Share
On 15 July 2025, the Financial Conduct Authority (FCA) published Consultation Paper CP25/21, setting out proposed reforms to the Senior Managers and Certification Regime. While framed as deregulatory and pro-growth, the proposals signal a shift away from prescriptive regulation towards firm led judgment and principle-based accountability. This shift is likely to heighten exposure for firms, senior managers and their insurers.
The regulatory shift from rules to judgment
The central theme of CP25/21 is a move away from rigid FCA oversight to reliance on firms' own governance structures and judgment. This change may reduce administrative burdens in some areas, but it places greater responsibility on firms and senior managers to evidence reasonableness, oversight and compliance.
If adopted, the reforms would broaden the scope for both individual and corporate liability, with potential exposure in areas such as:
- Inadequate governance or oversight processes
- Appointing or retaining unsuitable individuals
- Issuing deficient regulatory references
- Failure to act on known red flags
- Poor documentation of “material changes” requiring updates to Statements of Responsibilities (SoRs)
Key proposals and emerging risks
Criminal record checks (CRCs)
The FCA proposes extending the validity of CRCs from three to six months, allowing firms to reuse earlier due diligence for Senior Management Function (SMF) applications. While this may streamline onboarding, it increases the window during which new convictions may go undetected, raising the risk of regulatory or civil exposure if an individual is later found to be unsuitable.
The FCA also proposes removing the requirement for CRCs where an individual already holds an SMF within the same group. This is not deregulation in substance – it transfers discretion and the associated liability to the firm. If the individual later proves unsuitable, the FCA may still pursue enforcement under the Duty of Responsibility for inadequate due diligence.
For overseas appointments, the FCA suggests treating foreign CRCs as equivalent to UK DBS checks, despite inconsistencies in reliability across jurisdictions. Many jurisdictions lack centralised records, rely on self-certification, or apply different thresholds for recordable offences. Firms will therefore have to consider enhanced declarations, supplementary vetting, or local legal advice in higher risk scenarios to mitigate exposure.
The 12-week rule for interim SMFs
Under the proposals, firms would no longer need FCA approval within 12 weeks of appointing an interim SMF holder; only submission of the application would be required. This change could allow unapproved individuals to occupy critical roles for extended periods.
Where misconduct occurs during this period, inadequate oversight, record keeping or informal delegation may expose firms and senior managers to challenge under the Duty of Responsibility.
Statements of responsibilities (SoRs)
Instead of submitting updated SoRs for every role change, the FCA proposes moving to periodic submissions, likely every six months. While this would reduce administrative burden and reflects current supervisory practice, it increases firms’ obligations to maintain accurate internal records and to produce SoRs on request.
The FCA is also consulting on what should constitute a “material change” requiring immediate SoR updates. Firms would have discretion to determine materiality but would need to evidence that their judgment was reasonable.
If adopted, this approach could give rise to enforcement or liability risk where material changes are overlooked, poorly documented, or not escalated. For example, if a misconduct event occurs and the firm cannot produce an accurate SoR reflecting responsibility at the relevant time, the FCA may allege a breach of the Duty of Responsibility or broader failings under SYSC. Senior managers could also face civil claims where poor SoR governance contributes to regulatory breach and/or financial loss.
Shorter deadline for regulatory references
The FCA proposes shortening the guidance timeframe for issuing regulatory references from six to four weeks. Although intended to speed up hiring processes, the shorter period may limit the quality or completeness of disclosures.
In time pressured or high-volume recruitment contexts, firms may be exposed where references omit material concerns, particularly in cases involving ongoing investigations or unclear records. Senior managers could face liability if subsequent misconduct arises and a deficient reference is found to have enabled the appointment.
Certification Regime: interim guidance
Pending wider reform, the FCA proposes interim, non-binding measures to streamline the Certification Regime. These include:
- Guidance on certification and recertification procedures
- Elimination of duplication where individuals are certified for multiple functions
- Guidance that senior managers performing certification roles may need to be certified
These measures are voluntary but may improve process efficiency. Firms should assess whether implementation is appropriate while preparing for potential statutory reform.
Comment: Practical tips for firms and insurers
Pending the outcome of the consultation, firms and insurers may wish to:
- Review internal procedures around SMF and certification decisions
- Identify where regulatory discretion is exercised and ensure decisions are clearly recorded and justified
- Reassess oversight and documentation for interim SMF appointments
- Evaluate regulatory reference processes for speed and completeness
- Test whether existing governance and compliance frameworks could withstand retrospective scrutiny in a judgment led enforcement environment
Responses to CP25/21 are due by 7 October 2025, with final rules expected in 2026. We will continue to provide updates at each key stage of the consultation process, including publication of final rules and the implementation timetable.
United Kingdom