FCA Regulatory Glossary: Key Terms and Acronyms Explained

UK financial regulation generates a large and constantly expanding vocabulary of acronyms, frameworks and sourcebook references. This glossary provides plain-English explanations of the terms that matter most for FCA-regulated firms, their senior managers and the compliance professionals who advise them.

Each entry gives a brief explanation of the term, identifies the firms most affected and, where FD Capital has produced a comprehensive guide, links to it for a fuller treatment. The glossary is organised by regulatory cluster rather than alphabetically — reflecting how the obligations interconnect in practice.

Senior Managers and Certification Regime (SMCR)

SMCR — Senior Managers and Certification Regime. The FCA’s accountability framework for individuals at regulated firms — requiring senior managers to be individually approved, certified persons to be assessed as fit and proper annually, and all staff to follow Conduct Rules. Replaced the Approved Persons Regime in 2019. Full guide →

SMF — Senior Manager Function. A specific role designated under SMCR that requires individual FCA approval before the holder can perform it. There are 27 SMF designations covering roles from CEO (SMF1) to committee chairs (SMF10–13). Each SMF holder must have a Statement of Responsibilities and is personally accountable for the areas within their remit.

SMF1 — Chief Executive Officer function. The individual with overall management responsibility for the firm.

SMF2 — Chief Finance function. Accountable for the firm’s financial management. Guide →

SMF3 — Executive Director function. Applies to executive directors of enhanced firms not covered by another named SMF. Guide →

SMF4 — Chief Risk Officer function. Head of the risk management function at enhanced firms.

SMF5 — Head of Internal Audit function. Leads the internal audit function at enhanced firms — requires structural independence from executive management. Guide →

SMF9 — Chair of the Governing Body. The chair of the board at enhanced firms. Guide →

SMF10–13 — Committee Chair functions: Audit (SMF10), Risk (SMF11), Remuneration (SMF12), Nominations (SMF13). Guide →

SMF14 — Senior Independent Director. The most senior independent NED at enhanced firms; an alternative contact for the FCA and shareholders. Guide →

SMF16 — Compliance Oversight function. The individual accountable for the firm’s compliance with FCA requirements. Guide →

SMF17 — MLRO function. The Money Laundering Reporting Officer. Guide →

SMF18 — CASS Oversight function. The individual accountable for the firm’s compliance with client asset rules. Guide →

SMF24 — Chief Operations function. Applies at growing firms with a dedicated operations lead. Guide →

SoR — Statement of Responsibilities. The document that defines each SMF holder’s specific accountabilities. Must be accurate and updated on any material change to the individual’s role.

MRM — Management Responsibilities Map. The firm-level document showing how all regulated activities and senior management functions are allocated across the organisation. Required for all SMCR firms.

Certification Regime — The SMCR requirement for firms to assess the fitness and propriety of individuals in roles of significant harm potential (below SMF level) on at least an annual basis.

Conduct Rules — The SMCR rules (in COCON) that govern the behaviour of all staff at regulated firms. Individual Conduct Rules apply to all employees; Senior Manager Conduct Rules apply to SMF holders.

Conduct and Consumer Regulation

Consumer Duty — The FCA’s overarching standard for retail customer treatment, in force from July 2023. Requires firms to deliver good outcomes across four areas: products and services, price and value, consumer understanding, and consumer support. Full guide →

COBS — Conduct of Business Sourcebook. The FCA Handbook chapter covering how regulated firms must conduct themselves with clients — covering communications, suitability, product disclosure, best execution and more. Applies primarily to investment firms.

CONC — Consumer Credit Sourcebook. The FCA’s conduct rulebook for consumer credit firms — covering creditworthiness assessments, pre-contract disclosures, arrears management and debt collection. Full guide →

TCF — Treating Customers Fairly. The FCA’s predecessor principle to Consumer Duty. Still relevant as a baseline; Consumer Duty now sets the higher standard for retail customer interactions.

Financial Promotions — Communications that constitute an invitation or inducement to engage in investment activity. Subject to strict FCA approval requirements under Section 21 FSMA. Full guide →

Section 21 — The FSMA provision that restricts who can communicate a financial promotion. Approval by an FCA-authorised firm (or one holding gateway permission) is required for any financial promotion from an unauthorised firm. Guide →

Financial Promotions Gateway — The FCA permission required since February 2024 for authorised firms wishing to approve financial promotions for unauthorised third parties. Guide →

SYSC — Senior Management Arrangements, Systems and Controls. The FCA Handbook chapter requiring firms to have adequate management structures, internal controls and risk management systems. Guide →

AML and Financial Crime

MLR 2017 — Money Laundering Regulations 2017. The UK regulations implementing the EU Fourth Anti-Money Laundering Directive. Require regulated firms to have AML policies, CDD procedures, transaction monitoring and suspicious activity reporting. Guide →

KYC — Know Your Customer. The process of identifying and verifying a customer’s identity and assessing their risk profile. A component of the CDD obligation under MLR 2017. Guide →

CDD — Customer Due Diligence. The MLR 2017 requirement to identify and verify customers and beneficial owners, understand the nature of the business relationship, and assess money laundering risk.

EDD — Enhanced Due Diligence. A more intensive version of CDD required for higher-risk customers — including PEPs, customers from high-risk jurisdictions and complex corporate structures.

PEP — Politically Exposed Person. An individual who holds or has held a prominent public function — and their close family members and associates. Subject to EDD requirements under MLR 2017. Guide →

SAR — Suspicious Activity Report. A report submitted to the National Crime Agency (NCA) where a regulated firm suspects money laundering or terrorist financing. Filing a SAR is a legal obligation; tipping off the subject of a SAR is a criminal offence.

DAML — Defence Against Money Laundering. A consent request submitted to the NCA where a firm wishes to complete a transaction that it suspects involves the proceeds of crime. The DAML system allows the NCA to grant or withhold consent within a statutory timeframe.

POCA — Proceeds of Crime Act 2002. The primary UK legislation criminalising money laundering. Contains the three principal laundering offences, the tipping off offence and the consent regime. Full guide →

FATF — Financial Action Task Force. The international body that sets global standards for AML and counter-terrorist financing. Its recommendations form the basis of the MLR 2017 and the FCA’s AML supervisory expectations.

Investment Services and Capital Markets

MiFID II — Markets in Financial Instruments Directive (second version). The EU directive governing investment services in the UK, retained post-Brexit as part of UK law. Covers conduct of business, client categorisation, best execution, product governance and inducements for investment firms.

MIFIDPRU — MiFID Prudential Regime. The FCA’s UK prudential framework for investment firms introduced in January 2022 — replacing CRD IV for solo-regulated FCA investment firms with a risk-sensitive capital regime. Guide →

MAR — Market Abuse Regulation. The UK regulation (retained from EU law) governing market manipulation, insider dealing and the disclosure of inside information. Applies to issuers of securities and firms dealing in them.

CASS — Client Assets Sourcebook. The FCA Handbook chapter governing how regulated firms must handle client money and custody assets — including the segregation, reconciliation and reporting requirements. Guide →

EMIR — European Market Infrastructure Regulation (retained in UK law). Governs over-the-counter derivatives — requiring central clearing, trade reporting and risk mitigation for derivatives not cleared centrally.

UCITS — Undertakings for Collective Investment in Transferable Securities. The EU/UK framework for retail investment funds — setting out how they are structured, what they can invest in and how they must be marketed.

AIFMD — Alternative Investment Fund Managers Directive. The regulatory framework for managers of alternative investment funds — hedge funds, private equity funds, real estate funds. In the UK post-Brexit, applies through the UK AIFMD regime with the NPPR for marketing. Full guide →

PRIIPs — Packaged Retail and Insurance-based Investment Products. The regulation requiring manufacturers of investment products sold to retail investors to produce a standardised Key Information Document (KID). Full guide →

PROD — Product Intervention and Product Governance Sourcebook. The FCA Handbook chapter implementing MiFID II product governance obligations — target market identification, distribution strategy and ongoing product review. Guide →

REMIT — Regulation on Wholesale Energy Market Integrity and Transparency. Governs the prohibition of market abuse in wholesale energy markets — the energy market equivalent of MAR.

ESG and Sustainability

SFDR — Sustainable Finance Disclosure Regulation. The EU regulation requiring asset managers and financial advisers to disclose how sustainability risks are integrated into their processes. Not directly applicable in the UK post-Brexit but influences UK firms with EU operations. The FCA’s UK SDR is the domestic equivalent. Full guide →

UK SDR — Sustainability Disclosure Requirements. The FCA’s UK framework for sustainable investment labelling and disclosure — introducing four investment labels (Sustainability Focus, Improvers, Mixed Goals, Impact), naming and marketing rules, and entity-level TCFD disclosures. Full guide →

TCFD — Task Force on Climate-related Financial Disclosures. The international framework for disclosing climate-related financial risks — across governance, strategy, risk management and metrics. Mandatory for large UK companies and FCA-regulated firms above certain thresholds. Full guide →

TNFD — Taskforce on Nature-related Financial Disclosures. An emerging framework for disclosing nature and biodiversity-related financial risks — complementary to TCFD, expected to become mandatory over time.

Anti-Greenwashing Rule — The FCA rule requiring that all sustainability claims made by regulated firms are fair, clear and not misleading — in force from May 2024 as part of the UK SDR framework.

Prudential and Capital

ICAAP — Internal Capital Adequacy Assessment Process. The firm’s own assessment of the capital it requires to cover its risks — submitted to regulators as part of the Supervisory Review and Evaluation Process (SREP).

CRD — Capital Requirements Directive. The EU/UK directive implementing Basel capital standards for banks and large investment firms. CRD V introduced enhanced governance and remuneration requirements alongside revised capital standards.

Basel III/IV — The Basel Committee’s international capital standards for banks. Implemented in the UK through the PRA’s capital rules and the CRD framework.

Solvency II — The EU/UK capital framework for insurance firms — requiring risk-based capital calculations, own risk and solvency assessments (ORSA) and detailed public disclosure.

Payment Services and E-Money

PSRs — Payment Services Regulations 2017. The UK framework for payment service providers — governing authorisation, capital requirements, safeguarding, conduct rules and SCA. Full guide →

EMRs — Electronic Money Regulations 2011. The UK framework for e-money institutions — governing authorisation, capital, safeguarding and redemption rights. Full guide →

Safeguarding — The obligation on payment institutions and e-money firms to ring-fence customer funds in designated accounts at eligible credit institutions — protecting those funds in the event of the firm’s insolvency. Full guide →

SCA — Strong Customer Authentication. The requirement for payment service providers to authenticate transactions using at least two of three factors: knowledge, possession and inherence. Required for electronic payment transactions under the PSRs.

Open Banking — The regime enabling regulated third-party providers to access bank account information and initiate payments with customer consent — delivered through the Open Banking Implementation Entity (OBIE) and governed by the PSRs.

FCA Authorisation and Process

Threshold Conditions — The five minimum standards every FCA-authorised firm must meet to obtain and maintain its permission: legal status, location of offices, effective supervision, appropriate resources and suitability. Full guide →

Regulatory Business Plan — The primary document submitted as part of an FCA authorisation application — setting out the firm’s business model, financial projections, compliance framework and senior management appointments. Full guide →

Form A — The FCA application form for the approval of an individual as a Senior Manager Function holder. Requires personal disclosure including regulatory history, financial soundness and relevant qualifications.

Section 166 — A “skilled person review” commissioned by the FCA under Section 166 FSMA — an independent expert review of a specific aspect of a regulated firm’s activities or controls. Guide →

Change of Control — The FCA process triggered when a person acquires or increases a qualifying holding in a regulated firm — requiring notification to and approval by the FCA before the change takes effect.

Operational Resilience and Technology

DORA — Digital Operational Resilience Act. The EU regulation governing digital resilience for financial services firms — covering ICT risk management, incident reporting, digital operational resilience testing and third-party risk. Applies to UK firms with EU operations or from January 2025 for EU-regulated entities. Full guide →

FCA Operational Resilience — The FCA’s policy requiring regulated firms to identify important business services, set impact tolerances for disruption, and test their ability to remain within those tolerances. In force since March 2022 with full testing required by March 2025.

ICT — Information and Communications Technology. In the DORA context, the technology infrastructure on which regulated firms’ activities depend — including hardware, software, data, cloud services and third-party technology providers.

Key References

• FCA Handbook — the complete regulatory handbook
• FCA — information for regulated firms
• FCA Financial Services Register — check firm and individual authorisation status