For UK commercial insurance brokers, the Senior Managers and Certification Regime (SM&CR) remains one of the FCA’s most important regulatory frameworks. But by 2026, simply having SM&CR in place will no longer be enough.
The FCA’s expectations are shifting: firms must now prove how SM&CR drives culture, accountability, and customer protection in practice — not just on paper.
This article sets out the four biggest changes brokers need to prepare for by 2026, plus a practical checklist you can use to stress-test your compliance framework.
READ ALSO: The Ultimate Q4 Checklist: How to Prepare for Your End-of-Year FCA Compliance Review
Quick Refresher: What is SM&CR?
SM&CR is built on three pillars designed to make accountability crystal clear across firms:
- Senior Managers Regime (SMR) – requires senior staff to have defined responsibilities documented in Statements of Responsibilities (SoRs).
- Certification Regime – ensures individuals in roles that could cause “significant harm” are assessed as fit and proper at least annually.
- Conduct Rules – set minimum standards of behaviour for almost everyone in the firm.
Together, these pillars place personal accountability at the heart of regulation — a principle the FCA is doubling down on for 2026.
4 Major SM&CR Shifts to Expect by 2026
-
From Consumer Duty Implementation to Enforcement
The FCA is moving beyond “implementation” of the Consumer Duty into a strict enforcement phase.
What this means:
Senior Managers will need concrete evidence that decisions and oversight are directly delivering good customer outcomes. Expect to provide data and MI showing how you prevent foreseeable harm, enable customers to meet objectives, and monitor value measures.
The FCA’s question will shift from “Do you understand the Duty?” to “Show us how you’ve embedded and measured it.”
-
Operational Resilience: From Policies to Proof
The operational resilience deadline has passed. By 2026, the FCA expects firms to demonstrate resilience as part of business-as-usual operations.
What this means:
- Firms must show they’ve mapped important business services, tested impact tolerances through severe but plausible scenarios, and learned from results.
- This covers not only IT, but also third-party suppliers, key staff absences, and market shocks.
Resilience is no longer about documents — it’s about proving you can withstand disruption without harming customers.
-
Governance Over AI and Technology
The FCA is increasingly focused on AI, algorithms, and data analytics in financial services.
What this means:
- While not yet a formal SMF requirement, firms should expect to assign clear accountability at Senior Manager level for technology and AI use.
- Brokers will need to show they are monitoring AI-driven pricing, avoiding data bias, and ensuring that tech doesn’t reduce customer understanding or service quality.
This is a developing area: the FCA’s AI Discussion Paper (DP5/22) and ongoing consultations signal that AI accountability is coming under sharper scrutiny.
-
Non-Financial Misconduct & Misconduct Disclosures: New Rules from 2026
From 1 September 2026, the FCA will extend the Conduct Rules (COCON) to cover non-financial misconduct (NFM), including serious bullying, harassment, discrimination, and violence.
These behaviours will be treated as Conduct Rule breaches, even where unrelated to regulated activity. Firms will also need to disclose serious, substantiated misconduct in regulatory references, closing gaps that have allowed individuals to move unchecked between firms.
What this means for brokers:
- Accountability: Senior Managers must ensure SoRs cover misconduct oversight and escalation.
- Policies: Update Conduct, Disciplinary, and Whistleblowing policies to define NFM and set clear investigation standards.
- Regulatory References (SYSC 22): References must cover the last six years — with no limit for very serious misconduct — and be updated if new facts emerge.
- Training & Culture: Staff and managers need role-based training on NFM, and firms must show evidence of safe reporting channels and consistent handling of cases.
Timeline: Published July 2025 → In force 1 September 2026. Firms should test updated processes ahead of go-live. Need help to stay compliant? Reach out to our team.
FAQs on SM&CR 2026
Q: How does SM&CR link to the Consumer Duty?
A: SM&CR provides the accountability mechanism — the FCA uses it to hold individuals responsible for embedding and evidencing Consumer Duty outcomes.
Q: What size of firm is affected by these expectations?
A: All regulated brokers, but the FCA will proportion its supervision. Smaller firms must still demonstrate accountability and resilience but can do so with proportionate frameworks.
Q: How does the NFM regime interact with Consumer Duty or conduct risk?
A: Personal misconduct may now trigger a Conduct Rules breach under COCON, even if unrelated to regulated tasks. This intersects with FCA expectations that personnel uphold behaviours consistent with customer-centric culture and harm prevention.
Q: What’s a “serious, substantiated misconduct” for reference purposes?
A: Misconduct you reasonably conclude is material to fitness and propriety, often involving harassment, abuse, violence, or other grave behaviour. For very serious matters, there’s no time limit on disclosure.
Q: Will brokers need a dedicated “AI Senior Manager”?
A: Not formally (yet). But the FCA expects clear ownership of technology risks at senior level, which should be documented in your governance framework.
Stay Ahead with My Virtual Compliance.
The FCA’s focus on evidence, data, resilience, and culture means brokers cannot afford a “tick-box” approach.
At My Virtual Compliance, we specialise in helping SME brokers stay ahead of shifting FCA expectations — from Consumer Duty board reporting to SM&CR stress-testing and AI compliance planning.
👉 Book your free compliance health check today and ensure your brokerage is FCA-ready for 2026.
