Reasonable Steps Under SMCR: What the FCA Looks For

“Reasonable steps” is the central concept of SMCR personal accountability — and the FCA’s track record in enforcement shows exactly what it means in practice. This is not an abstract standard. The FCA assesses it against concrete questions about what the SMF holder knew, what they did, and what they should have done.

Under the SMCR, an SMF holder is not personally liable for every failure in their area of responsibility. They are liable where they failed to take reasonable steps to prevent the failure. The distinction matters: the question is not whether something went wrong in the SMF holder’s area, but whether they discharged their oversight obligations adequately. This post examines how the FCA applies that standard in practice.

The Starting Point: Senior Manager Conduct Rule 2

Senior Manager Conduct Rule 2 in COCON requires SMF holders to take reasonable steps to ensure that the business of the firm for which they are responsible complies with the relevant requirements and standards of the regulatory system. The rule creates a positive obligation — it is not enough to be unaware of failures in your area if you should have been aware, and it is not enough to have acted once and then stopped monitoring.

The FCA has consistently interpreted “reasonable steps” as requiring a genuine and ongoing oversight programme — not a one-off review or a passive reliance on management information that was never challenged. The steps must be proportionate to the risk: the more significant the potential harm from a failure in the area, the more rigorous the oversight expected.

What Adequate Reasonable Steps Look Like

Drawing from FCA enforcement decisions and guidance, the following elements consistently characterise adequate reasonable steps in practice.

Receiving adequate management information. The SMF holder receives regular, timely and specific MI about the areas within their remit — not aggregated headline figures that obscure individual issues, and not retrospective reports that arrive too late to act. They actively review that MI rather than filing it unread. Where the MI reveals a concern, they ask questions and follow up. Where the MI does not exist or is inadequate, they request it.

Asking challenging questions. The SMF holder challenges management representations rather than accepting them. In board meetings, committee meetings and one-to-one reporting, they ask specific questions about compliance, risk and operational performance — and pursue the answers where initial responses are unsatisfactory. An FCA investigation that reveals an SMF holder was present at meetings where warning signs were discussed but asked no questions will not support a defence of adequate oversight.

Acting promptly on concerns. Where information suggests a potential compliance failure, the SMF holder takes documented action — commissioning a review, escalating to the compliance function, requiring a remediation plan, or raising the issue with the board. The action must be genuine and must be followed through. A documented escalation that was raised once and then dropped, with no follow-up, does not constitute adequate reasonable steps.

Maintaining oversight of delegated responsibilities. Where the SMF holder has delegated aspects of their area to others, they retain accountability for the outcome. Adequate reasonable steps in this context means: selecting an appropriate delegate; providing clear instructions; establishing reporting mechanisms; monitoring performance; and taking action where the delegate is underperforming. An SMF holder who delegated an area, received no information about it and took no interest in it until something went wrong has not taken adequate steps.

Documenting the oversight programme. Arguably the most practically important element: the SMF holder maintains a contemporaneous record of their oversight activities — board minutes, committee papers, emails escalating concerns, notes of management discussions, records of actions requested and completed. This documentation is the evidential basis for a reasonable steps defence. An SMF holder who took all the right steps but documented none of them is in a significantly weaker position than one who documented everything, even if their actual oversight was identical.

What Inadequate Reasonable Steps Look Like

The FCA’s enforcement decisions provide equally clear examples of what fails the reasonable steps test.

Relying entirely on management’s own assessment. An SMF holder who accepted management’s assurances that everything was compliant, without independent verification or challenge, was found by the FCA not to have taken reasonable steps where those assurances turned out to be wrong. The reasonable steps obligation requires the SMF holder to form their own view based on available evidence — not simply to relay management’s view upward.

Ignoring red flags. Where information available to the SMF holder indicated a potential problem — complaints from clients, unusual transaction patterns, staff conduct concerns, a significant regulatory change that had not been addressed — and the SMF holder took no action, the FCA has held that this constituted a failure to take reasonable steps. Red flags do not need to be conclusive evidence of a breach to trigger the obligation to act on them.

Treating oversight as a governance formality. Board papers received, signed and filed without reading; compliance reports noted without questions; risk committee meetings attended but not engaged with. The FCA has found that passive attendance at governance meetings — without genuine engagement — does not satisfy the reasonable steps obligation. Attendance is not the same as oversight.

Failing to keep up with regulatory change. Where the regulatory framework applicable to the SMF holder’s area changed materially and they took no steps to ensure the firm’s practices were updated, the FCA has treated this as a failure of reasonable steps — even where the individual was not personally aware of the change. The obligation includes taking steps to stay informed of regulatory developments relevant to the area of responsibility.

Reasonable Steps in the Context of Regulatory References

The reasonable steps obligation has a specific application in the context of regulatory references. An SMF holder who receives a regulatory reference disclosing adverse information about a proposed appointee is required to take reasonable steps to assess that information — which means considering it genuinely in the fit and proper assessment, seeking further information where the disclosure is unclear, and documenting the conclusion reached. Simply receiving a reference containing adverse information and proceeding with the appointment without any documented assessment does not constitute reasonable steps.

Similarly, an SMF holder who becomes aware of information about a current employee that is relevant to fitness and propriety — and who fails to take steps to address it, including updating the employee’s regulatory reference if they subsequently leave — has not discharged their reasonable steps obligation under the regulatory references framework.

Key References

• FCA Handbook COCON — Code of Conduct Sourcebook
• FCA — Enforcement decisions and case studies