SMCR Self-Assessment: A Practical Guide for Senior Managers

The SMCR self-assessment is not a formal FCA requirement but an increasingly expected governance practice — a structured process through which senior managers review their understanding of their own accountability, identify gaps in their oversight arrangements, and document the steps they are taking to discharge their reasonable steps obligations.

Why Senior Managers Should Self-Assess

The SMCR’s reasonable steps obligation requires SMF holders to take adequate steps to ensure the business areas within their responsibility comply with regulatory requirements. In any FCA investigation into a conduct failure, the FCA will ask what the relevant SMF holder knew, when they knew it, and what they did about it. A senior manager who has conducted a structured self-assessment of their oversight arrangements — and acted on it — is in a materially stronger position than one who has not.

What a Self-Assessment Should Cover

An effective SMCR self-assessment covers four interconnected areas. First, the accuracy and completeness of the Statement of Responsibilities: does the SoR accurately reflect what the individual is actually accountable for, or has the firm’s activities changed since it was last reviewed? Second, the adequacy of the information flow: does the SMF holder receive timely, accurate and complete management information about the areas within their remit? Third, the effectiveness of the controls: are the controls in place for the areas within their responsibility adequate and operating effectively? Fourth, the governance documentation: is there a clear record of the SMF holder’s oversight activities — board minutes, committee papers, escalation logs — that would evidence their reasonable steps if the FCA were to investigate?

Reviewing the Statement of Responsibilities

The SoR is the foundational document for any self-assessment. The individual should read it carefully and ask: does this accurately describe what I do? Does it reflect the areas of the firm for which I am genuinely accountable? Has anything changed — new activities, restructured teams, amended reporting lines — that should be reflected in an updated SoR? Where the SoR is out of date, the individual should raise this with the compliance function and ensure it is updated. An SMF holder who operates outside their SoR — taking on responsibilities not documented in it — is accountable for those activities without the protection of a clear documented allocation.

Assessing Information Flows

The quality of an SMF holder’s oversight depends entirely on the quality of the management information they receive. For each area within their remit, the individual should assess: am I receiving the right information, at the right frequency, in a format that allows me to identify problems? Are there areas of my remit where I have limited visibility because the MI is inadequate, delayed or too aggregated to identify specific issues? Where gaps are identified, the SMF holder should request improvements from the relevant operational team and document the request.

Reviewing Controls and Escalation Mechanisms

An SMF holder is not responsible for personally operating every control within their remit, but they are responsible for ensuring adequate controls exist and are operating effectively. The self-assessment should include a review of whether: there are documented controls for each significant risk within the remit; those controls are being tested and monitored; findings from monitoring are escalated to the SMF holder appropriately; and the SMF holder is taking documented action on escalated issues. Where the self-assessment identifies a control weakness, the SMF holder should ensure a remediation plan is in place and tracked.

Documenting the Self-Assessment

The self-assessment is only as valuable as its documentation. An undocumented self-assessment provides no evidence of the individual’s oversight activities in an FCA investigation. The documentation should capture: the areas reviewed; the findings — both positive and areas for improvement; the actions taken or committed to; and the date and individual involved. It does not need to be a lengthy formal report — a structured note, retained on file and updated at each assessment, is sufficient. The key is that the documentation is contemporaneous and specific, not a generalised assurance statement.

Frequency and Triggers for Self-Assessment

There is no prescribed frequency for SMCR self-assessment, but an annual assessment is a reasonable minimum for most senior managers. More frequent assessments are appropriate where: the firm’s activities or structure are changing significantly; the firm is going through an FCA visit or investigation; the individual has recently taken on new responsibilities; or there has been a regulatory incident within the individual’s area of responsibility. The self-assessment is not a one-off exercise — it is most effective when it is a regular, embedded governance practice.

Connecting Self-Assessment to Board Governance

At enhanced SMCR firms, the individual self-assessment by SMF holders should feed into the board’s collective governance review. The chair (SMF9) and the audit committee (SMF10) have an interest in whether senior managers are conducting effective self-assessments and whether the findings are driving genuine improvements in oversight. Boards that receive and review SMF self-assessment summaries as part of their governance cycle demonstrate a higher standard of SMCR governance than those that rely entirely on management representations.

Key References

• FCA — SMCR guidance
• FCA Handbook COCON — Conduct Rules