The Section 250 functional test: why SM&CR-covered isn't Section 250-covered

What the statute actually says

Section 250(3) of the Crime and Policing Act 2026 defines "senior manager" as an individual who plays a significant role in (a) the making of decisions about how the whole or a substantial part of the activities of the body corporate or partnership are to be managed or organised, or (b) the managing or organising of the whole or a substantial part of those activities. The clause turns on three concepts: "significant role", "decisions about how... activities are to be managed", and "the whole or a substantial part". None of these is tied to FCA approval, SMF function code, or a Certified Function under SM&CR. The test is purely about what the individual actually does inside the organisation.

Why SM&CR cannot be a complete answer to Section 250

SM&CR (the Senior Managers and Certification Regime, FSMA 2000 Part V) was designed for FCA supervision of financial-services activities. Its scope is the regulated activities the firm performs and the responsibilities the FCA cares about. Section 250 is a corporate criminal-attribution mechanism that applies to ALL UK bodies corporate and partnerships, and ALL their activities. Two consequences follow. First, individuals who play a significant role in non-regulated activities — e.g. a head of technology, a chief operating officer, a managing partner with responsibility for a substantial business division — can meet the s.250(3) test without being on any SM&CR list. Second, individuals who are SM&CR-approved for one type of regulated activity might fail to meet s.250(3) for a different reason: their significant role might be too narrow to satisfy "the whole or a substantial part".

Three classes of "missed by SM&CR" individuals

In our work analysing firm registers, three classes recur. The CTO or CIO with budget and operational authority over a substantial part of the firm's technology activities — explicitly meets s.250(3) for those activities, almost never on SM&CR for them. The head of a major business division (e.g. trading desk, asset class, fund family) with substantial decision-making authority — meets s.250(3) for that division's activities, often only Certified rather than SMF-Approved. The interim or acting senior executive — frequently overlooked because the SM&CR approval lags behind the operational reality. Each of these classes is invisible to a register-only gap analysis but visible to a functional-test gap analysis. CoverProof's classification engine is built around this distinction; see Methodology for the test mechanics.

"A significant role" — what counts

The statute leaves "significant role" undefined at the level of named criteria, which means a court will apply it functionally — the same way courts have applied the analogous "directing mind and will" doctrine in earlier corporate-criminal cases. Decision-making authority over budget and headcount is significant. Operational responsibility for delivery of a substantial product or service is significant. Authority to commit the organisation to material contracts or risk positions is significant. The presence of formal delegation paperwork is helpful but not necessary; if the individual is observably the one who decides, they meet the test. The negative side is symmetric: a senior title without operational authority is not enough. A CEO who is purely ceremonial would (controversially) fail the test; the deputy who actually decides would meet it.

"The whole or a substantial part" — and how to evidence it

The statute pairs "significant role" with a scope qualifier: "the whole or a substantial part of the activities". A board member meets this clearly. So does the head of a business unit responsible for a meaningful fraction of the firm's revenue or risk. So does the head of a function — compliance, finance, risk, technology — whose remit spans the whole organisation. Evidence for the "substantial part" element is functional: organisation chart placement, scope of authority delegations, formal reporting lines from material teams. The board paper or evidence pack should record the assessment with reference to these artefacts so a 2028 reviewer can understand why the firm reached its scope conclusion.

What a complete s.250 gap analysis must do

A defensible gap analysis cannot reduce to "compare our SM&CR register to a list of names". It must independently apply the s.250(3) functional test to every individual with senior responsibility for any substantial part of organisational activities — including operational and non-regulated activities. It must produce a per-individual record showing how the test was applied (the reasoning), what the conclusion was (the verdict), and how confident that conclusion is (the confidence tier). And it must keep that record reproducible: same input, same methodology version, same verdict. CoverProof persists every classification with the SHA-256 input hash, the methodology version, the prompt fingerprint, the AI reasoning steps, and the auditor-grade summary; see Methodology for the full disclosure.

The cost of getting this wrong

If a senior manager later commits a qualifying offence within the actual or apparent scope of their authority, the organisation is treated as having committed that offence under s.250(1). The firm's defence depends on having taken reasonable steps to prevent the offence — and the evidential weight of "reasonable steps" rests on being able to show that the firm understood who its senior managers were, that they had been required to declare what they were doing, and that the firm acted on those declarations. A gap analysis that missed an individual the court later finds meets s.250(3) is not a fatal failing on its own, but it is a much harder defence than one in which the firm can show it applied the functional test deliberately and recorded the result.

Related articles