Every Senior Manager's Statement of Responsibilities. Every Certified Person's Certificate. Every regulated individual's 55-question Fit & Proper. CPD logged against the FCA's 35-hour benchmark. Signable PDFs out, in seconds.
Trusted by 250+ UK-regulated firms · Built by compliance professionals to make your life easier.
Book a ConsultationSM&CR is the regime where the workload scales with headcount. Word documents, SharePoint folders and inbox threads cannot evidence it at regulator grade.
Statements of Responsibilities re-drafted in Word every year. Prescribed Responsibilities allocated by email. SMF16 sign-offs chased by text. A fresh consultant invoice arriving every spring. The FCA expects structured, queryable evidence. You have file names.
Every Approved Person gets annually re-assessed as Fit & Proper. A 55-question FCA Form A Section 5 questionnaire (criminal, civil, business, regulatory, other matters) re-authored from scratch every year in Word, printed, signed, scanned, filed. Certificate of Competence? A countersigned Word doc in a shared drive.
COCON requires breaches of the Individual Conduct Rules to be logged, investigated, and notified to the FCA. Most firms log them in an inbox. Annual Certification refreshes without a Conduct Training record. The FCA asks "show me your Conduct Rules breach register". A Slack thread isn't an answer.
The FCA recommends 35 CPD hours per regulated individual per year: structured and unstructured, with dated evidence. Most firms track it in an Excel sheet someone updates in December. No live totals, no year-end export, no anniversary alert.
If SM&CR currently lives in Word docs, consultant invoices and anniversary-date panic, People Compliance is for you.
SM&CR and APER answer to different rulebooks. The annual evidence pack underneath looks the same — Statement, Fit & Proper, CPD, signed PDFs out — and that's what supervisors recognise.
Every Senior Manager's Statement of Responsibilities (FCA Form A capture). Every Certified Person's annual Certificate of Competence. The 31 Prescribed Responsibilities firm-type-banded. The 9-document SYSC 22 Regulatory Reference DD pack, ready to issue.
Appointed Representatives and firms still under APER get the same regulated-persons backbone. APER & IDD record types alongside SMF and Certification. F&P assessments, regulatory references and CPD against the FCA's 35-hour benchmark — every individual, every year.
Most SM&CR tools bolt a “regime” dropdown onto a person record. People Compliance models the UK regulated-persons regime correctly: six distinct editor shapes, the FCA’s own Form A as live data, and per-person access control across 1,102 Hub templates.
Six distinct editor shapes, not a generic person record with a regime dropdown bolted on. No other UK compliance platform models the full regulated-persons framework as discrete record types at this price point.
SMF, Certification Regime, Non-Exec Director, APER Approved Person, IDD Staff and Other Staff. Each with the structured fields its regime demands and nothing more. A 6-tab SMF editor with a 4-sub-tab Statement of Responsibilities. A 6-tab CR editor that swaps SoR for an annual Certificate of Competence. A 5-tab APER with Controlled Functions register. The platform’s deepest record-type discrimination, because SMF and CF really are different regimes. Part of a three-layer triangle: Admin models what the firm is authorised to do, People Compliance models who does it under which regime, CMP models the work they perform. The CMP Form Access Control tab is the seam.
SUP 10C · SYSC 4.5 · Three-module triangleA 55-question FCA Form A Section 5 Fitness & Propriety capture, modelled as a 5-node wizard with a live RAG disclosure summary: Green (all ‘No’), Amber (has ‘Yes’ requiring review), Red (incomplete). Assessment Schedule, Next Assessment Due, Create Reminder Task, Export F&P Certificate. A regulator form rendered as structured state, not a Word template.
FIT 2.1 · 2.2 · 2.3 · 55 questions liveEvery certified person gets a 12-month-validity Certificate of Competence PDF: dated, expiry-tracked, regulator-ready, auto-driving the next-assessment reminder. Every person carries a per-template ACL across the full CMP library of 1,102 templates. Enterprise-grade access governance, shipped as standard. Every SMF, every CF, on the record.
12-month validity · 62-form ACLSix regime-native editors — SMF, Certification, NED, APER, IDD and Other Staff — each shaped for its specific obligations and nothing more. Live 55-question FCA Form A F&P wizard, 31 Prescribed Responsibilities firm-type banded, annual Certificate of Competence, and CPD tracked to the 35-hour benchmark.
KPI tiles for your whole regulated population. Register columns for Name, Job Title, Role Type, Email and Date Added — click any row to open the inline editor.
Every SMF is six tabs deep: Details · Statement of Responsibilities · Fit & Proper · Due Diligence · CPD · CMP Form Access Control. The SoR tab opens a 4-sub-tab strip mapped to the FCA template: Details (Sections 1/2/3.1), Prescribed Responsibilities (31 items, firm-type banded), Overall Responsibility (8 pre-populated examples), Other Responsibilities (7 pre-populated rows).
The full FCA Form A Section 5 Fit & Proper assessment, live: 5-node wizard across Criminal · Civil · Business · Regulatory · Other, 54 structured Y/N questions + CRC date = 55 completion items, with a RAG Declaration Summary (Green = all No · Amber = Yes needs review · Red = Incomplete). One-click Export F&P Certificate.
SMF, Certification, NED, APER, IDD, Other Staff. SoRs with 31 firm-type-banded Prescribed Responsibilities. 55-question FCA Form A Section 5 F&P wizard. 9-document DD pack with SYSC 22 Regulatory References. Annual Certificate of Competence PDF. CPD tracked against the FCA’s 35-hour benchmark. Per-person access control across all 1,102 CMP templates. Concierge 24-hour user provisioning. Unlimited headcount, with no per-seat meter as the firm grows.
One person record, regime-shaped. Each person type carries only the structured fields its regime demands. Nothing extra. Nothing generic. This is the structural discipline that separates regime-native software from a person database with "SM&CR" pasted on top. Every SMF, every CF, on the record.
SMF1, SMF2, SMF3, SMF9, SMF16, SMF17, SMF27, SMF29. Each selectable with inline UK Core and Enhanced overlay, effective date per function, linked to Statement of Responsibilities. Show SMF evidence in seconds, not weeks.
| Code | Function | Core |
|---|---|---|
| SMF1 | Chief executive | ✓ |
| SMF2 | Chief finance | ✓ |
| SMF3 | Executive director | ✓ |
| SMF9 | Chair of governing body | − |
| SMF16 | Compliance oversight | ✓ |
| SMF17 | MLRO | ✓ |
| SMF27 | Partner | − |
| SMF29 | Limited scope | ✓ |
The FCA's flat lettered list (a)–(z), (aa)–(dd) re-organised into four firm-type applicability bands. A small firm holder sees (a)–(e) plus (aa)–(dd), not (f)–(u). Sharing, Applies? and Shared-With columns sit inline with SYSC refs. The structural choice most SM&CR tools miss.
A 5-node wizard across Criminal, Civil, Business, Regulatory and Other Matters. 54 structured Y/N questions plus Date of CRC equals 55 completion items. Each section's Yes answers raise an Amber disclosure into the RAG summary. The FCA expects annual fit-and-proper. We've got you covered.
| Section | Ref | Qs |
|---|---|---|
| Criminal Proceedings | 5.01 | 6 |
| Civil Proceedings | 5.02 | 21 |
| Business & Employment | 5.03 | 7 |
| Regulatory Matters | 5.04 | 17 |
| Other Matters | 5.05 | 3 + CRC |
CASS Oversight, Proprietary Trader, Significant Management, Client Dealing, Qualification-required, Managers of Certification Employees, Material Risk Takers and Algorithmic Trading. Each with its own SYSC 27.8 anchor and per-function effective dates. SM&CR, proved.
A data-driven one-page A4 Certificate with Issue Date + auto-calculated Expiry Date, Certification Functions bullet-listed, and the 12-month validity baked into the body. Pair with the F&P Assessment Schedule for annual-cycle autopilot.
The SM&CR Conduct Rules training obligation captured on the CR Certificate tab. Date of Training plus a binary Pass/Fail result, stamped against the person record. Structured for audit, not a Word doc attached to an email. Audit-ready the moment the regulator calls.
CF1–CF6, CF8, CF10, CF10a, CF11, CF12, CF12a, CF12b, CF28, CF29, CF30, spanning Significant-Influence and Customer-Facing CFs. APER firms keep first-class support with no forced upgrade to SM&CR shape. Every legacy approval stays on the record.
Structured vs Unstructured hours live-driven from the Activities Log. Editable annual target with the FCA guidance anchor built in: "FCA typically recommends 35 hours annual CPD for regulated individuals."
DBS, Employment References ×2, Regulatory References, Credit Check, CV, ID and Proof of Address. 3-state status (Received / Requested / Not Required) with file uploads and the DD Complete % rolling up to the module KPI tile.
Regulatory References captured inside the DD pack: structured, uploaded, status-tracked. The SYSC 22 six-year retention obligation stops being a filing task and becomes a queryable record. Prior-employer Known Concerns logged against the person, every time.
"User requires account access" opens a 4-step gated workflow with required-modules multi-select and a 24-hour account-creation SLA. Admin-reviewed, not self-service. The governance surface the FCA expects, priced flat.
An enterprise-grade access-control grid over the full CMP template library: Register Modules, Data Protection, Financial Crime, FCA General, FCA Specialist and Compliance Reports. Grant All, Revoke All, per-template toggle. The FCA-expected governance surface for regulated-people access to compliance records.
Conduct Rule breaches logged, investigated and notified to the FCA through the CMP's Breach Register. Cross-linked to the person record, auditable by date, status and outcome. Weak-challenge findings caught before the regulator does.
The three modules form a people-organisation-and-work operating system for regulated firms. The CMP Form Access Control tab is the architectural seam tying every person to the specific templates they're allowed to operate: the access-control surface the FCA expects to see in a mid-sized regulated firm. Your annual SM&CR cycle stops being a scramble and becomes a sign-off.
Included with every RegTechPRO subscription
Otto is trained on SUP 10C, SYSC 4.5/4.7, FIT 2.1–2.3, FCA Form A Section 5, SYSC 6.1/6.2/7.1/19D, SYSC 27.8 Certification rules, APER Principles and COCON. It answers any SM&CR, APER, F&P, CPD or Conduct Rules question your team throws at it, cited and handbook-grounded — and orchestrates the workflow underneath: whose Fit & Proper is due, who’s short of the 35-hour CPD benchmark, which Certified Person needs an annual Certificate signed, what the next action is.
Otto does two things for People Compliance. First, it's on call to answer any SM&CR, APER, F&P, CPD or Conduct Rules question your team asks, citing SUP 10C, SYSC, FIT, SYSC 27.8, COCON and the FCA Form A notes. Second, it runs the workflow underneath your regulated-people register — surfacing whose F&P is due, who's short of the 35-hour CPD benchmark, which Certified Person needs an annual Certificate signed and what the next action is, so the annual cycle never drifts.
“Which Prescribed Responsibilities apply to a small UK Core firm?” “Does CF30 survive into SM&CR or is it legacy APER only?” “What has to go on the F&P Form A Section 5.05 Other Matters tab?” Otto answers from SUP 10C, SYSC, FIT, SYSC 27.8 Certification rules, COCON and the FCA Form A notes. In seconds, with citations.
It drafts F&P questionnaire narratives and SoR text from the live person record, suggests Prescribed Responsibility allocations by firm-type band, and answers any SM&CR, APER, FIT, COCON or SYSC 27.8 question your team asks. See it work on a live SMF record.
From Heads of HR to Compliance Oversight SMFs. How firms are replacing Word-based Statements of Responsibilities and annual F&P re-authors with a live, regime-shaped record.
We used to produce every Statement of Responsibilities in Word and redraft every F&P from scratch each March. One senior manager alone was a full day's work. Now the SMF picker drops straight into a 4-sub-tab SoR with the Prescribed Responsibilities pre-filtered to our firm-type band. The 55-question F&P is a tick-through. The Certificate of Competence exports as a PDF with the right SYSC 27.8 functions on it. Our March cycle went from a fortnight to an afternoon.
As SMF16 I'm the first person the FCA wants to talk to in a supervisory visit. Having the 31 Prescribed Responsibilities sitting in the right firm-type band, the F&P Declaration Summary with RAG, and a per-person ACL across 1,102 CMP templates, all in one record, is the governance surface I always wanted. Our annual SM&CR cycle went from a fortnight to an afternoon.
Everything you need to know about SM&CR, APER, Fit & Proper, Certification, CPD and how Otto sits inside your annual people-compliance cycle.