The SM&CR comes into effect for all FCA regulated firms on 9 December 2019. Firms will have to undertake a Criminal Record Check for any individual who is recruited or promoted into a Senior Manager Function (SMF) role. (Individuals that are already approved by 9 December, i.e. people in a Senior Management Function role at that time, and who will not be changing the SMFs for which they are responsible, will be ‘converted’ automatically.)

Criminal offence data is defined as a separate category of data under the Data Protection Act 2018 and is subject to specific safeguards. Firms will need to consider the data protection implications. These are summarised below. 

• To process (including obtaining) such data requires a lawful basis under Article 6 of GDPR and also legal authority under Article 10 of GDPR;
• Lawful basis could be ‘legal obligation’ or ‘consent’ – but consent is best avoided as it might be considered as having not been freely given (as the individual will be in the position of applying for a job or promotion and might not wish to jeopardise that);
• Legal authority also exists by statute (the requirement under SM&CR);
• Firms must include a Data Protection lawful basis aspect within their recruitment process;
• For Senior Manager approval, a criminal record check for SPENT AND UNSPENT convictions is mandatory, and is permitted by statute;

Spent convictions are those convictions that have reached a set period as defined by the Rehabilitation of Offenders Act 1974, and are removed from an individual’s criminal record. Unspent convictions are those records that have not yet reached this defined time and will appear on a Basic Criminal Record Check. Rehabilitation periods vary according to the offence and the jurisdiction (England & Wales, Scotland or Northern Ireland).

Where a candidate has spent a considerable amount of time working or living outside the UK, firms should consider undertaking an equivalent check with the appropriate overseas regulatory body where available.

Important note: for Certificated Staff, a criminal record check is optional. It is ILLEGAL to check or ask for disclosure of SPENT convictions for Certificated Staff under the Rehabilitation of Offenders legislation.

Criminal records – how to check

• In England & Wales – register with the Disclosure and Barring Service (DBS)
• … or the equivalent agencies in Scotland
• … or Northern Ireland

Smaller firms may need to go via an umbrella organisation.