Section 250 applies to bodies corporate and partnerships separately. In a group structure, the "senior manager of what" question matters: a group CEO or shared-services head may simultaneously be a senior manager of several subsidiary entities, each subject to the attribution mechanism independently. Skadden's June 2026 group-entity analysis provides the clearest published framework for mapping this exposure.
Section 250 applies per entity
Section 250(1) of the Crime and Policing Act 2026 (c.20) attributes a senior manager's offence to "the body corporate or partnership" they are a senior manager of. The section text operates at the entity level — each UK body corporate and partnership is independently subject to the attribution mechanism.
In a simple structure — a single firm with employees — this is straightforward. In a group structure, the entity-level analysis has to run separately for each subsidiary, holding company, and partnership in the group. An individual who is a "senior manager" of one entity may or may not be a senior manager of another entity in the same group.
This is not a theoretical distinction. Corporate groups often operate with shared senior management: a group CEO who makes decisions for all entities in the group, shared-services heads whose remit spans multiple subsidiaries, central compliance or risk functions that work across the whole group. The s.250(3) test has to be applied separately to each entity relationship.
The functional test runs per entity
Section 250(3) defines a senior manager as an individual who plays a significant role in (a) the making of decisions about how the whole or a substantial part of the activities of the body corporate or partnership are to be managed or organised, or (b) the managing or organising of the whole or a substantial part of those activities.
The phrase "the body corporate or partnership" is key. The test asks whether the individual plays a significant role in managing a substantial part of that specific entity's activities — not the group's activities generally. An individual who shapes strategy at group level may or may not be playing a significant role in managing a specific subsidiary's activities, depending on how the group is structured and how much autonomy the subsidiary has.
In practice, this means the gap analysis must be run entity by entity, not at group level. The question for each entity is: who plays a significant role in managing a substantial part of this entity's activities? The answer may differ between a UK trading subsidiary with its own management team and a dormant holding company whose activities are negligible.
Group officers who are senior managers of multiple entities
Skadden's June 2026 analysis of the Crime and Policing Act 2026's attribution mechanism devoted specific attention to group structures. The key insight from their analysis: in many corporate groups, senior officers at group level — Group CEO, Group CFO, Group Risk Officer — are simultaneously senior managers of multiple subsidiary entities, because they make decisions about how each subsidiary's substantial activities are managed. The fact that they exercise this authority from a group parent, rather than from within each subsidiary, does not change the analysis. The functional test asks what they do, not where they sit in the org chart.
This has a practical consequence for the gap analysis. A Group CEO who personally directs the strategy and operations of five UK subsidiaries is a senior manager of each of those subsidiaries for s.250(3) purposes. If they commit an offence within the scope of their authority over any one of those subsidiaries, that subsidiary is also treated as having committed the offence. The exposure runs across five entities simultaneously.
For compliance officers running a group-level gap analysis: the population to analyse is not only the employees of each subsidiary. It includes group-level officers whose decision-making authority reaches into each subsidiary's management.
Wholly-overseas group entities and the s.250(2) carve-out
Section 250(2) provides a carve-out where all the conduct constituting the offence occurs outside the UK and the organisation would not itself commit the offence on those facts. This is a narrow carve-out, but it is relevant for multinational groups.
For a UK body corporate (a UK-registered entity), the entity-level analysis applies regardless of whether its activities are conducted in the UK or internationally. The carve-out applies to the specific conduct constituting the offence, not to the entity's registered jurisdiction. A UK holding company whose wholly-owned overseas subsidiary commits a crime, directed by a group officer, may still face s.250 exposure at the UK entity level if the relevant decisions were made in the UK — because the conduct (the decision-making) was not wholly outside the UK.
The wholly-overseas carve-out is most clearly applicable where a UK entity's senior manager commits a criminal offence entirely outside the UK, in the context of purely overseas activities, and the UK entity would not have committed the offence on those facts even if it had done the same acts. Groups with international operations should take specific legal advice on how the carve-out applies to their structure.
Practical steps for group gap analysis
For a corporate group with multiple UK entities, the gap analysis workflow has three layers.
First: identify every UK body corporate and partnership in the group that has any activities. Dormant entities with genuinely no activities are lower risk — but "dormant" should be assessed on the facts, not assumed from the registered status.
Second: for each entity, build the s.250(3) population. This includes the entity's own management team, but also group-level officers whose decisions reach into that entity's activities. A shared CFO who signs off on the subsidiary's financial decisions is potentially in scope for the subsidiary, even if they are employed by the group parent.
Third: obtain declarations for the gap population at each entity. An individual who is in scope for three entities may receive declarations from three entities — or a single declaration can be structured to cover their role at each entity they are identified as a senior manager of, provided the scope is clear.
The board evidence pack should document the analysis at entity level. Group-level compliance programmes that produce a single group-wide pack without entity-level analysis may not address the per-entity exposure that s.250 creates.
Related articles
The MLRO, COLP, and COFA Under Section 250 — Are Compliance Officers In Their Own Scope?
8 min read
Apparent Authority Under Section 250 — Where the Boundary Actually Sits
9 min read
Who qualifies as a senior manager under Section 250? A role-by-role guide
9 min read
Section 250 Gap Analysis: The Complete Compliance Checklist
5 min read
What Is Section 250 of the Crime and Policing Act 2026?
8 min read
Ready to identify your Section 250 exposure?
Import your SM&CR register, run your gap analysis, and download a PDF/A-3B evidence pack. First analysis is free.
Start Free Gap Analysis →Sources
- Crime and Policing Act 2026, s.250 (c.20)www.legislation.gov.uk/ukpga/2026/20/section/250
- Skadden — Crime and Policing Act 2026: group entity attribution analysis (June 2026)www.skadden.com/insights/publications/2026/06/crime-and-policing-act-2026-senior-manager-attribution
- FCA — Senior Managers and Certification Regimewww.fca.org.uk/firms/senior-managers-certification-regime