Annual Certification: Practical Steps for Certified Persons

Annual certification is a genuine compliance obligation — not a bureaucratic formality. Firms that treat it as a tick-box exercise, and individuals who wait passively for their employer to manage it for them, both regularly find themselves in difficulty when the FCA asks questions.

Under the SMCR Certification Regime, firms must assess and certify the fitness and propriety of every individual in a certified role at least annually. Unlike SMF approvals — which involve the FCA directly — certification is entirely the firm’s responsibility. The FCA does not approve certified persons. But it does expect firms to have a robust annual process, and it expects certified persons to understand what that process involves and to engage with it properly.

Who Is a Certified Person?

A certified person is anyone who performs a function that requires a certificate — defined as roles that could cause significant harm to the firm or its customers if carried out by someone who is not fit and proper. The main certified functions include: significant management — those who manage a business line, activity or group of staff where their actions could significantly harm the firm or customers; client-dealing functions — those in direct contact with customers in certain regulated activities; algorithmic trading; proprietary traders; material risk-takers; and a small number of other firm-specific functions defined in the rules.

It is worth noting that the Certification Regime covers a wider population than firms sometimes appreciate. A relationship manager who manages a client book and makes investment recommendations is a certified person. A trader who takes proprietary positions above a defined threshold is a certified person. A team leader who manages a compliance monitoring team could be a certified person if their management role meets the significant management test. Firms should audit their population of certified persons periodically to ensure the scope is accurate.

What Firms Must Assess

The annual certification assessment must cover the same three dimensions as the FCA’s own fit and proper test for SMF holders: honesty, integrity and reputation; competence and capability; and financial soundness. Each assessment must be documented. The certificate issued at the end of the process — confirming the individual is fit and proper to perform their certified function — must be retained and updated annually.

Honesty, integrity and reputation requires the firm to check whether anything has emerged during the year that affects the individual’s fitness — a criminal proceeding, disciplinary action, a civil judgment, or adverse information from clients or counterparties. The firm should have a mechanism by which individuals are required to self-disclose material changes to their circumstances. A firm that issues a certificate without having made any enquiries about the individual’s conduct during the preceding year has not discharged the assessment obligation.

Competence and capability requires the firm to assess whether the individual continues to have the skills, knowledge and experience to perform their certified function effectively — including any changes to the regulatory framework applicable to their role since the last certificate was issued. Where the individual’s role has changed materially, the assessment must consider whether they are fit and proper for the new responsibilities, not just the historic ones.

Financial soundness is typically assessed through a self-declaration process — the individual confirms whether their financial circumstances have changed materially, and the firm follows up where the declaration indicates a potential concern.

What Certified Persons Should Prepare

Certified persons who approach annual certification proactively — rather than waiting for a form to land in their inbox — manage the process more effectively and avoid last-minute complications. The following steps are worth taking as the certification window approaches.

Review your certified function. Check that the function you are being certified for accurately reflects what you actually do. If your role has changed significantly since last year — new responsibilities, a different team, a changed client base — flag this to your compliance officer before the certification process begins. Being certified for the wrong function, or not being certified for a function you actually perform, is a compliance failure.

Consider your disclosures. Think through the three dimensions of the fit and proper test against your own circumstances over the preceding year. Is there anything — a County Court Judgment, a disciplinary matter, an issue with a previous employer, an adverse personal financial event — that your firm should know about? Certified persons have an ongoing obligation to disclose material changes. Disclosing proactively, as part of the annual process, is far preferable to having something emerge that was not disclosed when it should have been.

Gather evidence of competence. If your certification includes a competence assessment, prepare evidence of your professional development during the year — training completed, qualifications achieved, new regulatory knowledge acquired. Compliance teams will often ask for this and a ready answer is better than a scrambled retrospective search through CPD records.

Common Certification Failures

The most frequently identified failures in the FCA’s reviews of Certification Regime implementation are consistent enough to be worth naming directly.

Treating the process as a formality. Firms that issue certificates as a bulk exercise — sending forms to be signed and filed without any actual assessment — are not complying with the regime. The FCA expects the assessment to be genuine. Where the FCA reviews a firm’s certification process and finds that certificates are issued the same day forms are received, with no evidence of any meaningful assessment, it treats this as a compliance failure regardless of whether the underlying population is actually fit and proper.

Scope creep — and scope gaps. Firms frequently find that their certified person population has drifted from the original scope assessment. New roles are created that should attract certification but have not been assessed for it. Existing roles evolve to include certified functions without triggering a review. An annual audit of the scope of the certified person population alongside the certification process itself is good practice.

Late certification. The firm must hold a current certificate for each certified person before they perform their certified function. A gap between the expiry of last year’s certificate and the issue of this year’s — even a short one — creates a period during which the individual is performing a certified function without a valid certificate. Firms should ensure the certification timeline is managed to avoid these gaps.

Individual non-engagement. Certified persons who do not respond to certification requests, do not complete required declarations, or do not provide required information are creating a problem for the firm — but ultimately for themselves. If an individual cannot be certified because they have failed to engage with the process, the firm cannot lawfully allow them to continue performing their certified function until certification is complete.

Key References

• FCA Handbook SYSC 27 — Certification
• FCA — Certification Regime guidance