SM&CR Accountability, Regulatory Horizontals and the Exposure Senior Managers in Global Markets Businesses Cannot See

FMCR PERFORMANCE AND RISK ADVISORY

AN FMCR ADVISORY WORK PLAN

1. THE PROBLEM

The Senior Managers and Certification Regime was designed around a simple principle: when something goes wrong in a regulated firm, it should be possible to identify the individuals who were personally accountable for the relevant activity and assess whether they took reasonable steps to discharge that accountability. The accountability is personal and local. An SMF role holder may choose to delegate the day-to-day discharge of responsibilities to appropriately qualified subordinates. SC3, the third Senior Manager Conduct Rule, explicitly contemplates this. But the accountability itself cannot be delegated away. The named individual remains responsible for ensuring that any delegation is appropriate, that the delegate is suitable, and that they maintain effective oversight of how the delegated responsibility is being discharged. It is that last requirement, the oversight of delegated activity, where the structural gaps in most global banks sit.

The regulatory frameworks that govern what those individuals are accountable for were designed around a different principle: they allocate obligations to the firm, to its functions and to its governance structures:

•    RTS 6 sets organisational requirements for firms engaged in algorithmic trading.

•    SS5/18 governs risk management and governance of trading activity at a prudential level.

•    SS1/23 establishes model risk management principles.

The PRA's operational resilience framework and the FCA's conduct and systems and controls requirements cut across all business areas simultaneously. None of these frameworks was designed to be co-extensive with SM&CR, and none maps cleanly onto the others.

These two design principles do not neatly align. SM&CR accountability is vertical: it attaches to named individuals organised by functional role. The regulatory frameworks are horizontal: each cuts across multiple functions, multiple governance structures and multiple escalation paths simultaneously. The gap between them is structural, not documentary, and it does not close by adding more policy.

Regulatory compliance at the firm level does not satisfy the UK individual accountability regime. The two are not compatible and were never designed to be.

For a global bank with a material UK entity, the structural problem has a further and more fundamental dimension. The governance frameworks that UK SMF role holders are accountable against were not written by their firm. They are the product of global policies set at group level, authored in the home market by global functional heads, for the enterprise as a whole. Those policies likely reflect the regulatory environment of the jurisdiction in which they were written, the standards expected by the home regulator, and the risk appetite of a global organisation. They were not calibrated specifically to the FCA's conduct standards, the PRA's prudential expectations, or the particular supervisory focus areas that apply to the UK entity. An SMF role holder who relies on global policy as their governance framework may be compliant with their firm's internal standards while falling short of what the UK regulator expects of them personally.

The SMF role holder can therefore be accountable for a standard they did not set, operating under policies they did not write, against expectations that the policies they rely on may not meet.

2.  THE MULTI-SMF FRAGMENTATION DYNAMIC

A Markets division of any scale will have five or more SMF role holders whose Statements of Responsibility all touch the same horizontal risk landscape: the conduct requirements, prudential expectations, model risk governance and operational resilience standards that flow across every function simultaneously. The typical accountability map for a firm with material trading and investment banking activity looks like this:

The challenge that emerges from this map is not that any individual has the wrong remit. It is that the horizontal regulatory obligations, conduct standards, risk management requirements, model governance principles, operational resilience expectations, do not belong clearly to any single vertical. Each SMF role holder's SoR covers a slice of the landscape. The slice between them is where the gaps sit, and where incidents tend to surface.

When something goes wrong, every SMF role holder has a plausible account of their own vertical. However, none of them necessarily owns the horizontal.

The accountability regime is not organised by vertical, and neither is the supervisory question.

The SMF1 (Country Executive or UK CEO) sits at the apex of this structure and is, in theory, the integrating accountability. In practice, the SMF1 in a global bank's London entity depends entirely on their functional leads to surface the right information. If those functional leads each believe part of the risk sits with someone else, the reporting that reaches the SMF1 reflects that fragmentation and they have no independent view of what they are not being told.

The SMF9 (Chair of the UK entity's governing body) is further removed still. Board-level reporting is assembled, summarised and calibrated by management. A non-executive Chair's "reasonable steps" defence depends on having asked probing questions, challenged management assurance and satisfied themselves that the UK entity's governance was adequate across a landscape that management itself may not have fully mapped.

At an overseas bank, both the SMF1 and SMF9 face a structural constraint that has no domestic equivalent. The Country Executive is accountable to the FCA for the adequacy of governance in the UK entity. The functions that deliver that governance Risk, Compliance, Legal, Technology, Finance typically have stronger accountability relationships with their global functional heads than with the local country executive. The CRO in London takes direction from the Global CRO. The CCO takes direction from the Global Chief Compliance Officer. The policies they administer were written in the home market and calibrated to the home regulator. The SMF1 and SMF9 are accountable for the output of a governance structure they do not fully command, operating to standards they did not set, against a UK regulatory expectation that the global framework may not specifically address.

 3.  HOW THE GAP GROWS OVER TIME

The gap is not static. Three forces widen it progressively, and the pattern is visible across the FCA's supervisory findings and the FMSB's practitioner reviews over the past two years.

Framework accumulation

RTS 6 came into force in January 2018 as part of MiFID II, establishing organisational requirements for investment firms engaged in algorithmic trading. SS5/18 followed in June 2018, adding a PRA prudential layer governing the risk management and governance of trading activity more broadly. It was explicitly designed to complement RTS 6 by addressing what an FCA conduct framework does not cover from a prudential perspective. SS1/23 arrived in 2023, extending model risk management principles across the same landscape from a third angle. Operational resilience requirements, conduct standards and the developing AI governance framework add further layers. Each was written for the firm and its functions. None was designed with the specific question of how it interacts with the SM&CR accountability of named individuals. As a result, each layer has landed on existing SoR language without the accountability map being renegotiated to reflect the new obligations.

Activity and inventory drift

The activity landscape inside a Markets business evolves continuously. Trading strategies change. New products are added. Vendor platforms are embedded. Technology is upgraded. Each of these changes can alter the risk profile of the business in ways that the governance framework, and the SoR language that defines accountability for it, does not automatically track. The SoRs that mapped the accountability landscape at the time of the last comprehensive review describe a business that has since changed. The accountability map can consequently drift without anyone consciously deciding to let it drift.

Organisational change

People move. Roles are restructured. Global reporting lines shift. The informal understandings about who watches what, which were always doing more work than the formal documentation, are disrupted without the formal accountability map being updated. New SMF role holders inherit SoRs that were calibrated for a different person in a different organisational context. The re-apportionment of responsibilities that should accompany a role transition rarely happens at the level of specificity the regulatory standard requires.

Global policy calibration drift

For overseas banks, there is a fourth force that compounds all three. Global policies are updated on group cycles, driven by group-level governance and calibrated to the most significant jurisdictions or to a consolidated enterprise standard. The UK regulatory environment does not stand still either the FCA and PRA continue to develop their supervisory expectations, issue Dear CEO letters, publish thematic findings and refine their view of what reasonable steps looks like in practice. The gap between what the global policy requires and what the UK regulator expects can widen without either the policy or the regulation having changed, simply because the supervisory environment in London has moved on.

An SMF role holder who last reviewed the calibration of their global governance framework against UK regulatory expectations two or three years ago may be operating with a more material gap than they realise.

 4.  THE ENGAGEMENT: WHAT FMCR WOULD DO

Working in close conjunction with the associated functions, this engagement is structured in two stages:

•    Stage 1 establishes a clear, evidence-based view of where the accountability gaps sit in practice across the full SMF population of the UK entity.

•    Stage 2 addresses the priority gaps identified, building the framework and evidential trail that gives each SMF role holder defensible assurance about the scope and sufficiency of their oversight.

Stage 1: Accountability Gap Diagnostic (weeks 1 to 6)

The diagnostic maps the accountability landscape across all material SMF role holders simultaneously not within each vertical separately. The starting question is not 'does each SMF have a SoR that covers their function?' It is 'when you lay all the SoRs against the full regulatory obligation map, where does the coverage fall short, where does it overlap ambiguously, and where has it drifted from the current activity landscape?'

The assessment covers five dimensions:

•    Global policy calibration. An assessment of whether the firm's global governance policies, when applied to the UK entity, meet the specific standards the FCA and PRA apply to UK-authorised entities. This covers conduct standards, risk management expectations, model governance, operational resilience and financial reporting. For overseas banks, this is typically where the most material gaps sit not because global policies are inadequate in their home market context, but because they were not written for the UK regulatory environment.

•    Regulatory obligation mapping. A structured map of the material UK regulatory requirements attaching to the entity across FCA conduct rules, PRA prudential expectations, SM&CR prescribed responsibilities, RTS 6, SS5/18, SS1/23 and relevant operational resilience frameworks identifying the specific obligations that attach to the UK entity and the functions within it.

•    SoR gap analysis. A line-by-line assessment of each material SMF's Statement of Responsibility against the full obligation map, identifying where coverage is absent, where it is ambiguous, and where two or more SoRs create the appearance of coverage without clear individual ownership.

•    Control visibility review. For each material SMF role holder, an assessment of whether they actually receive the reporting, challenge authority and escalation access needed to discharge their accountability in practice, not just on paper. This includes testing whether the UK control functions can genuinely challenge activity governed by global mandates, or whether they are effectively dependent on global functional assurance they cannot independently verify.

•    SMF1 and SMF9 reporting adequacy. A specific review of what reaches the Country Executive and the Chair of the UK entity's governing body, and whether that reporting gives them a complete and accurate picture of the UK regulatory position, or whether it reflects the same functional fragmentation that produced the gaps in the first place.

The Stage 1 deliverable is an Accountability Gap Report structured for individual SMF role holder review. It does not describe the firm's governance framework in aggregate. It provides each named individual with a clear view of where their personal accountability exceeds their current control visibility, and where the FCA's reasonable steps test would find them exposed if an incident occurred today.

Stage 2: Accountability Framework Remediation (weeks 7 to 20, calibrated to Stage 1 findings)

Stage 2 addresses the priority gaps identified in the diagnostic. The sequencing is driven by personal enforcement exposure rather than by regulatory framework, which means the work that most directly reduces the risk to named individuals comes first.

Remediation typically spans five interconnected workstreams:

•    SoR and governance redesign. Rewriting or clarifying Statements of Responsibility to close ambiguity, remove contested overlap and ensure that each SMF's accountability maps to activities and decision points they can genuinely oversee. Where global matrix structures mean a UK SMF cannot direct certain decisions, the SoR must be explicit about escalation protocols, reporting flows and the challenge mechanisms available to them.

•    Cross-framework integration. Building a single governance document that integrates the material requirements of RTS 6, SS5/18 and SS1/23, alongside the firm's AI governance framework, into a coherent operating model with named ownership at each node. The objective is to eliminate the governance gaps that currently exist between separately administered frameworks, not to create a fourth framework alongside the existing three.

•    Reasonable steps evidencing. Designing the documentation, reporting cadence and escalation trail that allows each SMF role holder to demonstrate, in a regulatory conversation, that they understood the scope of their accountability, received appropriate reporting, asked the right questions and acted when signals emerged. This is not about paper trails. It is about ensuring genuine oversight activity leaves a legible record.

•    Global policy alignment. Where the Stage 1 assessment identifies material gaps between global policies and the UK regulatory standard which in our experience is the most common finding, and the one that creates the most direct personal exposure for UK SMF role holders working with the relevant global policy owners to produce UK-specific supplementary standards or to escalate the gap through the firm's governance structures. This is not a straightforward process in a global matrix organisation: the path from identifying a UK-specific gap to closing it through global governance requires both the credibility to make the case and the understanding of where the decision authority actually sits.

•    SMF1 and SMF9 oversight design. Building the reporting, challenge framework and governance cadence that gives the Country Executive and the Chair of the UK entity genuine, independent visibility of the horizontal risk landscape, rather than a further aggregation of the same functional verticals that created the gap in the first place.

5.  WHY THIS WORK REQUIRES EXPERIENCED PRACTITIONERS

The accountability gap described in this document is not always captured by reviewing a firm's policies. It is identified by understanding how the FCA constructs enforcement cases:

•    what the "reasonable steps" test looks like when applied to a specific role in a specific institutional structure, and

•    where the gap between plausible individual accounts and collective governance failure typically sits.

That judgement is not necessarily available from a policy review. It comes from practical operating experience, from having sat in the chairs of the SMF role holders who need this work done and from having engaged with regulators on the substance of these frameworks, not just their text.

The practitioners FMCR brings to this work have held senior roles including Head of Markets, COO, CRO and Compliance leadership in Tier 1 global banks. They have owned the SoRs that this engagement reviews. They have been in the room when the FCA has asked the questions this work is designed to prepare for.

This is the difference between a governance review that can look highly suitable in theory and one that is specifically orientated around reducing the personal exposure of the individuals it is designed to protect.

About FMCR

FMCR PERFORMANCE AND RISK ADVISORY is a practitioner network of senior professionals from Tier 1 global banks, providing advisory services to Markets and Banking leadership teams. We deploy experienced practitioners rather than junior resource, and do not compete with large delivery firms on headcount. Our value is judgement, operating experience and the ability to give senior role holders a direct, credible view of where they stand. is a practitioner network of senior professionals from Tier 1 global banks, providing advisory services to Markets and Banking leadership teams. We deploy experienced practitioners rather than junior resource, and do not compete with large delivery firms on headcount. Our value is judgement, operating experience and the ability to give senior role holders a direct, credible view of where they stand.

Written by Jason Richardson, a Senior Consultant at FMCR with over two decades’ experience across trading, sales, and enterprise transformation.