When running Siteminder as IdP, even if the SP certificate has been
updated for the Partnership, the SP Entity definition still showing
the old certificate.

Policy Server all versions

When the SP Entity brings the certificate, then the right way to
upgrade the certificate for signing the Authentication Request is to
ask the SP side to export the Metadata, and then import the Metadata,
and select the option "Update Existing". This will upgrade the
partnerships certificate with this SP as well as the SP Entity
Certificate as mentioned in the documentation (1).

The fact that the certificate is bound to the Entity probably reflects
the fact that the Entity has been created with a Metadata files which
brought the former certificate.

(1)

    Note

      If you are editing a partnership, you can click Get Updates next
      to this field to update the entity information. The latest
      information from the entity configuration is propagated to the
      partnership. However, if you edit the entity information directly
      from the partnership, the changes do not get propagated back to
      the individual entity configuration.

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/partnership-federation/partnership-creation-and-activation.html