SMF Roles in UK Regulated Firms: A Complete Hiring Guide

The Senior Managers and Certification Regime (SMCR) reshaped the executive hiring landscape across UK financial services when it took full effect. Since the Financial Conduct Authority extended what had been a banking regime to all FCA-solo-regulated firms in 2019, every regulated business in the UK has had to think more carefully about who sits in its most senior roles, what they are accountable for, and how they are appointed. For boards, founders and CEOs hiring into these positions, the regime turned what used to be a straightforward executive search into a more layered conversation. The role is not just defined by what the business needs operationally — it is also defined by what the FCA expects in writing, with personal regulatory accountability attached.

This guide sets out the Senior Manager Functions (SMFs) that matter most for hiring decisions. It explains what each role is, who it applies to, what the FCA expects, and — practically — what changes about how you hire when an SMF designation attaches to the position. It is written for businesses making the hire, not for compliance professionals briefing the regulator. If you are trying to decide what the right role looks like and where to find the right person, this is the orientation guide. We have built our practice around hiring senior leadership into UK regulated firms across asset management, wealth management, insurance, brokerage, fintech and consumer credit. The SMF dimension is now part of how we run every regulated-firm search, drawing on what we see day-to-day in the market alongside the FCA’s published guidance on each role.

What the SMCR is and why it matters for hiring

The SMCR exists to attach personal regulatory accountability to the most senior people in regulated firms. Before SMCR, firms could be fined for failures of governance and conduct, but the individuals making the decisions were rarely held personally responsible. The post-2008 reform programme — and specifically the work of the Parliamentary Commission on Banking Standards — concluded that this was a structural weakness, and the SMCR is the regulatory response.

The regime has three layers. Senior Managers hold designated SMF positions, must be FCA-approved before they take up the role, and have written Statements of Responsibility setting out exactly what they are accountable for. Certification Functions apply to other staff whose roles could harm the firm or its customers — they are not pre-approved by the FCA but have to be certified annually as fit and proper by the firm itself. Conduct Rules apply to almost everyone else and set baseline standards of integrity and competence.

For hiring decisions, the part that matters most is the SMF layer. When you are hiring into a role that carries an SMF designation, three things change compared with a non-regulated executive hire.

First, the candidate must be FCA-approved before they start. This is a documented application process — typically four to twelve weeks — and a candidate without prior SMF approval will need to clear it before the firm can deploy them into the role. For senior roles where the firm has already lost its incumbent, that gap can be commercially painful.

Second, the Statement of Responsibility is part of the role. What the person is responsible for needs to be defined in writing, agreed with them, and consistent with the firm’s overall responsibilities map. This is a real document with regulatory weight — not an internal job description that lives on a shared drive.

Third, the “reasonable steps” principle attaches personally. If something goes wrong in their area, the regulator can hold the individual personally accountable for whether they took reasonable steps to prevent it. That has implications for how senior the person needs to be, what they are paid, what insurance arrangements the firm needs to have in place, and how risk-tolerant the candidate pool genuinely is when offered the role.

These three differences compound to mean that hiring into SMF roles is a different exercise from hiring into the equivalent position at a non-regulated firm. The candidate pool is smaller, the reference and due diligence work is more thorough, the time-to-start is longer, and the role definition has to be tighter.

Firm classification: Core, Enhanced, Limited Scope

Not every SMF applies to every firm. The set that applies depends on how the firm is classified under SMCR — Core, Enhanced, or Limited Scope. Knowing your classification is the starting point for working out what SMFs you actually need to fill.

Core firms are the default for the majority of FCA-solo-regulated firms. They face a smaller set of SMFs and a more limited responsibilities map than Enhanced firms. Most asset managers, wealth managers, brokers and intermediaries fall into this category.

Enhanced firms are the largest and most complex — typically firms with assets under management above £50 billion, certain banking-style activities, or other features that bring them into scope. Enhanced firms face the full set of SMFs and the most demanding governance and reporting requirements under the regime.

Limited Scope firms are those whose regulated activities are sufficiently narrow that only a reduced set of SMFs applies. Sole-trader financial advisers and certain insurance intermediaries are typical examples.

If you are not sure which classification your firm falls under, your compliance lead or external compliance adviser will know. The classification affects both the SMF set in scope and the certification population — which in turn affects every senior hire you make.

The Senior Manager Functions: how they group for hiring

There are 19 SMF designations across the regime, but for hiring purposes they fall into three working groups:

• Executive functions — those running the business: SMF1 CEO, SMF3 Executive Director, SMF24 Chief Operations Function
• Risk and oversight functions — SMF2 Chief Finance Function, SMF4 Chief Risk Officer, SMF5 Head of Internal Audit, SMF16 Compliance Oversight, SMF17 Money Laundering Reporting Officer
• Board and governance functions — SMF9 Chair, SMF10 Chair of Risk Committee, SMF11 Chair of Audit Committee, SMF12 Chair of Remuneration Committee, SMF13 Chair of Nomination Committee, SMF14 Senior Independent Director

There are also several specialist SMFs (SMF6 Head of Key Business Area, SMF7 Group Entity Senior Manager, SMF18 Other Overall Responsibility, SMF19 Head of Third Country Branch, SMF20 Chief Actuary, SMF21 EEA Branch Senior Manager, SMF22 Other Local Responsibility, SMF23a Chief Underwriting Officer, SMF23b Underwriting Risk Oversight Officer, SMF27 Partner) which apply in specific firm types — Lloyd’s market, group structures, insurance — and are outside the scope of this guide.

Below we set out each of the most-hired SMFs in turn, with the practical implications for boards and executive search teams.

SMF1 — Chief Executive (Exec Capital territory)

The CEO of an FCA-regulated firm holds SMF1 and is the most senior individual accountable to the regulator. This role differs from a corporate CEO appointment in three ways that matter for the search.

The Statement of Responsibility for an SMF1 must be comprehensive. Unlike a corporate CEO whose accountability sits within an internal governance framework, the SMF1’s responsibilities are defined in a document the FCA can call up at any time. That document sets out which prescribed responsibilities sit with the CEO personally, which are delegated to other Senior Managers, and which are shared. Boards that have not built the responsibilities map before opening the search find themselves writing the Statement of Responsibility around the candidate they have already chosen — which is a less rigorous process than building the role specification first and matching candidates to it.

The candidate pool for SMF1 roles is materially narrower than for corporate CEO roles, and the diligence is heavier. Prior SMF1 approval is the strongest signal a candidate can carry, but it is not the only one — candidates with SMF3 (Executive Director) or strong SMF24 (Chief Operations) experience can transition into SMF1 with the right firm context. The fit-and-proper assessment that the FCA conducts will examine the candidate’s regulatory history, their conduct in previous roles and their understanding of the firm’s specific business model.

Approval timelines for SMF1 typically run six to twelve weeks for clean applications, longer where the FCA wants additional information or interviews. Boards that have not factored this into their succession planning often end up with a regulatory gap, an interim arrangement, or a compromise on the strongest candidate available.

For the corporate (non-regulated) version of this hire, see our CEO recruitment page.

SMF3 — Executive Director (Exec Capital territory)

SMF3 covers Executive Directors who are Board members of regulated firms but not the CEO. In smaller and mid-sized regulated firms — particularly Core firms — this is the SMF that applies to the second-most-senior executive: often a COO, a CFO who sits on the Board, or a Chief Commercial Officer. The Executive Director role under SMF3 is broader than its corporate equivalent because the Statement of Responsibility must capture the prescribed responsibilities allocated to that individual, not just their commercial brief.

For hiring purposes, SMF3 candidates often come from firms one or two sizes larger, where they have held a similar Board role or where they have been one rung below SMF3-level on a larger Board. This is one of the SMF designations where a strong corporate executive can transition into a regulated firm role with the right preparation — the technical scope of the role is similar to a corporate Executive Director, with the regulatory dimension layered on top. We typically advise candidates entering an SMF3 role for the first time to take a structured FCA induction, which improves both their first-year performance and the firm’s regulatory comfort with the appointment.

SMF24 — Chief Operations Function (Exec Capital territory)

SMF24 is the operational accountability role within the SMCR. The COO of a regulated firm — or, in firms where there is no formal COO, the most senior individual responsible for operations, technology, change and operational resilience — typically holds SMF24.

This designation has gained materially in importance since the FCA’s Operational Resilience policy took effect in March 2022. SMF24 holders are personally accountable for the firm’s operational resilience capability — the ability to prevent, recover from and learn about operational disruption — and the regulator now treats this as a first-order supervisory priority. Consumer Duty implementation, third-party operational risk, IT and cyber resilience, and outsourcing governance all sit on the SMF24 desk.

The hiring market for SMF24 is, in our experience, the tightest of any executive SMF role. Candidates with prior SMF24 approval are a small population, and the operational resilience expectations have raised the bar for what good looks like. We frequently see boards under-spec the role, briefing a traditional COO search when what they need is a candidate who can hold operational resilience accountability under FCA scrutiny. The two are not the same person.

For the corporate (non-regulated) version of this hire, see our COO recruitment page.

SMF4 — Chief Risk Officer (Exec Capital territory)

SMF4 is held by the senior individual responsible for the risk function. In Core firms this is usually a Chief Risk Officer reporting to the CEO; in Enhanced firms it may sit on the Board or report directly to the Chair of the Risk Committee.

The Statement of Responsibility for SMF4 must cover the firm’s risk management framework, the relationship with the Board’s Risk Committee (where one exists), and the firm’s risk appetite framework. The role is substantively different in firms where the CRO is the second line of defence (most common in regulated firms) versus firms where the CRO holds elements of the first line — the FCA has views on which model fits which firm type, and a candidate’s experience in the appropriate model is a material consideration.

The CRO talent market across UK regulated firms has been tight for several years. The post-2008 build-out of risk functions across the banking and asset management sectors created a generation of senior CROs, and the natural attrition into NED careers, advisory roles and overseas markets has thinned the pool. We advise clients to start an SMF4 search earlier than they think they need to, to avoid the situation where a strong commercial candidate is rejected on regulatory grounds and the timeline collapses.

Our CRO recruitment page covers the full role context, including the corporate (non-regulated) version of the hire.

SMF5 — Head of Internal Audit (Accountancy Capital territory)

SMF5 is the Head of Internal Audit. Internal audit is an accounting-qualified discipline — typically requiring ICAEW, ACCA or equivalent qualification combined with internal-audit-specific training under the IIA framework — and the SMF5 role is structurally different from external audit firm partner roles or general assurance work.

This SMF role is owned within our group by our specialist colleagues at Accountancy Capital, whose practice covers audit and accounting-qualified hiring. If you are hiring into SMF5, we will introduce you directly to Accountancy Capital — there is no intermediary handover and the relationship continues into the appointment.

SMF2, SMF16, SMF17 — Finance and compliance functions (FD Capital and partner territory)

Three SMF roles are owned within our group by our specialist colleagues at FD Capital, whose practice is focused exclusively on finance leadership and compliance:

• SMF2 — Chief Finance Function. The CFO or Finance Director with SMF responsibility. FD Capital’s practice is built around CFO and FD recruitment, including SMF2 appointments. See FD Capital’s FCA-Regulated Firms hub.
• SMF16 — Compliance Oversight. The Head of Compliance with personal accountability for the compliance function. See FD Capital’s Compliance Recruitment page.
• SMF17 — Money Laundering Reporting Officer (MLRO). The senior individual accountable for the firm’s anti-money-laundering programme. See FD Capital’s MLRO Recruitment page.

If your search involves any of these three SMFs, we will introduce you directly to FD Capital and the relationship continues from there.

SMF9, SMF11, SMF14 — Board and committee chair roles (NED Capital territory)

The board and governance SMFs are owned within our group by our specialist colleagues at NED Capital, whose entire practice is built around board and non-executive appointments. The roles in this category are:

• SMF9 — Chair. The Chair of the Board of a regulated firm. The role is materially different from a corporate Chairman — the Statement of Responsibility includes prescribed responsibilities for the firm’s overall regulatory compliance and the relationship with the FCA itself.
• SMF10 — Chair of the Risk Committee. Where the Board has a Risk Committee (mandatory for Enhanced firms, optional for Core firms above certain thresholds), the Chair of that committee holds SMF10.
• SMF11 — Chair of the Audit Committee. The Chair of the Audit Committee — typically a Fellow of one of the accounting institutes with significant audit committee experience.
• SMF12 — Chair of the Remuneration Committee. Required in Enhanced firms; the Chair holds SMF12.
• SMF13 — Chair of the Nomination Committee. Required in Enhanced firms.
• SMF14 — Senior Independent Director. The SID provides a sounding-board function for other NEDs and a route for shareholders to raise concerns outside the Chair–CEO relationship. The role is distinct from the Chair and is increasingly seen by the FCA as a first-order governance function.

If your search involves any of these board roles, NED Capital is your specialist destination — we work closely with their team on cross-cluster mandates and the introduction is direct.

The SMF approval process: what to plan for

Once you have identified the candidate you want to appoint, the FCA approval process begins. The mechanics of approval are mechanical, but the timeline and the diligence are not.

The firm submits a Form A for the candidate, supported by the Statement of Responsibility, the candidate’s CV, regulatory references covering the previous six years, and the firm’s responsibilities map showing how the candidate’s role fits within the overall governance structure. The FCA’s published service standard for Form A turnaround is up to three months for SMF approval, with most clean applications resolved within four to twelve weeks. Complex applications — particularly those involving candidates with regulatory history that requires explanation, or firm structures where the responsibilities map is being revised — can take longer.

The fit-and-proper assessment is the substantive test the candidate has to pass. The FCA assesses the candidate against three criteria: honesty, integrity and reputation; competence and capability; and financial soundness. The references that the firm collects from the candidate’s previous regulated employers will form part of this assessment, as will the candidate’s own disclosure of any regulatory matters.

One specific point that catches firms out: the regulatory references that previous employers provide are not optional and not negotiable. If a candidate has been the subject of a conduct investigation, an internal disciplinary process or a non-trivial regulatory matter at a previous firm, this will be disclosed in the reference and the FCA will see it. Candidates with such matters in their background are not automatically blocked — but the firm hiring them needs to be ready to explain why the role is appropriate and what mitigations are in place. We have placed candidates with prior matters successfully where the firm and the candidate worked together to present the situation transparently to the FCA.

The Senior Manager Conduct Rules

SMF holders are subject to four Senior Manager Conduct Rules in addition to the general Conduct Rules that apply to almost everyone. These are:

• SC1 — You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.
• SC2 — You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.
• SC3 — You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.
• SC4 — You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.

The phrase “reasonable steps” is the operative one. The FCA can and does take action against individual Senior Managers where they conclude the individual did not take reasonable steps in their area of responsibility. That action can include public censure, fines and prohibition from regulated employment — outcomes that carry career-ending implications for the candidate.

For boards hiring into SMF roles, this means that the standard executive-search question of “is this person commercially capable?” needs to be paired with the SMF-specific question of “is this person someone who will take reasonable steps consistently, document their decisions, and operate within the regulatory framework rather than around it?” These are different questions and they require different reference patterns.

Statements of Responsibility and the responsibilities map

The Statement of Responsibility (SoR) is the foundational document of the SMCR. It sets out, for an individual Senior Manager, what they are accountable for. Every SMF holder must have one. The firm’s Management Responsibilities Map aggregates the individual SoRs into a single document showing how the firm’s prescribed responsibilities, business areas and governance structures are allocated across the senior management team.

For hiring, three things about the SoR matter at the search stage:

The SoR defines what the role actually is. A candidate evaluating an SMF appointment will read the SoR carefully — and if the SoR has been left vague or has overlap with other Senior Managers’ areas, the candidate will pick up on it. We frequently advise clients to draft the SoR before the search opens, even in skeleton form, so the role definition is sharper from day one.

The SoR has to be consistent with the responsibilities map. If the firm’s existing map allocates a prescribed responsibility to one individual, the new candidate’s SoR cannot inadvertently take it on without the existing holder’s agreement. This is a common source of post-offer friction in firms where the responsibilities map has not been refreshed before the search.

The SoR is a regulatory document, not a job description. It will be referenced if anything goes wrong in the candidate’s area of responsibility. Candidates who have held SMF roles before know to push back on language that is loose or that allocates accountability without authority. Candidates who have not held SMF roles before sometimes accept SoRs that they later regret. A search firm with SMF experience will help both sides land on a balanced document.

The Certification Regime and the broader hiring impact

SMCR is not just about the most senior 10–20 individuals in the firm. The Certification Regime applies to a much larger population — typically anyone whose role could cause significant harm to the firm or its customers. Material Risk Takers, customer-facing managers, certain technology roles, and significant management functions below SMF level all fall under certification.

For each certified individual, the firm must annually assess them as fit and proper and issue a certificate confirming this. The hiring impact is twofold. First, when you make a senior hire below SMF level, you need to assess whether the role is in scope for certification — if it is, the candidate’s regulatory references and fit-and-proper history come into play in a way they would not in a non-regulated firm. Second, the certification population is one of the talent pools your future SMF candidates will come from, and the way the firm handles certification affects whether senior-level candidates view the firm as a good place to take an SMF role.

What changes for senior search in a regulated firm

To bring this together: when you are running a senior search in a UK regulated firm, the SMF dimension changes the search in five practical ways.

1. The brief includes the regulatory dimension from day one. The role specification needs to address the SMF designation, the Statement of Responsibility outline, and the regulatory expectations — not as appendices but as part of the substantive role definition.

2. The candidate pool is narrower and the diligence is heavier. Prior SMF approval, regulatory references and fit-and-proper history are first-order screening criteria. Candidates without these but with strong corporate backgrounds may still be appointable but require longer preparation and a more deliberate FCA narrative.

3. The timeline includes FCA approval. Eight to fourteen weeks from offer to start is a reasonable planning assumption for clean applications. Boards that have not factored this in often end up with regulatory gaps or interim arrangements.

4. The reference work is structured. Regulatory references covering six years of employment are mandatory. They will surface anything material that has happened in the candidate’s previous roles, and the firm needs to be prepared to handle disclosures appropriately.

5. The Statement of Responsibility is part of the offer. Senior candidates evaluating an SMF role will scrutinise the SoR. Vague or overlapping SoRs are a deal-breaker for experienced candidates — a sign that the firm has not done its governance work properly.

How Exec Capital approaches SMF appointments

Exec Capital has built its regulated-firm practice around hiring senior leadership into UK FCA-regulated firms across asset management, wealth management, insurance, brokerage, fintech and consumer credit. Our SMF mandates focus on the executive functions that fall within our practice — SMF1 (CEO), SMF3 (Executive Director), SMF4 (CRO), SMF24 (Chief Operations Function) — together with the senior C-suite, director-level and specialist roles that operate either within regulated firms or in firms moving into regulated activity.

Where the SMF role belongs to a sister firm in our group — finance and compliance functions (FD Capital), board roles (NED Capital), or audit-qualified roles (Accountancy Capital) — we make the introduction directly. The relationship continues into the appointment. Clients value this for two reasons: the specialism is sharper than a generalist firm would offer, and the cross-cluster relationship is established by the time the search begins.

Across all engagement models — permanent, interim and fractional — we treat the regulatory dimension as part of the brief, not as a constraint that surfaces later. For firms beginning their first SMF search, or firms that have run several but want to refresh how they approach the work, we are happy to walk through your responsibilities map and current role definitions before any search opens.

Further Reading and Authoritative Sources

For the FCA’s authoritative guidance, see the Senior Managers and Certification Regime overview and the FCA’s guidance for solo-regulated firms. The FCA Operational Resilience policy is essential reading for anyone working with SMF24. The Bank of England’s Supervisory Statement on individual accountability covers the dual-regulated firm context.

For the broader policy context, the Parliamentary Commission on Banking Standards report sets out the rationale for the regime. The Institute of Directors publishes useful governance frameworks that complement the SMCR’s regulatory requirements. The ICAEW publishes guidance on the financial reporting and audit dimensions of regulated firm governance that is particularly relevant to SMF11 (Chair of Audit Committee) and SMF5 (Head of Internal Audit) appointments.