Hiring an SMF1 CEO: A Guide for UK Regulated Firms

SMF1 is the FCA designation that attaches personal regulatory accountability to the Chief Executive of an FCA-regulated firm. Hiring into the role is a different exercise from hiring a corporate CEO — even where the commercial brief looks similar. The candidate must be FCA-approved before they take up the role, the Statement of Responsibility is a regulatory document with weight, and the personal accountability under the regime affects who is genuinely available, what they should be paid, and how the firm needs to think about insurance and indemnity. Boards that treat an SMF1 search as an executive search with a compliance addendum tend to discover the regulatory dimension late. Boards that treat it as a regulated-firm search with a commercial dimension from the start tend to land cleaner appointments faster.

This guide is written for chairs, board nomination committees and existing CEOs running succession on behalf of a regulated firm. It sets out what an SMF1 appointment actually involves: how the role differs from a corporate CEO, how the search is structured, what FCA approval looks like in practice, how the Statement of Responsibility shapes the offer, and what timelines to plan for. It draws on the work we do running SMF1 mandates across asset management, wealth management, insurance, brokerage, fintech and consumer credit firms — and on the FCA’s published guidance for solo-regulated firms operating under SMCR. For the full overview of all SMF roles, see our SMF Roles guide.

What SMF1 covers

SMF1 is the Chief Executive function under the Senior Managers and Certification Regime. It applies to the most senior individual responsible for the day-to-day running of an FCA-regulated firm — typically the CEO, but in some firm structures it can be the Managing Director where that title carries equivalent scope. The function is one of the prescribed senior management functions that must be held by an FCA-approved individual at all times. A firm cannot operate without an SMF1 in place, and any change in the SMF1 holder triggers a regulatory notification and approval process.

The substantive scope of SMF1 covers what a corporate CEO would recognise — strategy, business performance, leadership of the executive team, accountability to the board for the operation of the firm — with the regulatory dimension layered through every part of it. The SMF1 holder is personally accountable for the firm’s adherence to relevant regulatory requirements in the areas they have not delegated to other Senior Managers, and remains accountable for the oversight of those they have delegated. The phrase “ultimately accountable” is more than rhetorical here: when something goes wrong in the firm, the FCA’s first question is usually whether the SMF1 took reasonable steps to prevent it.

This is the structural difference from a corporate CEO appointment. A corporate CEO is accountable to the board, who in turn are accountable to shareholders. The SMF1 has the same internal accountability plus a parallel external accountability to the regulator that does not fade when the board is happy.

Who needs an SMF1 — and which firm classification matters

Every FCA-solo-regulated firm needs to identify an individual to hold SMF1. This applies regardless of whether the firm is classified under SMCR as Core, Enhanced or Limited Scope — though the wider SMF set in scope, and the responsibilities expected, differ between the three.

The firm classifications were established when SMCR extended to all FCA-solo-regulated firms in December 2019. The classification determines how broad the regime sits across the senior team and what governance documentation the firm needs to maintain.

Core firms represent the majority of FCA-solo-regulated firms. The senior management team is smaller, the SMF set is more limited, and the responsibilities map is correspondingly leaner. Most independent asset managers, wealth managers, brokers and intermediaries fall into this category. SMF1 in a Core firm carries a slightly narrower set of prescribed responsibilities than in an Enhanced firm, but the substance of the role and the personal accountability are the same.

Enhanced firms are the largest and most complex — typically those with assets under management above £50 billion, or banking-style activities, or other features that bring them into the more demanding regime. Enhanced firms have the full SMF set in scope, run formal Board committees that themselves carry SMF designations, and maintain detailed Management Responsibilities Maps. SMF1 in an Enhanced firm operates in a more populated governance environment with formal Risk Committee, Audit Committee, Remuneration Committee and Nomination Committee structures around them.

Limited Scope firms have the narrowest regime application — typically sole-trader financial advisers and certain insurance intermediaries whose regulated activity is narrow enough to warrant a reduced SMF set. SMF1 in a Limited Scope firm may be the only SMF holder, and the role is correspondingly broad-shouldered.

If you are not certain which classification your firm falls under, the firm’s compliance lead or external compliance adviser will have the answer. The classification affects the search in two practical ways: which other SMFs the firm needs in place around the SMF1, and how detailed the Statement of Responsibility needs to be when the appointment is made.

What a regulated-firm CEO does that a corporate CEO does not

Beyond the regulatory accountability already covered, there are several substantive parts of an SMF1 role that distinguish it from a non-regulated CEO appointment.

The relationship with the regulator is part of the role. The SMF1 is the firm’s principal point of contact with the FCA on senior matters. This includes routine engagement (firm contact meetings, Section 165 information requests, periodic regulatory returns), incident escalation (notifying the FCA promptly of significant matters affecting the firm), and substantive engagement on supervisory priorities (Consumer Duty, operational resilience, financial promotions, market conduct). A candidate who has not held an SMF before is unlikely to have managed direct FCA engagement at this level — and the learning curve is real.

Consumer Duty has changed what the role looks like. The FCA’s Consumer Duty took effect in July 2023 for new and existing products and in July 2024 for closed products. It introduced a new principle requiring firms to deliver good outcomes for retail customers — and Consumer Duty is the kind of regulatory expectation that the SMF1 is personally accountable for. The duty requires evidenced senior management oversight, including an annual board report on Consumer Duty outcomes that the SMF1 is expected to lead on. Boards hiring an SMF1 since 2023 increasingly look for candidates who have lived through Consumer Duty implementation in another firm.

Operational resilience is a first-order accountability. The FCA’s Operational Resilience policy took effect in March 2022 and requires firms to identify their important business services, set impact tolerances, and demonstrate they can deliver within those tolerances even during severe but plausible disruption. While the day-to-day accountability for operational resilience usually sits with SMF24 (Chief Operations Function) where one exists, the SMF1 retains overall accountability for the firm’s resilience. This has reshaped how SMF1 candidates think about technology investment, third-party risk and incident response.

The firm’s culture is on the SMF1’s plate. The FCA’s expectations on conduct culture have firmed up over the past decade, and supervisory engagement increasingly probes how the SMF1 sets and reinforces the culture of the firm. This is not a soft topic in the SMCR context — culture is treated as a leading indicator of conduct outcomes, and questions about how the SMF1 has shaped culture in previous roles are now standard in FCA approval interviews for senior appointments.

The reasonable steps test is personal. When something goes wrong in the firm — a customer harm event, a financial promotion breach, a market conduct issue — the FCA’s first analytical question is whether the senior individuals responsible for the relevant area took reasonable steps to prevent it. For SMF1, this question can apply across almost any area of the firm, particularly where responsibilities have been delegated and the question becomes whether the SMF1 maintained appropriate oversight of the delegated responsibility.

Building the role specification: what a strong SMF1 brief looks like

The role specification for an SMF1 search is the document that frames every conversation with every candidate. It needs to do three things at once: communicate the commercial role, communicate the regulatory role, and communicate the governance environment the candidate will operate in. Specifications that handle the first dimension well but skim the other two systematically attract candidates who will withdraw at offer stage when they understand what the role actually entails.

The commercial dimension covers the standard CEO content — business strategy, P&L responsibility, client and market positioning, executive team leadership, board accountability, growth or transformation priorities. This is where most existing CEO specifications already do good work.

The regulatory dimension covers the SMF1 designation explicitly, the prescribed responsibilities allocated to the role, the firm’s classification under SMCR (Core / Enhanced / Limited Scope), the FCA supervisory category, and the regulatory priorities the firm is currently working on (Consumer Duty implementation status, operational resilience self-assessment cycle, any active FCA matters). Specifications that flag the regulatory dimension early in the brief — rather than burying it in an addendum — attract candidates who are seriously interested in the regulated dimension and screen out candidates who are not.

The governance dimension covers the Chair, the Board composition, the SID, the Risk and Audit committee chairs, the existing Senior Manager team and the responsibilities map. SMF1 candidates evaluating an offer will want to understand who they will be working with — particularly the Chair (with whom the working relationship is intensive) and the SMF24 Chief Operations holder (who carries operational accountability). Specifications that name the surrounding senior team and describe the responsibilities map carry significantly better with experienced SMF candidates.

An additional point: the strongest specifications include a draft Statement of Responsibility — even if it is only a working draft. Candidates will read it carefully. The presence of a working SoR signals that the firm has done its governance homework and is approaching the search seriously.

The FCA approval process for SMF1

Once the firm has selected its preferred candidate, the FCA approval process begins. This is the formal mechanism by which the candidate becomes an approved person able to perform the SMF1 function. The process has three components: the firm’s submission, the FCA’s assessment, and the firm’s notification to the FCA when the candidate takes up the role.

The firm’s submission is built around Form A, which is the application for an individual to perform a senior management function. Form A is submitted via the FCA’s Connect platform and requires comprehensive information about the candidate’s identity, employment history, regulatory history, financial history, and any matters that could be relevant to the fit-and-proper assessment. The firm must also submit:

• The candidate’s Statement of Responsibility, defining what the SMF1 will be accountable for
• The firm’s Management Responsibilities Map, showing how all SMFs and prescribed responsibilities sit together
• Regulatory references covering the candidate’s previous six years of employment from any regulated employer in that period
• Supporting evidence on the candidate’s competence, including their CV, education and qualifications

Regulatory references are the part of the submission that surprises some firms most. They are mandatory, the previous regulated employers must respond, and the references are not free-form character references — they follow a prescribed format that requires the previous employer to disclose any conduct matters, disciplinary outcomes or fit-and-proper findings that occurred during the candidate’s employment. A candidate with anything material in their record will need to be ready to explain it transparently to the new firm and ultimately to the FCA.

The FCA’s assessment evaluates the candidate against three statutory criteria: honesty, integrity and reputation; competence and capability; and financial soundness. The assessment uses the firm’s submission as the starting point, may include direct contact with previous employers, and for SMF1 candidates often includes an interview between the candidate and the FCA. The FCA’s published service standard for Form A turnaround is up to three months, with most clean applications resolved within four to twelve weeks. Complex applications — particularly those involving candidates with regulatory history that requires explanation, or firm structures where the responsibilities map is being revised in parallel — can take longer.

It is worth being honest about timing. Six weeks is a reasonable working assumption for a clean SMF1 application where the candidate has prior SMF approval and the firm’s submission is complete. Eight to twelve weeks is more realistic where there is anything substantive to discuss in the candidate’s history, where the firm itself is in transition, or where the FCA has chosen to interview the candidate. Boards that have not factored these timelines into their succession planning often end up with a regulatory gap, an interim CEO arrangement or a compromise on the strongest candidate available.

The notification happens when the approved candidate actually takes up the role. The firm files Form C confirming the start date, and the candidate is formally added to the FCA’s Financial Services Register as the firm’s SMF1 holder. This is the moment the candidate’s regulatory accountability under the regime begins.

The fit-and-proper assessment: what it actually examines

The fit-and-proper assessment is the substantive judgement the FCA makes about whether an individual is suitable to perform the SMF1 function. It is not a tick-box exercise — the FCA exercises real judgement, particularly for senior roles in larger or more complex firms. Three areas drive most of the assessment.

Honesty, integrity and reputation covers the candidate’s record on conduct matters. The FCA looks at the candidate’s regulatory history (any past regulatory action against them or against firms where they held senior roles), their conduct history (disciplinary outcomes, dismissals for cause, conduct findings), their criminal record where applicable, and their broader reputation in the relevant market. A candidate with adverse history in any of these areas is not automatically blocked — the FCA assesses materiality and context — but the firm needs to be ready to explain why the appointment is appropriate and what mitigations are in place.

Competence and capability covers whether the candidate has the knowledge, skills and experience to perform the role. For SMF1, this is a substantial bar. The FCA expects to see evidence that the candidate understands the firm’s business model, the regulatory regime under which it operates, the prescribed responsibilities they will hold, and the governance structures around the role. Prior SMF experience is the strongest evidence, but candidates without prior SMF approval can clear competence and capability where their broader background demonstrably equips them for the role and where the firm has put in place a credible induction and support framework.

Financial soundness covers the candidate’s personal financial position. The assessment looks at whether the candidate has been the subject of personal insolvency, county court judgements, IVAs or similar matters. The bar is not that candidates must have unblemished financial histories — it is that anything significant must be disclosed, explainable and not indicative of broader integrity concerns.

The fit-and-proper assessment is conducted both at appointment and on an ongoing basis. The firm itself has an obligation to satisfy itself annually that the SMF1 (and other Senior Managers) remain fit and proper, and to notify the FCA promptly of any matters that could affect the assessment. This is part of the regime’s broader principle that senior management oversight is continuous, not point-in-time.

Statements of Responsibility: drafting one for SMF1

The Statement of Responsibility is the foundational document of the SMF1 appointment. It sets out what the CEO is accountable for — both the prescribed responsibilities allocated to them and the broader scope of their executive role. Every SMF1 must have one, and it must be consistent with the firm’s overall Management Responsibilities Map.

For an SMF1, the SoR will typically include the prescribed responsibilities that sit with the CEO by default — performance by the firm of its obligations under the Senior Management Regime, oversight of authorisation status, and (depending on firm classification) responsibilities for compliance, money laundering, training and competence. Where these have been delegated to other Senior Managers (for example, Compliance Oversight to SMF16), the SoR will reflect the delegation while making clear the SMF1 retains oversight responsibility.

The SoR also captures the substantive scope of the executive role: business strategy, financial performance, leadership of the executive team, board accountability, regulatory engagement, culture and conduct. Strong SoRs are specific enough that the candidate, the Chair and the regulator can all read them and reach the same conclusion about what the SMF1 is accountable for.

Three drafting points are worth flagging.

Avoid blanket “all responsibility” language. An SoR that says the SMF1 is responsible for “all aspects of the firm’s regulated activities” without granularity is unhelpful both to the regulator and to the candidate. The FCA reads SoRs as the basis for accountability — vague allocation makes it harder to pinpoint who is responsible when something goes wrong, but it does not absolve anyone. Candidates will rightly push back on language that allocates responsibility without authority.

Align with the responsibilities map before finalising. The SoR cannot allocate to the SMF1 a responsibility that the firm’s responsibilities map shows sitting with another Senior Manager. Inconsistency between the SoR and the map is a regulatory red flag and will surface during the FCA’s assessment.

Treat the SoR as a working document for the candidate. Strong candidates will read the draft SoR carefully and may propose amendments. This is healthy — it indicates the candidate is engaging with what the role actually involves. Resistance from the firm to discussing SoR language is often a sign that the firm itself has not fully thought through the role, and is one of the markers that experienced SMF1 candidates use to assess whether the firm is a good place to hold the role.

Building the candidate pool

The candidate pool for SMF1 roles is structurally narrower than for corporate CEO roles, and several factors shape who is genuinely available.

Prior SMF1 approval is the strongest signal. Candidates currently holding or recently holding SMF1 in another firm carry the highest credibility with the regulator and the lowest approval risk for the hiring firm. They have demonstrated they can clear the fit-and-proper assessment, they understand the substance of the role, and they bring direct regulatory engagement experience. The challenge is that the population of available SMF1 candidates is small — most are in role somewhere — and the discreet introduction is the standard way these searches are run.

SMF3 (Executive Director) holders are the natural step-up pool. Candidates currently holding SMF3 — typically the second-most-senior executive in a regulated firm, often the CFO who sits on the Board, or a Chief Commercial or Chief Operations holder with Board responsibility — are the most credible step-up pool for first-time SMF1 appointments. They have lived under the regime, they have an existing FCA approval, and they understand the regulatory dimension first-hand.

Strong SMF24 (Chief Operations) holders can transition. Where the SMF1 role has a heavy operational dimension — common in fintech, asset management technology platforms, or firms in operational transition — candidates currently holding SMF24 can be credible SMF1 successors. The transition is more substantial because the SMF24 role is functionally narrower than SMF1, but it is well-trodden.

Corporate CEOs without prior SMF approval are appointable but require preparation. Strong corporate CEOs from related sectors (financial services adjacent, regulated industry, technology with a regulatory dimension) can clear the SMF1 fit-and-proper assessment with the right preparation. The most common preparation pattern is a structured FCA induction, board-level sponsorship, and a deliberately staged Statement of Responsibility that allocates the most regulator-sensitive responsibilities (compliance oversight, money laundering, prudential matters where applicable) to other SMF holders during the first phase of the appointment.

One specific note on overseas candidates. Candidates from overseas regulated environments (US, EU, Singapore, Hong Kong) bring strong substantive backgrounds but the FCA’s assessment will rest heavily on the regulatory references the previous overseas regulators provide. The references can take longer to obtain and may not match the prescribed UK format precisely. This needs to be planned for in the timeline rather than discovered after offer.

Compensation, indemnity and the personal accountability dimension

SMF1 compensation in UK regulated firms operates within a more constrained framework than corporate CEO compensation. The constraints come from three sources: the regulatory rules on remuneration (particularly under the FCA’s Remuneration Code, which applies to certain firm types), the disclosure requirements applicable to listed regulated firms, and the practical reality that personal accountability under the regime affects what the role is reasonably worth.

Base salary, bonus and long-term incentive structures still apply, but the design of these is shaped by regulatory requirements: deferral periods, malus and clawback provisions, performance metric alignment with risk and conduct outcomes. For Enhanced firms in particular, the Remuneration Code overlay is substantial and shapes the entire package.

Insurance and indemnity arrangements are an important part of the offer. The SMF1’s personal accountability under the regime means that the candidate is exposed to potential FCA action against them as an individual — including fines and prohibition from regulated employment — in addition to the standard director liabilities. Most regulated firms maintain D&O insurance and SMF-specific cover; the strength of this cover is a real consideration for SMF1 candidates and should be discussed during offer rather than after acceptance.

The reasonable steps test, while not changing the core offer mechanics, does affect candidate willingness in subtle ways. Experienced SMF candidates will scrutinise the firm’s risk and compliance environment, the strength of the second line, the responsibilities map and the working relationship with the Chair. They are not just evaluating the role — they are evaluating whether the firm is one where they can take reasonable steps consistently and document their decisions appropriately. Firms that present well on this dimension attract better candidates.

Common SMF1 search pitfalls

Several patterns recur in SMF1 searches that go off-track. Each is avoidable with deliberate planning at the front end.

Underestimating the FCA timeline. Boards that have not factored eight to twelve weeks of FCA approval into their planning often end up with regulatory gaps, interim CEO arrangements that drag on, or compromises on the strongest candidate. The fix is to start the search earlier than the comfortable timeline suggests — or to be ready with an interim arrangement that does not itself require fresh SMF approval.

Drafting the Statement of Responsibility around the chosen candidate rather than building it first. SoRs that have been retrofitted to fit a chosen candidate tend to be weaker than SoRs built first. The retrofit version often has gaps that the FCA will probe during approval, and creates the first-year governance issue that some prescribed responsibility is unclearly allocated.

Treating regulatory references as a back-office task. References that arrive late, references that surface unexpected disclosures, references that previous employers contest — all of these affect the timeline and sometimes the appointment itself. Strong searches plan the references workflow at the offer stage, not after acceptance.

Skipping FCA engagement before the formal application. For Enhanced firms or where the candidate has anything in their history that requires explanation, an informal pre-application conversation with the firm’s FCA supervisor is often valuable. It signals to the regulator that the firm is approaching the appointment seriously and provides early indication of any concerns the FCA might raise. Firms that go straight to formal application without preparing the regulator can be surprised by the questions that come back.

Underspecifying the Chair-CEO scope. The relationship between the SMF1 and the Chair (typically SMF9 in the regulated context) is the most important working relationship in a regulated firm. Specifications and offers that leave the boundary between Chair and CEO scope ambiguous create first-year governance issues. The strongest appointments include explicit conversation about the Chair-CEO division of responsibility before the candidate accepts.

Ignoring the Senior Manager Conduct Rules. Senior Manager Conduct Rules SC1-SC4 apply to the SMF1 from the moment they take up the role. Candidates who treat them as a compliance afterthought rather than as the substantive accountability framework they represent tend to struggle in their first year. Strong searches surface the Conduct Rules in the offer conversation so the candidate understands them as part of the role rather than as a regulatory bolt-on.

How Exec Capital approaches SMF1 mandates

Exec Capital runs SMF1 mandates as integrated commercial-and-regulatory searches. The commercial dimension — market positioning, candidate identification, succession context, executive team fit — receives the same rigour we bring to any C-suite search. The regulatory dimension is built in from the brief, not added at the end. We work through the Statement of Responsibility outline with the firm, identify the candidate pool with prior SMF approval first and step-up candidates second, and structure the timeline around the realistic FCA approval window.

Our regulated-firm practice covers the executive functions under SMCR — SMF1, SMF3 (Executive Director), SMF4 (CRO), SMF24 (Chief Operations Function) — together with the senior C-suite and director-level roles that operate within regulated firms. Where the appointment falls within a sister firm’s specialism — finance and compliance functions including SMF2, SMF16 and SMF17 (FD Capital), board roles including SMF9, SMF11 and SMF14 (NED Capital), or audit-qualified roles including SMF5 (Accountancy Capital) — we make the introduction directly and work alongside the relevant team.

For boards beginning their first SMF1 search or refreshing how they have approached previous searches, we offer a structured initial conversation that walks through the responsibilities map, the role specification and the realistic candidate pool before any formal mandate begins. For more on the broader SMF cluster, see our SMF Roles guide. For the corporate (non-regulated) version of the CEO search, see CEO recruitment.

Further Reading and Authoritative Sources

For the FCA’s authoritative guidance on the SMCR and the SMF1 designation specifically, see the FCA’s SMCR overview and the solo-regulated firms guidance. The FCA’s Form A guidance sets out the application requirements for SMF appointments.

For the broader regulatory framework, see the FCA’s Consumer Duty and the Operational Resilience policy, both of which directly affect SMF1 accountability. The Bank of England Supervisory Statement on individual accountability covers the dual-regulated firm context for firms that are both FCA and PRA regulated.

The Institute of Directors publishes governance frameworks that complement the regulatory requirements, particularly on board structure and the Chair-CEO relationship. The ICAEW publishes financial reporting and governance guidance relevant to regulated firm CFO and audit committee work that affects the SMF1’s wider operating environment.