The FCA Doesn't Just Regulate What Your People Do. It Regulates Whether They Should Have Been Hired in the First Place.
Under the Senior Managers and Certification Regime, every FCA-regulated firm must assess the fitness and propriety of Senior Management Function holders before appointment and certify Certification Function holders as fit and proper annually. That obligation begins at recruitment. A firm that hires an SMF holder without conducting FCA register searches and regulatory history verification, without obtaining references covering conduct and performance, without enhanced DBS checks where applicable, and without declarations of regulatory proceedings hasn't just made a poor hire — it has failed a specific regulatory requirement. The FCA's expectations extend beyond SMF and CF appointments. SYSC 3 requires firms to employ personnel of sufficient skill and experience. The TC Sourcebook requires competence verification before regulated activities are performed. The Equality Act 2010 creates personal and vicarious liability for discriminatory hiring decisions. UK GDPR creates specific lawful basis, retention, and security obligations for every piece of candidate data collected. And under Consumer Duty, the people who interact with customers need to be demonstrably capable of delivering good outcomes — which means their selection criteria need to be documented, objective, and reviewable. A recruitment policy that amounts to "we advertise, interview, and hire the best candidate" isn't a compliance framework — it's a liability. This comprehensive Recruitment Policy gives FCA-regulated firms a complete regulatory framework covering SM&CR appointment governance, fitness and propriety assessment, financial crime safeguards, equality compliance, UK GDPR data processing, structured competence evaluation, record keeping, and disciplinary consequences for non-compliance.
The person you hire is the FCA's business too.
What's included: Full regulatory mapping — SM&CR (SMF appointments: Board approval/FCA notification requirements, Certification Functions: CEO approval/competence framework compliance, Standard Roles: department head/budget approval), FCA fitness and propriety requirements (FCA register searches/regulatory history verification/employment references covering conduct and performance/declaration of regulatory proceedings/investigations/sanctions), FCA SYSC 3 (adequate systems and controls including personnel competence), TC Sourcebook (competence requirements for regulated activities), FCA Principles for Businesses PRIN 3 (management and control), Consumer Duty (customer-facing role capability standards), Equality Act 2010 (non-discriminatory advertising/inclusive language review/reasonable adjustments framework/protected characteristics across all recruitment stages), UK GDPR/DPA 2018 (three lawful bases: Article 6(1)(b) contract/Article 6(1)(c) legal obligation/Article 6(1)(f) legitimate interests, privacy notices, special category data restrictions), AML/CTF requirements (financial crime safeguards at recruitment stage) · Three-tier approval governance — Senior Management Functions (Board of Directors/FCA notification requirements), Certification Functions (CEO/competence framework compliance), Standard Roles (department head/Finance budget approval) · Fitness and propriety assessment framework — enhanced DBS checks where applicable/FCA register searches and regulatory history verification/employment reference checks (conduct and performance specifically)/declaration of regulatory proceedings investigations or sanctions · Financial crime safeguards — identity verification/sanctions screening/adverse media searches/financial integrity assessments — at recruitment stage as AML/CTF obligation · Selection process standards — 5-day application acknowledgement/at least two-person screening with standardised evaluation forms/consistent scoring to prevent unconscious bias/documented rationale for all progression and rejection decisions/structured interviews: minimum two-person panel (senior manager and HR representative)/standardised competency-based questions/consistent scoring/documented responses · Reasonable adjustments — 5-day response to adjustment requests/alternative application formats/modified interview arrangements/extended assessment time/assistive technology/flexible scheduling/cost and practicability assessment (cost alone not sufficient refusal ground) · UK GDPR data retention matrix — successful candidate records (employment duration plus 6 years/regulatory and employment law requirements)/unsuccessful candidates (6 months from decision/discrimination claim defence)/interview notes and assessments (6 months/audit trail and discrimination defence) · Mandatory documentation set — job descriptions and person specifications/advertisement materials and publication records/all applications including unsuccessful/interview notes and assessment scores/reference requests and responses/background checks and verification/offer letters and acceptance confirmations/equality monitoring data (stored separately)/5-year minimum retention · Non-compliance framework — Compliance Function immediate investigation/formal disciplinary proceedings/remedial training/potential suspension of recruitment responsibilities/FCA notification where customer outcomes or market integrity compromised · Annual review triggers — regulatory changes/significant operational incidents/business model or permissions changes — with version control documentation of all amendments
Built for: Compliance Officers, HR Directors, SMF holders, and hiring managers at FCA-regulated firms who need a complete SM&CR, Equality Act, and UK GDPR-aligned Recruitment Policy that turns every hire into a documented, auditable, regulatorily-compliant process — covering SMF appointments through to standard roles, fitness and propriety through to candidate data retention, and competence verification through to reasonable adjustments.
The FCA Doesn't Just Regulate What Your People Do. It Regulates Whether They Should Have Been Hired in the First Place.
Under the Senior Managers and Certification Regime, every FCA-regulated firm must assess the fitness and propriety of Senior Management Function holders before appointment and certify Certification Function holders as fit and proper annually. That obligation begins at recruitment. A firm that hires an SMF holder without conducting FCA register searches and regulatory history verification, without obtaining references covering conduct and performance, without enhanced DBS checks where applicable, and without declarations of regulatory proceedings hasn't just made a poor hire — it has failed a specific regulatory requirement. The FCA's expectations extend beyond SMF and CF appointments. SYSC 3 requires firms to employ personnel of sufficient skill and experience. The TC Sourcebook requires competence verification before regulated activities are performed. The Equality Act 2010 creates personal and vicarious liability for discriminatory hiring decisions. UK GDPR creates specific lawful basis, retention, and security obligations for every piece of candidate data collected. And under Consumer Duty, the people who interact with customers need to be demonstrably capable of delivering good outcomes — which means their selection criteria need to be documented, objective, and reviewable. A recruitment policy that amounts to "we advertise, interview, and hire the best candidate" isn't a compliance framework — it's a liability. This comprehensive Recruitment Policy gives FCA-regulated firms a complete regulatory framework covering SM&CR appointment governance, fitness and propriety assessment, financial crime safeguards, equality compliance, UK GDPR data processing, structured competence evaluation, record keeping, and disciplinary consequences for non-compliance.
The person you hire is the FCA's business too.
What's included: Full regulatory mapping — SM&CR (SMF appointments: Board approval/FCA notification requirements, Certification Functions: CEO approval/competence framework compliance, Standard Roles: department head/budget approval), FCA fitness and propriety requirements (FCA register searches/regulatory history verification/employment references covering conduct and performance/declaration of regulatory proceedings/investigations/sanctions), FCA SYSC 3 (adequate systems and controls including personnel competence), TC Sourcebook (competence requirements for regulated activities), FCA Principles for Businesses PRIN 3 (management and control), Consumer Duty (customer-facing role capability standards), Equality Act 2010 (non-discriminatory advertising/inclusive language review/reasonable adjustments framework/protected characteristics across all recruitment stages), UK GDPR/DPA 2018 (three lawful bases: Article 6(1)(b) contract/Article 6(1)(c) legal obligation/Article 6(1)(f) legitimate interests, privacy notices, special category data restrictions), AML/CTF requirements (financial crime safeguards at recruitment stage) · Three-tier approval governance — Senior Management Functions (Board of Directors/FCA notification requirements), Certification Functions (CEO/competence framework compliance), Standard Roles (department head/Finance budget approval) · Fitness and propriety assessment framework — enhanced DBS checks where applicable/FCA register searches and regulatory history verification/employment reference checks (conduct and performance specifically)/declaration of regulatory proceedings investigations or sanctions · Financial crime safeguards — identity verification/sanctions screening/adverse media searches/financial integrity assessments — at recruitment stage as AML/CTF obligation · Selection process standards — 5-day application acknowledgement/at least two-person screening with standardised evaluation forms/consistent scoring to prevent unconscious bias/documented rationale for all progression and rejection decisions/structured interviews: minimum two-person panel (senior manager and HR representative)/standardised competency-based questions/consistent scoring/documented responses · Reasonable adjustments — 5-day response to adjustment requests/alternative application formats/modified interview arrangements/extended assessment time/assistive technology/flexible scheduling/cost and practicability assessment (cost alone not sufficient refusal ground) · UK GDPR data retention matrix — successful candidate records (employment duration plus 6 years/regulatory and employment law requirements)/unsuccessful candidates (6 months from decision/discrimination claim defence)/interview notes and assessments (6 months/audit trail and discrimination defence) · Mandatory documentation set — job descriptions and person specifications/advertisement materials and publication records/all applications including unsuccessful/interview notes and assessment scores/reference requests and responses/background checks and verification/offer letters and acceptance confirmations/equality monitoring data (stored separately)/5-year minimum retention · Non-compliance framework — Compliance Function immediate investigation/formal disciplinary proceedings/remedial training/potential suspension of recruitment responsibilities/FCA notification where customer outcomes or market integrity compromised · Annual review triggers — regulatory changes/significant operational incidents/business model or permissions changes — with version control documentation of all amendments
Built for: Compliance Officers, HR Directors, SMF holders, and hiring managers at FCA-regulated firms who need a complete SM&CR, Equality Act, and UK GDPR-aligned Recruitment Policy that turns every hire into a documented, auditable, regulatorily-compliant process — covering SMF appointments through to standard roles, fitness and propriety through to candidate data retention, and competence verification through to reasonable adjustments.
Image 1 of 1
