financial soundness. The assessment must be substantive and evidence-backed, with all supporting documentation retained for the applicable period under SYSC record-keeping rules.

How Do Firms Build a Compliant Conduct Audit Trail?

Firms must record all Conduct Rules training by date, content, and attendee, and obtain signed annual declarations from every member of Conduct Rules staff. Your firm submits breaches by non-senior managers to the FCA annually via REP008, and must retain all breach investigation records regardless of the outcome.

Which Staff Roles Require SMCR Certification?

Certification applies to individuals performing Certification Functions, primarily the Client Dealing Function, which covers financial advisers and wealth managers who have contact with clients in connection with advising on or arranging investments for retail clients and who exercise a significant amount of discretion, judgement, or technical skill. Administrative staff with no client-facing or investment function contact are typically excluded.

What Triggers an SMF Notification to the FCA?

New SMF appointments require prior FCA approval before the individual takes up the role. Under the Phase 1 reforms effective 24 April 2026, firms have 12 weeks to submit a replacement SMF application, and the candidate may act in the role while the application is under determination, with Senior Manager Conduct Rules applying throughout. These reform details are time-sensitive: confirm current requirements against the FCA's primary guidance at fca.org.uk before acting on them.

Key Terms

Statement of Responsibility (SoR): A formal document tying a named SMF holder to their prescribed responsibilities within the firm. It must be self-contained, version-controlled, and retained for the applicable period under SYSC record-keeping rules. Confirm the specific retention period against the FCA Handbook or with your compliance officer.

Fitness and Propriety (F&P): The standard firms must apply when certifying relevant staff annually, assessed across three pillars: honesty and integrity, competence and capability, and financial soundness.

Certification Function: A role identified by the FCA as carrying significant harm potential, requiring annual internal certification by the firm rather than FCA pre-approval. The Client Dealing Function is the most common Certification Function in IFA firms.

COCON: The FCA's Conduct Rules sourcebook, setting out the individual conduct standards that apply to almost all employees in regulated firms, with an additional four rules applying specifically to senior managers.

Senior Management Function (SMF): A designated role requiring FCA pre-approval before the individual takes up the position. Each SMF holder must hold a Statement of Responsibility covering their specific prescribed responsibilities.

Serve twice the clients. Give each better advice.

Serve twice the clients. Give each better advice.

✔ Reports from your templates

✔ Reports from your templates

✔ 14-days free trial

✔ No credit card

✔ Reports from your templates

✔ 14-days free trial

✔ No credit card

>