SMF16 Head of Compliance: The Hiring Guide for FCA-Regulated Firms

SMF16 Head of Compliance: The Hiring Guide for FCA-Regulated Firms

Appointing a Head of Compliance for an FCA-regulated firm is categorically different from appointing a compliance professional in an unregulated business. The individual holding the SMF16 Compliance Oversight function under the Senior Managers and Certification Regime carries personal regulatory accountability to the FCA — not institutional accountability, personal accountability. If the firm’s compliance framework is inadequate, the SMF16 holder faces direct regulatory consequences: financial penalties, public censure, and prohibition from working in regulated financial services. Understanding that accountability structure is the starting point for everything else about how you hire, assess, and onboard the individual.

This guide is written for chairs, CEOs, and boards of FCA-regulated firms who are either making their first SMF16 appointment, replacing an existing Head of Compliance, or upgrading the function as the firm’s regulatory profile grows. It covers what the SMF16 function actually requires, what distinguishes a strong candidate from a credentialled but insufficient one, how the FCA’s fitness and propriety assessment works, what the appointment timeline looks like, and the most common mistakes firms make in this hire. For Exec Capital’s SMF16 recruitment service, see our Head of Compliance Recruitment page.

What the SMF16 function actually requires

SMF16 is the Compliance Oversight Senior Management Function under the FCA’s Senior Managers and Certification Regime. The individual approved to hold this function is responsible for overseeing the firm’s compliance with applicable regulatory requirements — not for delivering compliance activity itself, but for ensuring the compliance framework is adequate, properly resourced, and operating effectively across the business.

The distinction matters. An SMF16 holder who is personally executing compliance activity — reviewing individual client files, writing compliance monitoring reports, building KYC workflows — is operating below the function. Their role is to ensure that someone competent is doing those things, that the systems and processes supporting them are fit for purpose, and that the board has accurate information about the firm’s regulatory risk profile and compliance performance. The SMF16 holder is the senior manager responsible for the compliance framework, not the compliance practitioner delivering within it. In smaller firms these roles often sit in one person, but they should not be confused.

The FCA’s SMCR guidance sets out the prescribed responsibilities that attach to SMF16, including responsibility for the firm’s compliance policies, the management of the compliance monitoring programme, and the escalation of material compliance concerns to the board. The FCA can hold the SMF16 holder personally accountable if any of these responsibilities are discharged inadequately — including if they were inadequately resourced by the business. An SMF16 who raises resource concerns with the board and is overruled has some protection; an SMF16 who does not raise them has very little.

When firms need to appoint or replace their SMF16

The most common circumstances requiring a new SMF16 appointment are departure of the existing holder, FCA authorisation for the first time, a significant change in regulatory risk profile following business growth or new product launch, and regulatory supervisory pressure suggesting the current function is inadequate.

Departure of the existing holder creates an immediate regulatory obligation: under SMCR, the firm must notify the FCA and must fill the SMF16 vacancy within a reasonable period. Operating without an approved SMF16 for an extended period is itself a regulatory breach. An interim Head of Compliance can hold the function while the permanent search runs, subject to the FCA’s interim SMF requirements. For urgent SMF16 coverage — particularly where the firm faces an FCA deadline — an interim appointment within one to two weeks is achievable through a specialist search firm.

First-time FCA authorisation requires the proposed SMF16 to be assessed by the FCA as part of the authorisation process. A proposed SMF16 who cannot satisfy the FCA’s fitness and propriety assessment will delay or prevent authorisation. Getting the SMF16 appointment right before the authorisation application is submitted is therefore not a detail — it is a prerequisite for the application proceeding smoothly.

Regulatory supervisory pressure — a Section 166 skilled person review, a Dear CEO letter, direct supervisory engagement about compliance weaknesses — is often the catalyst for an urgent SMF16 upgrade. In this context, appointing a more experienced Head of Compliance is one of the most effective signals a firm can send to the regulator that it is taking the concerns seriously. The quality and credibility of the individual appointed, and the speed at which they are appointed, are both factors the FCA watches.

SMF16 versus SMF17: different accountability, different profile

SMF16 and SMF17 are the two most commonly combined Senior Management Functions in smaller FCA-regulated firms, and understanding their different accountability structures is essential to hiring for either. SMF16 is the Compliance Oversight function — responsible for the regulatory compliance framework broadly. SMF17 is the Money Laundering Reporting Officer function — responsible specifically for the firm’s AML and CTF framework and for Suspicious Activity Reports to the National Crime Agency.

The accountability structures are different in important ways. SMF16 accountability is primarily regulatory — the FCA can take supervisory action against the SMF16 holder for compliance framework failures. SMF17 accountability extends to criminal law — the MLRO can face criminal prosecution under the Proceeds of Crime Act 2002 for failure to make a SAR where there are reasonable grounds to suspect money laundering. Both functions carry serious personal exposure, but the nature of the exposure is different.

In many smaller FCA-regulated firms, both functions are held by a single individual. This dual-hat arrangement is permitted by the FCA and is common practice. The key question is whether the combined workload and risk profile is manageable for one person. Where the business has a material AML risk profile — high-volume transaction monitoring, complex customer due diligence requirements, significant PEP exposure — a single individual holding both functions is likely to be overextended. Where the business is smaller and lower-risk on the AML dimension, the combined role is often a sensible and proportionate structure.

What to look for in an SMF16 candidate

The assessment framework for an SMF16 appointment needs to address three distinct dimensions: technical regulatory knowledge, judgement under pressure, and board-level communication capability. A candidate who scores well on the first and poorly on the others will create compliance infrastructure that works technically but fails at the moments that matter most.

Technical knowledge for an SMF16 in financial services means command of the FCA’s SYSC sourcebook, familiarity with the relevant conduct rules under SMCR, understanding of the FCA’s supervisory approach and enforcement patterns in the firm’s sector, and working knowledge of the compliance monitoring and reporting frameworks that keep the board informed. The specific technical depth required depends heavily on the firm’s sector: an SMF16 for a retail investment firm needs command of COBS and PROD that a payment institution SMF16 does not require, and vice versa. Generic compliance experience is not a substitute for sector-specific technical knowledge at the SMF16 level.

Judgement under pressure is harder to assess but more important. The SMF16 function routinely creates friction between regulatory obligation and commercial pressure — new products that are commercially attractive but regulatorily marginal, client practices that generate revenue but raise conduct questions, cost pressures that the business wants to resolve by reducing compliance resource. The SMF16 who cannot hold their position under commercial pressure, or who resolves the tension by adjusting their assessment of the regulatory position rather than their position in the business conversation, is a regulatory liability regardless of their technical competence.

Board-level communication capability means the ability to convey complex regulatory risk in terms that non-specialist directors can understand, act on, and be held accountable for. An SMF16 who writes board reports in regulatory language that directors cannot parse is failing at one of their most important functions. The best SMF16 holders frame regulatory risk in business terms — what could go wrong, what it would cost, what the probability is, and what the firm needs to do differently to reduce the risk to an acceptable level.

FCA fitness and propriety for SMF16 candidates

Before an individual can hold the SMF16 function, the FCA must approve them as fit and proper. The FCA’s fitness and propriety assessment evaluates three dimensions: honesty, integrity and reputation; competence and capability; and financial soundness.

Honesty, integrity and reputation covers the candidate’s regulatory history — previous FCA or PRA enforcement action, regulatory references from former employers, any criminal history, and any matters that might suggest the individual is not of the character required for a senior management function. A candidate with a previous regulatory sanction is not automatically disqualified, but they will face a more demanding assessment and will need to demonstrate clearly what changed and how.

Competence and capability for SMF16 is assessed against the specific requirements of the function as it will operate in the applicant firm — not against a generic competence standard. The FCA wants to understand whether the proposed SMF16 has the knowledge, skills, and experience to oversee compliance effectively in the firm’s specific regulatory context, at the firm’s current stage of development and risk profile. A candidate who has been a strong Head of Compliance at a comparable firm in the same sector, with the FCA’s experience file to prove it, will typically satisfy this dimension comfortably. A candidate from a different regulatory environment who is being proposed for a more complex SMF16 role will face closer scrutiny.

Financial soundness covers the candidate’s personal financial position. The FCA is alert to candidates with significant personal debt problems, insolvency history, or financial pressures that might create vulnerability to corruption or undue influence. This is assessed through the Form A application process and through the regulatory reference the candidate provides from their most recent regulated employer.

Salary benchmarks — SMF16, 2026

Interview questions that reveal genuine SMF16 capability

Standard compliance interview questions — “describe your experience of regulatory change management”, “how do you build relationships with the regulator” — produce rehearsed answers that do not distinguish candidates. The questions that reveal genuine SMF16 capability are specific, situational, and designed to surface judgement rather than knowledge.

Ask the candidate to describe a specific situation where they disagreed with the business on a compliance matter and explain what happened. Press for the detail: what was the disagreement, who was applying pressure, what was at stake, what did they do. A candidate who has held an SMF16-equivalent function will have at least three or four clear examples. A candidate who struggles to describe a single genuine disagreement has either not been operating at the right level or is not being candid.

Ask what the firm’s most significant compliance failure has been during their tenure and what they did about it. The answer reveals whether the candidate owns problems or deflects them, and whether they are able to be honest with a potential employer about things that went wrong. A candidate who cannot identify any failures is not credible; a candidate who identifies failures and explains what they learned and what changed as a result is usually someone worth taking seriously.

Ask how they would frame a significant regulatory risk to the board of this firm — and give them a specific, moderately complex scenario. The quality of their answer reveals both their technical assessment capability and their communication ability. A candidate who responds in regulatory language without translating it into board-level terms is showing you exactly what their board reports will look like.

The FCA approval timeline for SMF16

The FCA’s standard processing time for an SMF16 application through Form A is three months from submission. In practice, applications that are well-prepared — with complete regulatory references, a clear statement of responsibilities, and a proposed SMF16 who matches the role specification precisely — tend to move through the FCA’s process more smoothly than applications with gaps or complications.

The approval timeline has important implications for search. If the firm is replacing a departing SMF16, the permanent appointment will not be in post for at least three to four months from the point of offer acceptance. An interim SMF16 — who may operate under the FCA’s temporary permissions for SMF appointments — provides regulatory continuity while the permanent process runs. If the firm is making its first SMF16 appointment as part of a new authorisation application, the proposed SMF16 must be named in the application and their fitness and propriety assessed alongside the firm’s authorisation; rushing this appointment creates application risk.

The most common mistakes in SMF16 appointments

Promoting internally without assessing whether the individual can operate at SMF16 level is the most frequent mistake. A competent compliance manager who has worked well within a compliance framework built by someone else may not have the experience, seniority, or board presence to build and own a framework as SMF16. The promotion is appealing — it is cheaper, faster, and avoids the disruption of an external hire — but the wrong appointment at SMF16 level is more expensive than the right external hire.

Prioritising sector familiarity over regulatory judgement produces appointments that know the right rules but cannot navigate the regulatory relationship. An SMF16 who has deep knowledge of a particular FCA rulebook but cannot manage a supervisory conversation with their FCA supervisor, or who cannot hold a board-level position under commercial pressure, will create problems that sector familiarity cannot solve.

Underspecifying the role in the brief to the search firm generates a shortlist that is too broad. The difference between a Head of Compliance who is adequate for the firm’s current regulatory environment and one who can grow with the firm’s risk profile is a difference in specific experience and capability that needs to be articulated in the brief, not discovered by interview. Being specific about the FCA sub-handbook that matters most, the nature of the supervisory relationship the firm has, and the specific compliance challenges on the horizon produces a better shortlist and a better appointment.

Related Guides and Services

• Head of Compliance Recruitment (SMF16) — our FCA compliance leadership search service
• SMF17 MLRO Hiring Guide — hiring guide for the Money Laundering Reporting Officer function
• MLRO Recruitment — permanent and interim MLRO search across all regulated sectors
• Fractional Compliance Officer — part-time compliance leadership for smaller FCA firms
• Chief Risk Officer Recruitment — CRO appointments for regulated and corporate businesses
• FCA Regulated Firm Recruitment — all senior management function appointments

Sources

• FCA — Senior Managers and Certification Regime (SMCR)
• FCA Handbook — SYSC: Senior Management Arrangements, Systems and Controls
• FCA — PS18/14: Extending the Senior Managers and Certification Regime to all FCA firms
• Proceeds of Crime Act 2002
• FCA — Section 166 Skilled Persons Reviews
• Institute of Chartered Accountants in England and Wales (ICAEW)

SMF16 Recruitment | MLRO Recruitment | FCA Regulated Firms | Fractional Compliance Officer | CRO Recruitment