Map, document, and maintain clear accountability structures under the Senior Managers and Certification Regime to meet FCA expectations and avoid enforcement action.
The Senior Managers and Certification Regime (SM&CR) was designed to ensure that senior individuals within regulated firms have clearly defined responsibilities and can be held personally accountable for failures within their areas. For insurance firms — whether insurers, intermediaries, or Lloyd's managing agents — this means every material business activity must be owned by a named Senior Manager Function (SMF) holder.
In practice, many firms have completed the initial SM&CR implementation but have not maintained their responsibilities maps as the business evolves. New products, reorganisations, regulatory changes, and staff turnover create gaps and overlaps that undermine the regime's purpose. The FCA has highlighted that Statements of Responsibilities (SoRs) often become outdated documents filed at authorisation and never revisited.
The consequences of poor accountability mapping are severe. Under section 66B of FSMA, a Senior Manager can face personal enforcement action if a regulatory breach occurs in their area of responsibility and they cannot demonstrate they took reasonable steps to prevent it. Without a clear, current responsibilities map, neither the firm nor the individual can mount an effective defence.
Effective responsibilities mapping requires a systematic approach that goes beyond filling in template SoRs. It starts with identifying all Senior Manager Functions applicable to your firm type, mapping each prescribed responsibility to a named individual, and then layering on the firm's own allocation of additional responsibilities to ensure complete coverage.
The framework must include a governance process for keeping the map current: triggers for review (such as organisational changes, new regulatory requirements, or departures), a defined update and approval workflow, and version control to maintain a clear audit trail. The responsibilities map should be a living document that the board and compliance function actively use.
Crucially, the mapping exercise should also identify the Certification Functions within your firm and ensure that annual fitness and propriety assessments are conducted, recorded, and actioned. The certification regime applies to a broader population than many firms initially realised, and gaps here are a common supervisory finding.
Follow these steps to create a comprehensive, maintainable responsibilities map that satisfies FCA expectations and provides genuine accountability clarity.
Review the FCA's table of Senior Manager Functions in SUP 10C to identify which SMFs apply to your firm type. For insurance intermediaries, the core functions typically include SMF1 (Chief Executive), SMF3 (Executive Director), SMF16 (Compliance Oversight), and SMF17 (Money Laundering Reporting Officer). Insurers and Lloyd's managing agents have a broader set of required functions. Ensure you have not missed any required SMFs.
The FCA sets out prescribed responsibilities that must be allocated to a Senior Manager — they cannot be left unassigned. These include responsibility for the firm's compliance with FCA rules, financial crime prevention, and (since July 2023) Consumer Duty implementation. Map each prescribed responsibility in SYSC 24/25 to a named SMF holder and document this in their Statement of Responsibilities.
Beyond prescribed responsibilities, map all material business activities and functions to Senior Managers. This includes underwriting, claims, distribution, IT, outsourcing, and customer operations. The goal is to ensure there is no area of the business that falls outside the responsibility of a named Senior Manager. Use your firm's organisational chart and committee structure as the starting point.
Each Senior Manager must have a current Statement of Responsibilities (SoR) that clearly sets out their individual accountability. SoRs must be filed with the FCA on appointment and updated whenever there is a significant change. Use the FCA's prescribed form but supplement it with sufficient detail to be meaningful — a vague SoR provides no protection to the individual or the firm.
The overall Management Responsibilities Map brings together all SoRs into a single firm-wide view, showing how responsibilities are allocated and how they relate to the firm's governance structure. Under SYSC 25.7, enhanced scope firms must maintain this map. Even if your firm is not required to maintain one, it is strong practice to do so.
Identify all staff performing Certification Functions — roles that could cause significant harm to the firm or its customers but are not Senior Manager Functions. This typically includes underwriters with delegated authority, senior claims handlers, and those giving investment advice. Conduct annual fitness and propriety assessments for each certified person and maintain records of the assessment and outcome.
Define the events that trigger a review of the responsibilities map: organisational restructuring, new product launches, regulatory changes, departures or arrivals of Senior Managers, and material outsourcing changes. Assign ownership of the map to a specific role (typically the Compliance Officer or Company Secretary) and ensure updates follow a defined approval workflow.
A Statement of Responsibilities that simply restates the FCA's prescribed wording adds little value. Tailor each SoR to reflect the individual's actual day-to-day responsibilities, the specific business areas they oversee, and the governance structures they operate within.
The FCA expects a named Senior Manager to have responsibility for Consumer Duty implementation and ongoing compliance. Ensure this is explicitly reflected in the relevant SoR and that the individual has sufficient visibility of customer outcomes data to discharge this responsibility.
Track regulatory breaches, complaints trends, and material incidents by the responsible Senior Manager's area. This supports the "reasonable steps" defence by providing evidence of issues identified and actions taken within each individual's remit.
Ensure every SMF holder understands the duty of responsibility, the Conduct Rules that apply to them, and the practical steps they should take to evidence "reasonable steps." Annual refresher training is good practice.
Manual tracking of SoRs, certification assessments, and responsibilities maps becomes unwieldy as the firm grows. Use a workflow system to manage version control, trigger reviews, track certification deadlines, and produce compliance reports.
Cross-referenced against SUP 10C for your firm type.
All certified persons have a current fitness and propriety assessment on file.
Identify potential gaps in your fca compliance processes with our free self-assessment tool. Not a substitute for professional advice.
Try these related tools — no sign-up required.
A definitive guide to meeting FCA record-keeping obligations under SYSC 9, COBS, ICOBS, and DISP — with practical retention schedules and storage recommendations.
fca complianceBuild a robust, evidenced fair value assessment process that satisfies FCA expectations under PRIN 2A and demonstrates genuine customer-centric outcomes.
complaints handlingStructured processes ensure complaints from vulnerable customers receive the enhanced care, flexibility, and support that the FCA expects under its vulnerability guidance and the Consumer Duty.
SwiftCase helps insurance firms map, track, and maintain Senior Manager responsibilities with automated review triggers, version-controlled SoRs, and certification tracking.
