FCA ban is a sharp SM&CR warning on fit and proper, integrity and senior manager accountability

The FCA’s decision to ban Kasim Garipoglu from working in UK financial services is one of those enforcement outcomes that firms should read as more than a story about one individual. It is a reminder of what the regulator expects from people in positions of influence and what firms need to evidence under the Senior Managers and Certification Regime (SM&CR) when they assess whether someone is fit and proper. The FCA announced on 13 March 2026 that Mr Garipoglu had been banned because it found he was not fit and proper due to a lack of honesty and integrity. 

The immediate point is obvious: dishonesty and regulatory misconduct can end careers. The more useful point for firms is what this says about SMF accountability, fitness and propriety, and the need for boards, HR and compliance teams to spot problems early rather than treating them as historical issues or personality clashes. The FCA’s own SM&CR material says the regime exists to reduce harm to consumers and strengthen market integrity by making individuals more accountable for their conduct and competence, and that it applies through the Senior Managers Regime, the Certification Regime and the Conduct Rules.

What happened in the Garipoglu case?

According to the FCA press release and Final Notice, Mr Garipoglu was the ultimate beneficial owner of two firms. One was an authorised firm that provided online FX and CFD trading; the other was an authorised e-money institution whose authorisation was later revoked. During the relevant period, he held controlled functions at the trading firm as Chief Executive (CF3) and Director (CF1), and was the sole or dominant board member. The FCA concluded that his conduct showed a lack of honesty and integrity. 

The FCA’s findings were extensive. It said documentary evidence showed disregard for AML and compliance obligations, disregard for the advice of AML and compliance personnel, a willingness to direct action without an honest and reasonable belief that it complied with regulatory requirements, and a willingness to run serious compliance risk in pursuit of commercial advantage. The notice also says he misled, overruled and undermined compliance staff and senior UK management, contributing to an environment where some staff openly disregarded compliance obligations. 

The case also involved direct dishonesty with regulators. The FCA says that between February 2013 and December 2022 Mr Garipoglu deliberately sought to mislead the FCA and other regulators by providing false or misleading documentation or information. The press release refers to forged or falsified documents, inaccurate declarations in an authorisation application, and an instruction to a colleague to impersonate him in dealings with a South African regulator. 

That combination matters because the legal basis for the prohibition is section 56 FSMA, which allows the FCA to make a prohibition order where an individual is not fit and proper to perform functions in relation to regulated activities. The FCA’s fit and proper framework highlights three main elements: honesty, integrity and reputation; competence and capability; and financial soundness. In this case, the FCA focused squarely on honesty and integrity. 

Why this matters for SMCR firms now

A technical point is worth noting. The Final Notice refers to CF1 and CF3 roles under the old Approved Persons framework, not today’s Senior Management Function (SMF) labels. But that does not reduce the relevance of the case. If anything, it makes the lesson broader: whatever the historical label, the regulator is still looking at the same core question under today’s framework — can this individual be trusted to act with integrity, comply with regulatory requirements and deal candidly with the regulator? 

That is exactly where SM&CR bites. The FCA says firms must ensure that SMFs and Certification Staff are fit and proper on an ongoing basis, including through annual assessments. It also expects firms to be able to evidence how they satisfied themselves that a candidate for an SMF role was fit and proper before applying for approval. 

The regulator’s wider message is just as important. The FCA’s current review of SM&CR says the regime has driven up standards and is intended to preserve individual accountability even as parts of the framework are streamlined. So while the FCA is consulting on reducing burden in areas such as certification duplication and annual checks, it is not stepping back from the core idea that senior people must meet expected standards of conduct and be accountable for what happens on their watch.

The SMCR keywords firms should really focus on

For many firms, the most important search terms are not just SMCR or SMF. They are the practical phrases that sit behind enforcement risk.

Fit and proper assessment. The FCA’s F&P page is clear that firms should carry out regular, thorough and consistent assessments, and that “rubber stamp” exercises are poor practice. That is a direct warning for firms that annual certification or senior manager reviews have become formulaic. 

Conduct rules and integrity. The FCA Handbook’s Individual Conduct Rules begin with a simple requirement: act with integrity. That sounds obvious, but enforcement cases show the regulator will test integrity in the real world, especially where there is misleading information, pressure on control functions or attempts to game the regulatory perimeter. 

Regulatory references. The FCA says firms assessing prospective SMFs must undertake appropriate referencing going back six years, and SMCR firms are required to provide regulatory references when requested. A prohibition case like this is exactly why references, due diligence and escalation matter. 

Certification regime. The certification side of SM&CR is sometimes treated as an HR cycle. That is risky. The FCA’s current consultation explicitly keeps the focus on ensuring that people who are not SMFs are still fit and proper for their roles, even while seeking to streamline the mechanics. 

What firms should do now

First, firms should revisit whether their fit and proper framework genuinely tests honesty and integrity, or whether it leans too heavily on competence, qualifications and annual attestations. The FCA’s own examples of poor practice include delegated or weak oversight, perfunctory competence assessment and processes that cannot show how marginal cases are handled. 

Secondly, firms should ask whether compliance challenge is truly effective. The Garipoglu case is, in large part, a case about what happens when commercial leadership overrides AML and compliance staff and treats regulatory risk as a price worth paying. That is not only a financial crime issue; it is a governance, culture and accountability issue. 

Thirdly, recruitment and leaver processes need to work in practice. That means robust regulatory references, proper pre-appointment diligence, and escalation where any adverse information raises a question about honesty, integrity or openness with regulators. The FCA is explicit that firms must take reasonable care not to allow prohibited individuals to perform functions they are barred from performing.

The real lesson for boards and senior managers

The strongest takeaway from this case is not that the FCA can ban an individual. That has always been true. The stronger point is that the regulator is still focused on the fundamentals that sit at the heart of SM&CR: personal accountability, regulatory candour, integrity, proper challenge from control functions and credible fit and proper assessments. The regime may evolve, and some administrative requirements may be simplified, but those fundamentals are not going away. 

For firms, the question is straightforward: if a similar pattern of behaviour existed inside your business, would your SMCR framework identify it early, escalate it properly and stop it from becoming an enforcement case?