Image 1 of 1
SM&CR Conduct Rules Policy Template
The FCA's Conduct Rules Don't Just Set Behavioural Standards. They Create Personal Regulatory Liability for Every Person in Your Firm — and Personal Accountability at the Top for What Happens in the Business Below Them.
Before SM&CR, FCA enforcement focused primarily on firms. After SM&CR and the introduction of COCON, the FCA has the tools to hold individuals personally accountable — not just the institution. The Conduct Rules extend beyond approved persons and certification staff to cover virtually all employees who could cause harm to consumers or market integrity. Six Individual Conduct Rules apply to all staff: integrity, due care and skill, openness with regulators, fair customer treatment, proper market conduct, and good outcomes for retail customers. Four Senior Manager Conduct Rules add personal accountability at the top: effective business control, regulatory compliance, appropriate delegation, and disclosure to regulators. The Senior Manager rules are particularly consequential — SC1 means a senior manager cannot simply point to a process that existed; they must demonstrate they took reasonable steps to ensure the business they were responsible for was actually controlled effectively. SC3 means delegation doesn't transfer accountability — it requires oversight of the discharge of what was delegated. The FCA can prohibit individuals from working in financial services for breach of conduct rules, impose financial penalties personally, and require Form D notification within seven business days of a firm becoming aware of an approved person breach. Firms that lack a properly documented Conduct Rules Policy — with role-specific application, a training and awareness framework, a monitoring and escalation structure, a breach investigation process, and a consequences framework — don't just have a policy gap. They have an accountability gap. This comprehensive Conduct Rules Policy gives FCA-regulated firms a complete COCON-aligned framework covering every element of the conduct rules regime for both tiers, from recruitment and fitness assessment through training, role-specific obligations, monitoring, escalation, investigation, and regulatory reporting.
The FCA can take action against your people personally. The Conduct Rules define what "acting properly" means — and this policy proves your firm takes that seriously.
What's included: Full regulatory mapping — COCON (Conduct of Business Sourcebook: complete two-tier conduct rules framework), FSMA (FCA powers: investigation/sanctions/prohibition orders/financial penalties), FIT (fitness and propriety: honesty and integrity/competence and capability/financial soundness), SUP 15.3.8R (Form D notification: approved persons breaches within 7 business days), SM&CR (Senior Management and Certification Regime: SMF holders/certification function holders/all other staff tiering) · Two-tier framework with precise application mapping — First Tier Individual Conduct Rules (all staff performing activities for or on behalf of the firm): Rule 1 integrity (honest and fair dealings/conflicts declaration/no market abuse/confidentiality), Rule 2 due care skill and diligence (professional competence/decision-making care/supervision of delegated activities/seeking guidance), Rule 3 openness with regulators (complete accurate timely information/cooperation with investigations/no concealment/facilitate access), Rule 4 customer interests and fair treatment (impact of decisions on customers/clear fair not misleading communications/complaint handling/no unfair discrimination/customer outcomes over commercial interests), Rule 5 proper market conduct (market abuse compliance/inside information handling/fair dealing/interest disclosure/market transparency), Rule 6 good outcomes for retail customers (understanding needs and characteristics/fair value products/outcome monitoring and corrective action — applies where role involves retail customer activities) — Second Tier Senior Manager Conduct Rules (SMF holders only, in addition to first tier): SC1 effective business control (governance frameworks/adequate resources/regular control review/prompt remedial action/clear reporting lines), SC2 regulatory compliance (regulatory developments awareness/compliance monitoring/staff training/breach addressing/regulator relationships), SC3 appropriate delegation (competence assessment of delegates/scope definition/oversight and monitoring/ultimate accountability maintenance/effectiveness review), SC4 disclosure to regulators (fitness and propriety changes/significant business developments and risks/regulatory breaches/material operational impacts) · Role classification matrix — SMF holders (Rules 1-6 + SC1-SC4)/Certification Function holders (Rules 1-6)/all other staff (Rules 1-5, Rule 6 where retail customer activities apply)/client-facing roles (Rules 4 and 6 particular emphasis)/support functions (integrity/due care/regulator cooperation standards) · Recruitment and fitness assessment — FIT criteria: honesty integrity and reputation (criminal record/regulatory references/employment history verification/adverse findings declaration)/competence and capability (qualifications/experience/technical knowledge)/financial soundness (credit history and bankruptcy searches where role-relevant) — pre-employment screening: enhanced DBS/identity and right to work/6-year reference coverage/regulatory references from financial services/FIT questionnaires/credit bureau searches for financial responsibility roles — ongoing fitness: annual declarations/material change notification/periodic re-screening for specific roles — record retention: employment period plus 6 years · Training framework — induction within first month (complete conduct rules overview/role-specific obligations/practical scenarios/assessment/escalation procedures introduction)/annual refresher (regulatory developments/policy updates/lessons learned from monitoring)/senior manager enhanced training/continuous FCA guidance access via compliance portal and bulletins · Breach and compliance examples — Rule 1 (compliant: conflict disclosure/transaction accuracy; breach: material information withholding/record falsification/undisclosed personal benefits)/Rule 2 (compliant: competence maintenance/procedure following; breach: advice outside competence/inadequate controls)/Rule 3 (compliant: prompt regulatory responses/proactive breach reporting; breach: concealment/misleading responses/obstruction)/SC1 (compliant: robust governance/resource allocation; breach: unmitigated operational risks/inadequate oversight/inadequate audit response) · Monitoring framework — continuous line management supervision/periodic compliance monitoring reviews/risk-based conduct assessment/complaint analysis and trend identification/transaction monitoring and surveillance/senior manager attestation processes — all findings in compliance monitoring register · Escalation matrix — minor breach (line manager to compliance/24 hours)/material breach (compliance to senior management/immediate)/serious breach (senior management to board and FCA/immediate) · Consequences framework — individual (internal disciplinary: verbal warning through termination/financial: variable remuneration reduction clawback malus/regulatory: FCA prohibition orders individual financial penalties public censure/criminal: fraud and market abuse/professional: financial services employability impact) — firm (regulatory enforcement: public censure skilled person reviews/financial penalties/authorisation restrictions/reputational damage) — assessment matrix: aggravating (deliberate or reckless/senior position/previous history/concealment) versus mitigating (prompt self-reporting/cooperation/remedial action/no prior breaches) · Form D notification — prescribed timeframes/FCA transparency requirement/system integration
Built for: Compliance Officers, SMF holders, HR Directors, and Boards at FCA-regulated firms who need a fully documented COCON-aligned Conduct Rules Policy that establishes personal accountability at every level — from induction through monitoring, escalation, investigation, and regulatory notification — and demonstrates that the firm takes individual conduct liability as seriously as the FCA does.
The FCA's Conduct Rules Don't Just Set Behavioural Standards. They Create Personal Regulatory Liability for Every Person in Your Firm — and Personal Accountability at the Top for What Happens in the Business Below Them.
Before SM&CR, FCA enforcement focused primarily on firms. After SM&CR and the introduction of COCON, the FCA has the tools to hold individuals personally accountable — not just the institution. The Conduct Rules extend beyond approved persons and certification staff to cover virtually all employees who could cause harm to consumers or market integrity. Six Individual Conduct Rules apply to all staff: integrity, due care and skill, openness with regulators, fair customer treatment, proper market conduct, and good outcomes for retail customers. Four Senior Manager Conduct Rules add personal accountability at the top: effective business control, regulatory compliance, appropriate delegation, and disclosure to regulators. The Senior Manager rules are particularly consequential — SC1 means a senior manager cannot simply point to a process that existed; they must demonstrate they took reasonable steps to ensure the business they were responsible for was actually controlled effectively. SC3 means delegation doesn't transfer accountability — it requires oversight of the discharge of what was delegated. The FCA can prohibit individuals from working in financial services for breach of conduct rules, impose financial penalties personally, and require Form D notification within seven business days of a firm becoming aware of an approved person breach. Firms that lack a properly documented Conduct Rules Policy — with role-specific application, a training and awareness framework, a monitoring and escalation structure, a breach investigation process, and a consequences framework — don't just have a policy gap. They have an accountability gap. This comprehensive Conduct Rules Policy gives FCA-regulated firms a complete COCON-aligned framework covering every element of the conduct rules regime for both tiers, from recruitment and fitness assessment through training, role-specific obligations, monitoring, escalation, investigation, and regulatory reporting.
The FCA can take action against your people personally. The Conduct Rules define what "acting properly" means — and this policy proves your firm takes that seriously.
What's included: Full regulatory mapping — COCON (Conduct of Business Sourcebook: complete two-tier conduct rules framework), FSMA (FCA powers: investigation/sanctions/prohibition orders/financial penalties), FIT (fitness and propriety: honesty and integrity/competence and capability/financial soundness), SUP 15.3.8R (Form D notification: approved persons breaches within 7 business days), SM&CR (Senior Management and Certification Regime: SMF holders/certification function holders/all other staff tiering) · Two-tier framework with precise application mapping — First Tier Individual Conduct Rules (all staff performing activities for or on behalf of the firm): Rule 1 integrity (honest and fair dealings/conflicts declaration/no market abuse/confidentiality), Rule 2 due care skill and diligence (professional competence/decision-making care/supervision of delegated activities/seeking guidance), Rule 3 openness with regulators (complete accurate timely information/cooperation with investigations/no concealment/facilitate access), Rule 4 customer interests and fair treatment (impact of decisions on customers/clear fair not misleading communications/complaint handling/no unfair discrimination/customer outcomes over commercial interests), Rule 5 proper market conduct (market abuse compliance/inside information handling/fair dealing/interest disclosure/market transparency), Rule 6 good outcomes for retail customers (understanding needs and characteristics/fair value products/outcome monitoring and corrective action — applies where role involves retail customer activities) — Second Tier Senior Manager Conduct Rules (SMF holders only, in addition to first tier): SC1 effective business control (governance frameworks/adequate resources/regular control review/prompt remedial action/clear reporting lines), SC2 regulatory compliance (regulatory developments awareness/compliance monitoring/staff training/breach addressing/regulator relationships), SC3 appropriate delegation (competence assessment of delegates/scope definition/oversight and monitoring/ultimate accountability maintenance/effectiveness review), SC4 disclosure to regulators (fitness and propriety changes/significant business developments and risks/regulatory breaches/material operational impacts) · Role classification matrix — SMF holders (Rules 1-6 + SC1-SC4)/Certification Function holders (Rules 1-6)/all other staff (Rules 1-5, Rule 6 where retail customer activities apply)/client-facing roles (Rules 4 and 6 particular emphasis)/support functions (integrity/due care/regulator cooperation standards) · Recruitment and fitness assessment — FIT criteria: honesty integrity and reputation (criminal record/regulatory references/employment history verification/adverse findings declaration)/competence and capability (qualifications/experience/technical knowledge)/financial soundness (credit history and bankruptcy searches where role-relevant) — pre-employment screening: enhanced DBS/identity and right to work/6-year reference coverage/regulatory references from financial services/FIT questionnaires/credit bureau searches for financial responsibility roles — ongoing fitness: annual declarations/material change notification/periodic re-screening for specific roles — record retention: employment period plus 6 years · Training framework — induction within first month (complete conduct rules overview/role-specific obligations/practical scenarios/assessment/escalation procedures introduction)/annual refresher (regulatory developments/policy updates/lessons learned from monitoring)/senior manager enhanced training/continuous FCA guidance access via compliance portal and bulletins · Breach and compliance examples — Rule 1 (compliant: conflict disclosure/transaction accuracy; breach: material information withholding/record falsification/undisclosed personal benefits)/Rule 2 (compliant: competence maintenance/procedure following; breach: advice outside competence/inadequate controls)/Rule 3 (compliant: prompt regulatory responses/proactive breach reporting; breach: concealment/misleading responses/obstruction)/SC1 (compliant: robust governance/resource allocation; breach: unmitigated operational risks/inadequate oversight/inadequate audit response) · Monitoring framework — continuous line management supervision/periodic compliance monitoring reviews/risk-based conduct assessment/complaint analysis and trend identification/transaction monitoring and surveillance/senior manager attestation processes — all findings in compliance monitoring register · Escalation matrix — minor breach (line manager to compliance/24 hours)/material breach (compliance to senior management/immediate)/serious breach (senior management to board and FCA/immediate) · Consequences framework — individual (internal disciplinary: verbal warning through termination/financial: variable remuneration reduction clawback malus/regulatory: FCA prohibition orders individual financial penalties public censure/criminal: fraud and market abuse/professional: financial services employability impact) — firm (regulatory enforcement: public censure skilled person reviews/financial penalties/authorisation restrictions/reputational damage) — assessment matrix: aggravating (deliberate or reckless/senior position/previous history/concealment) versus mitigating (prompt self-reporting/cooperation/remedial action/no prior breaches) · Form D notification — prescribed timeframes/FCA transparency requirement/system integration
Built for: Compliance Officers, SMF holders, HR Directors, and Boards at FCA-regulated firms who need a fully documented COCON-aligned Conduct Rules Policy that establishes personal accountability at every level — from induction through monitoring, escalation, investigation, and regulatory notification — and demonstrates that the firm takes individual conduct liability as seriously as the FCA does.
