Where does the data come from?
CoverProof retrieves approved-person data from the FCA Financial Services Register public API. The API is provided by the FCA at register.fca.org.uk and returns the firm’s currently approved individuals, their Senior Management Function codes (SMF1–SMF29), and their individual reference numbers (IRNs).
CoverProof calls the API using your firm’s Financial Reference Number (FRN). No account credentials are shared with the FCA — the FRN is a public identifier.
The FCA Register reflects the FCA’s own records. It does not include individuals who are not FCA-approved — your unregistered senior managers, executive directors below SMF threshold, and holding-company executives are therefore not in the FCA Register data. CoverProof identifies those individuals from your uploaded SM&CR register CSV.
How current is the data?
Data fetched from the FCA Register is cached for up to 24 hours on CoverProof’s servers. The cache timestamp is shown on the Import page next to each fetch — look for “Data as of [date] (cached)”.
The FCA Register itself is the FCA’s live operational database. Changes made to an individual’s approval status (new approvals, cancellations, withdrawals) are reflected on the Register when the FCA processes them — CoverProof’s cached copy may be up to 24 hours behind.
For compliance decisions where register currency matters (for example, checking whether a pending SMF application has been approved), verify directly at register.fca.org.uk.
Temporary cover and acting-while-pending are not full SM&CR coverage. A pending SMF application, or a 12-week temporary-cover arrangement under FCA PS26/6, creates at most a partial governance hook — it does not remove the need for a Section 250 functional-test assessment. CoverProof classifies such individuals as Partial coverage, not Full.
Why does the check page show asset-derived source context?
Some check results show an asset-derived source context panel. That panel comes from CoverProof’s internal coverage asset: a refreshed, source-dated summary of FCA Register rows that has already passed the methodology and output-hash checks used elsewhere in the product.
The panel is there to explain the source-role counts behind the check result. It can show SMF holder counts, certified-role counts, unresolved source-role counts, stale source rows, source date, source freshness, methodology version, and output hash.
It is not a market comparison, not a benchmark, and not a legal conclusion about the firm’s Section 250 position. If the source date, methodology, output hash, or legal-safety caveat is missing, CoverProof hides the panel rather than showing a partial or unsupported context.
What are IRNs?
An Individual Reference Number (IRN) is the FCA’s unique identifier for an approved person on the Financial Services Register. IRNs have the format PRN123456. They appear in the FCA Register and in your firm’s FCA correspondence.
CoverProof uses IRNs to cross-reference your uploaded SM&CR register CSV against the FCA Register — matching approved persons to the individuals you have uploaded, so the gap analysis can identify who is and who is not FCA-approved.
IRNs are stored in CoverProof’s database only. They are never transmitted to the AI classifier. When CoverProof classifies an individual’s Section 250 attribution risk, it sends job title, role description, reporting structure, and SM&CR function codes — not the IRN and not any other FCA identifier. The IRN is used only for matching; classification uses the individual’s functional role.
How does AI classification use FCA data?
CoverProof’s AI-assisted classification uses the cross-reference result — whether an individual is FCA-approved and which SMF functions they hold — as one input to classification. The classifier receives:
- Job title and role description (from your uploaded CSV)
- Whether an FCA match was found (yes/no, derived from cross-referencing)
- SMF function codes if a match was found (e.g. SMF3, SMF24)
AI-assisted classification — constrained to a fixed verdict schema. Compliance officer review required before declarations. Verdicts are Full / Partial / None / Uncertain; the classifier cannot return values outside this set. Every prompt and raw response is persisted to your audit trail; the model id and methodology version are recorded with each output.
The classifier does not have access to the FCA Register directly. All data it receives is pre-processed from your uploaded register and the cached FCA cross-reference result.
Individuals not in the FCA Register
Individuals who are not FCA-approved will not appear in the FCA Register data. This includes:
- Executive directors and senior managers below the SMF threshold at Core-tier and Limited-scope firms
- Holding-company executives who influence the firm’s regulated activities but are employed by the parent
- Interim or acting post-holders where the FCA application has not yet been submitted
- Individuals whose FCA approval has lapsed or been cancelled, even if they are still active in the role
These are the individuals most likely to create Section 250 attribution risk, because they meet the functional “senior manager” test in s.250(3) of the Crime and Policing Act 2026 without holding an SMF approval. CoverProof identifies them from your uploaded register and classifies their attribution risk — this is the core purpose of the gap analysis.