SMCR vs APR: what was lost when the Approved Persons Regime was retired

The Regime That SMCR Replaced

For twenty years, the Approved Persons Regime (APR) was the FCA’s primary framework for holding individuals at regulated firms to account. Introduced under the Financial Services and Markets Act 2000, the APR required firms to obtain FCA approval for anyone performing a Controlled Function — a defined list of roles carrying regulatory significance.

In December 2019, the APR was replaced for most solo-regulated firms by the Senior Managers and Certification Regime (SMCR). Banks and insurers had already transitioned in 2016. The replacement was the most significant change to individual accountability in UK financial regulation since the FSA was created.

Understanding what changed — and what the APR’s weaknesses were — matters for any firm operating under SMCR today. The regime was designed explicitly to address identified failures in the predecessor framework.

How the Approved Persons Regime Worked

Under the APR, the FCA maintained a list of Controlled Functions (CFs). Anyone performing a CF at an authorised firm required individual FCA approval. The Controlled Functions fell into two broad groups:

• Significant Influence Functions (SIFs) — senior roles with influence over the direction of the firm, including the Chief Executive (CF1), Finance Director (CF2), Compliance Oversight (CF10), MLRO (CF11), and directors (CF3/CF4). These required full FCA approval before the individual could perform the function.
• Customer Functions — roles involving direct customer contact with regulated advice or dealing, including investment advisers (CF30). These also required FCA approval.

The APR operated on a straightforward approval logic: get the individual approved, and they are a fit and proper person in that function. The FCA maintained a public register of approved persons. Firms’ obligations after approval were relatively limited — there was no ongoing certification cycle and no formal responsibility mapping equivalent to today’s Statement of Responsibilities.

Why the APR Was Replaced: The Parliamentary Commission’s Findings

The APR’s weaknesses were exposed most clearly in the aftermath of the 2008 financial crisis. The Parliamentary Commission on Banking Standards — established in 2012 — examined why, despite the APR, senior individuals at failed banks faced so few personal regulatory consequences.

Its central finding was what became known as the “accountability gap.” Senior executives at failed institutions could, and frequently did, argue that they were unaware of specific failures within their organisation, or that those failures fell within someone else’s area of responsibility. The APR provided approval but not accountability — it established who was approved, not who was responsible for what.

The Commission’s 2013 report recommended a regime built on two principles the APR lacked: clear personal responsibility, and a reversal of the burden when things go wrong. These principles became the architectural foundation of SMCR.

The Core Differences: APR vs SMCR

1. Accountability Mapping

The APR had no equivalent to the Statement of Responsibilities (SoR). Senior Managers under SMCR must have a written SoR that sets out the specific areas of the firm for which they are personally responsible. This document is submitted to the FCA at pre-approval and must be kept current.

For Enhanced firms, a Management Responsibilities Map additionally describes how responsibilities are allocated across the senior management team and how the governance structure operates. Neither document existed under the APR.

The accountability mapping requirement is the single most operationally significant change SMCR introduced. See our guides on the SMF2 Chief Finance function and SMF16 Compliance Oversight function for how responsibility mapping works in practice for specific roles.

2. The Duty of Responsibility

Under the APR, the FCA could take action against an approved person where they had been knowingly concerned in a breach, or had been personally in breach of a Principle for Approved Persons. The evidential burden sat with the FCA to establish the individual’s culpability.

SMCR introduced the Duty of Responsibility (Section 66A FSMA). Where a firm breaches FCA requirements in an area that falls within a Senior Manager’s stated responsibilities, the FCA may take enforcement action against that Senior Manager — unless the Senior Manager can demonstrate they took all reasonable steps to prevent the breach.

This is a significant shift. The APR required the FCA to prove fault. The Duty of Responsibility requires the Senior Manager to demonstrate their own reasonable conduct. It is a partial reversal of the evidential burden — though not a full reversal — and it operates specifically because accountability has been mapped in the SoR.

3. The Certification Regime

The APR required FCA pre-approval for customer-facing roles (CF30) as well as significant influence functions. SMCR removed FCA pre-approval for the equivalent tier — now called Certified Persons — and replaced it with firm-led annual certification.

Under SMCR, firms must certify annually that each person performing a Certified Function is fit and proper to do so. The FCA no longer pre-approves these individuals. The firm takes on the responsibility for fitness and propriety assessment, documentation, and annual renewal.

This change was intended to reduce the volume of FCA pre-approval applications (CF30 approvals were numerous and administratively intensive) while putting the responsibility where the FCA argued it belonged — with the employer who directly manages these individuals day to day.

For an overview of the current certification framework, see our Certification Regime guide.

4. The Conduct Rules

The APR had Principles for Approved Persons (APER) — seven principles setting out standards of conduct. These applied only to approved persons, meaning only to the relatively small group of CF holders.

SMCR replaced APER with the Conduct Rules (COCON), which apply to virtually all employees of FCA-regulated firms — not just Senior Managers and Certified Persons. The extension to the broader workforce was a deliberate policy choice: the FCA wanted to establish that expected standards of conduct were not confined to the senior tier.

Firms must train all Conduct Rules staff on the rules and report breaches. The Individual Conduct Rules apply to almost all firm employees. Additional Senior Manager Conduct Rules apply to SMF holders. Our Individual Conduct Rules guide and Senior Manager Conduct Rules guide cover each rule in detail.

5. Regulatory References

The APR had no equivalent to SMCR’s mandatory regulatory reference requirements. Under SMCR, firms appointing anyone to an SMF or Certified Function role must obtain a regulatory reference from the individual’s previous regulated employers for the preceding five years. The reference must disclose conduct rule breaches and fitness and propriety findings.

This change addressed a specific failure identified under the APR: individuals with problematic conduct histories moving between firms without those histories being systematically disclosed. The regulatory reference framework means firms appointing Senior Managers can no longer rely on standard employment references — they must obtain SMCR-specific references from previous regulated employers.

What Was Lost When the APR Was Retired?

The transition to SMCR was broadly welcomed as an improvement in individual accountability. But there are features of the APR that some practitioners regard as having been lost or reduced in the replacement:

Simplicity of the Approved Person Register

Under the APR, the FCA’s approved persons register gave a clear, publicly accessible confirmation of whether a specific individual was an approved person at a specific firm. Post-SMCR, the FCA’s register covers SMF holders (who remain pre-approved) but not Certified Persons (whose approval has moved to firm-led certification). Third parties dealing with a firm — counterparties, clients, due diligence teams — have less visibility into the approved status of individuals below Senior Manager level than they had under the APR.

Uniformity of CF30 Oversight

The APR’s CF30 (customer function) pre-approval requirement meant the FCA had direct visibility of every individual giving regulated advice or dealing on behalf of clients. The shift to firm-led certification under SMCR means the FCA no longer pre-screens these individuals. While firms arguably know their own staff better than a regulator can, the change removes a layer of central oversight that existed under the old regime.

The Narrowing of the Senior Manager Net

The APR’s Controlled Functions included several categories that the SMCR SMF list does not replicate directly. Some practitioners argue that the tighter, more defined SMF list means certain influential roles that were captured by the old CF regime now fall outside the formal pre-approval framework. The counterargument is that the Certification Regime captures many of these individuals, and that firm-led certification is operationally superior — but the pre-approval oversight gap is real.

What the Transition Meant for Firms in Practice

For firms that transitioned from APR to SMCR in December 2019, the practical change was significant:

• Existing approved persons in Controlled Functions that mapped to SMFs were grandfathered into the new regime without reapplication
• Firms had to prepare Statements of Responsibilities for the first time — a new document type requiring new governance processes
• Firms became responsible for certifying all Certified Persons annually — a process that did not exist under the APR and required new HR and compliance infrastructure
• Conduct rules training had to be rolled out to the entire workforce, not just CF holders

Many firms found the transition more demanding than anticipated — not because the new obligations were onerous individually, but because building the certification process, updating governance documentation, and extending conduct rules training simultaneously required sustained effort.

The Current Framework and Where It Stands

SMCR has now been in operation for solo-regulated firms for more than five years. The FCA has published several Dear CEO letters and enforcement actions that have refined firms’ understanding of how the regime operates in practice. The key enforcement lessons are:

• Vague or incomplete Statements of Responsibilities do not provide protection — the SoR must genuinely describe what the individual is responsible for
• Annual certification cannot be a rubber-stamp process — firms must conduct genuine fitness and propriety assessments
• Conduct rules training must be evidenced — the FCA expects records of training delivery and attendance

For firms now recruiting into SMF roles, the SMCR framework means hiring decisions are more complex than under the APR. Our guides on individual Senior Management Functions — including SMF17 MLRO, SMF24 Chief Operations, and SMF18 Other Overall Responsibility — set out the specific requirements for each function.

Recruiting Under SMCR: How FD Capital Can Help

FD Capital specialises in placing senior finance and compliance professionals into FCA-regulated businesses. Whether you are filling an SMF vacancy following a departure, establishing a new regulatory function, or building out your compliance team as your firm scales, our team understands the SMCR framework that governs these appointments.

Relevant services:

• SMCR compliance recruitment — for SMF16 and compliance function appointments
• MLRO recruitment — for SMF17 appointments on permanent, interim and fractional basis
• Financial crime recruitment — for teams supporting the MLRO function
• SMF2 regulated CFO recruitment — for finance directors and CFOs at FCA-regulated firms
• Fractional CFO — where a firm needs senior finance leadership on a part-time basis within an SMCR framework

See also our main SMCR guide and our post on SMCR for Limited Scope firms for further reading on specific aspects of the regime.

Related Reading

Further reading on the SMCR framework: SMCR Guide | SMCR for Limited Scope Firms | SMCR Phase 1 Reform 2026 | Interview Questions for Senior Managers | FCA Conduct Rules Guide | Individual Conduct Rules | Senior Manager Conduct Rules | Certification Regime Guide | SMF16 Guide | SMF17 MLRO Guide | SMF2 Chief Finance Function Guide | FCA Regulated Firm Recruitment