Impact of Data Protection on the Senior Managers & Certification Regime (SM&CR)

The SM&CR comes into effect for all FCA regulated firms on 9 December 2019. Firms will have to undertake a Criminal Record Check for any individual who is recruited or promoted into a Senior Manager Function (SMF) role. (Individuals that are already approved by 9 December, i.e. people in a Senior Management Function role at that time, and who will not be changing the SMFs for which they are responsible, will be ‘converted’ automatically.)

Criminal offence data is defined as a separate category of data under the Data Protection Act 2018 and is subject to specific safeguards. Firms will need to consider the data protection implications. These are summarised below. 

  • To process (including obtaining) such data requires a lawful basis under Article 6 of GDPR and also legal authority under Article 10 of GDPR;
  • Lawful basis could be ‘legal obligation’ or ‘consent’ – but consent is best avoided as it might be considered as having not been freely given (as the individual will be in the position of applying for a job or promotion and might not wish to jeopardise that);
  • Legal authority also exists by statute (the requirement under SM&CR);
  • Firms must include a Data Protection lawful basis aspect within their recruitment process;
  • For Senior Manager approval, a criminal record check for SPENT AND UNSPENT convictions is mandatory, and is permitted by statute;

Spent convictions are those convictions that have reached a set period as defined by the Rehabilitation of Offenders Act 1974, and are removed from an individual’s criminal record. Unspent convictions are those records that have not yet reached this defined time and will appear on a Basic Criminal Record Check. Rehabilitation periods vary according to the offence and the jurisdiction (England & Wales, Scotland or Northern Ireland).

Where a candidate has spent a considerable amount of time working or living outside the UK, firms should consider undertaking an equivalent check with the appropriate overseas regulatory body where available.

Important note: for Certificated Staff, a criminal record check is optional. It is ILLEGAL to check or ask for disclosure of SPENT convictions for Certificated Staff under the Rehabilitation of Offenders legislation.

 

Criminal records – how to check

Smaller firms may need to go via an umbrella organisation.

Important Note: ATEB news is intended to provide general information ONLY. The content, including any views expressed or guidance provided, does not replace the need to comply fully with FCA Rules and Guidance. Unless you have discussed news article content with ATEB, and specifically how it relates to your circumstances, then ATEB disclaims all liability and responsibility and actions arising from any reliance placed upon it. For the avoidance of doubt therefore, any reliance you place on such information without our consultation is at your own risk.

ATEB Compliance offers compliance and regulatory advice.

ATEB Suitability provides report writing software for the financial services market.

Our View

Firms will have to review many internal processes in readiness for SM&CR, including those related to recruitment.

Data protection considerations must be taken into account.

Action Required By You

  • Review your recruitment processes in relation to data protection;
  • In particular, ensure that processes for obtaining a criminal record check are compliant with DPA 2018;
  • Contact your usual ATEB consultant for further information or contact ATEB directly.
SUIT - Beautiful Reports
CREATE BEAUTIFUL
SUITABILITY
REPORTS
SUIT - Complete Control
TAKE BACK
CONTROL OF YOUR
SUITABILITY REPORT
PRODUCTION
SUIT - Comp confidence
SUITABILITY
REPORTS
WITH FULL
COMPLIANCE
CONFIDENCE
COMP - Hands on
HANDS-ON COMPLIANCE
Helping you to implement solutions
COMP - File checking
FILE CHECKING
All business cases checked, including DB transfers
COMP -166
Section 166 and
Regulatory Reviews
Extensive S166 experience
COMP -healthchecks
Audits and
Health Checks
Need a regulatory check-up?
COMP -166
E-COMPLIANCE
A lighter touch support service
COMP -166
FCA Applications
We have completed hundreds
of Part IV applications
previous arrow
next arrow

About the Author

Technical Manager - Often referred to as the Oracle or the Sage, Alistair has a wealth of financial services experience. He is our go-to Technical Manager and enjoys nothing more than a complicated conundrum. Feel free to test his renowned knowledge by getting in touch.

Contact Us

Brought to you by

Explore more articles in this category

Other articles that you might be interested in