Compliance Guide

SMCR Compliance Guide: Employment Screening Obligations for FCA-Regulated Firms

A practical guide to the Senior Managers & Certification Regime — what it requires from your screening process, who it applies to, and how to evidence compliance.

The Senior Managers & Certification Regime (SMCR) is the FCA's framework for individual accountability at regulated financial services firms. Introduced in 2016 for banks and 2019 for solo-regulated firms, it replaces the Approved Persons Regime and places explicit obligations on firms to carry out due diligence on certain individuals before they are appointed — and annually thereafter.

This guide covers what SMCR requires from your pre-employment screening process, who it applies to, and what a compliant screening package looks like.

Who SMCR applies to

SMCR applies to all FCA-regulated firms, with obligations varying by firm type (Enhanced, Core, or Limited Scope). It divides individuals into three categories:

Senior Management Function (SMF) holders

SMF holders perform the most senior functions within a firm and must be individually approved by the FCA before they can carry out their role. Examples include:

  • Chief Executive (SMF1)
  • Chief Finance Officer (SMF2)
  • Chief Risk Officer (SMF4)
  • Head of Internal Audit (SMF5)
  • Compliance Oversight (SMF16)
  • Money Laundering Reporting Officer / MLRO (SMF17)

Firms must submit an application to the FCA (via Connect) before an SMF holder can start in their role. As part of this process, the firm must evidence that it has assessed the individual as fit and proper.

Certification Function staff

Certification Function staff are individuals whose roles could cause significant harm to the firm or its customers, but who do not require FCA pre-approval. Instead, the firm itself must certify them as fit and proper before they start — and re-certify them annually.

This includes:

  • Client-facing advisers and relationship managers
  • Individuals who supervise or manage Certified Persons
  • Anyone who could have a significant impact on the firm's risk profile
  • Material Risk Takers under CRD IV

Unlike SMF holders, there is no external FCA register for Certification Function staff — the compliance obligation rests entirely with the firm.

Conduct Rules staff

All other employees (except ancillary staff) are subject to the FCA's Individual Conduct Rules. For most firms this is a training and monitoring obligation rather than a screening one, though some firms choose to include basic checks as part of their standard onboarding.

What "fit and proper" means under SMCR

The FCA's FIT sourcebook sets out three criteria for assessing fitness and propriety:

  • Honesty, integrity and reputation — no regulatory sanctions, criminal convictions, civil proceedings, or significant adverse media
  • Competence and capability — relevant qualifications, experience, and knowledge for the role
  • Financial soundness — no significant undisclosed financial difficulties or insolvency

The firm is responsible for carrying out this assessment. The FCA does not prescribe exactly which checks to run, but expects firms to use a risk-based approach proportionate to the role.

The SMCR screening checklist

For Senior Management Function holders and Certification Function staff, the following checks are standard practice at compliant regulated firms:

  • FCA Individual check — verify current FCA registration status, controlled functions previously held, and any regulatory notices, prohibitions, or censures
  • PEPs & Sanctions screening — screen against global Politically Exposed Persons lists and sanctions databases (UK HMT, UN, EU, OFAC) — required under Money Laundering Regulations 2017
  • Credit history (5 years) — CCJs, insolvency, defaults, and arrears — assesses financial soundness under FIT
  • Work history (5 years verified) — confirmed employment history for the previous 5 years, direct employer verification — the FCA's hiring standard for SMF roles
  • Adverse media screening — open-source search of press, court records, and regulatory enforcement databases for negative coverage
  • Directorship history — prior directorships, dissolved companies, and disqualifications via Companies House
  • Identity verification — document scan and facial match to confirm the individual's identity
  • Address history (5 years) — verified residential address history to support identity and sanctions checks
  • Right to Work — legal right to work in the UK confirmed before start date

Note: The FCA also requires firms to obtain a regulatory reference (FCA SYSC 22) from previous regulated employers for SMF and Certification Function candidates. This is a separate process from pre-employment screening and is not covered by InfoVetted — it involves a formal request to each regulated employer the individual has worked at in the past 6 years.

Annual re-certification

One of the most operationally demanding aspects of SMCR is the annual re-certification obligation for Certification Function staff. Firms must:

  • Assess each Certified Person as fit and proper at least once per year
  • Issue (or decline to issue) a written certificate confirming fitness and propriety
  • Maintain records of the assessment and any decisions made
  • Notify the FCA if a Certified Person is no longer fit and proper

Most firms include a re-screening element as part of the annual re-certification process, at minimum re-running PEPs & Sanctions and adverse media checks. InfoVetted supports annual re-screening workflows — candidates can be re-invited to complete updated checks without re-entering their details from scratch.

Audit trail requirements

The FCA expects firms to be able to demonstrate their fitness and propriety assessments on request. This means retaining:

  • The results of every check run, with timestamps
  • Evidence of who authorised the appointment
  • The annual re-certification record for each Certified Person
  • Any notifications made to the FCA about individuals who ceased to be fit and proper

InfoVetted timestamps every check result, links results to candidate records, and provides exportable audit reports in a format suitable for FCA examination or internal governance review.

How InfoVetted supports SMCR compliance

InfoVetted provides the checks, workflow, and audit trail to meet your SMCR screening obligations at scale:

  • All checks in the SMCR package available in a single platform — no separate supplier relationships
  • Named screening packages — define your SMF and Certification Function packages once and reuse for every hire
  • Candidate portal with your company branding — professional experience for senior hires
  • Timestamped, exportable results — full audit trail for FCA examination
  • Annual re-screen support — re-invite candidates for updated checks without re-entering details

InfoVetted is purpose-built for regulated financial services firms. Book a demo to see the SMCR screening workflow and audit trail in action.

← Back to Resources

Ready to meet your SMCR obligations?

Speak to our compliance screening team and we'll build a package tailored to your firm's FCA requirements.