Section 250 Training for Senior Managers: What to Cover and Why

Why training matters — and what it cannot do

Section 250 of the Crime and Policing Act 2026 (c.20) has no statutory defence. There is no "adequate procedures" safe harbour equivalent to the Bribery Act 2010 s.7, no "reasonable prevention procedures" defence equivalent to the Criminal Finances Act 2017. Training your senior managers does not immunise the organisation from s.250 attribution if a senior manager commits an offence within their authority.

What training does do is two things that matter in practice. First, it creates informed individuals: a senior manager who understands they are in scope under s.250, knows what conduct could trigger attribution, and has acknowledged that knowledge in writing, is less likely to treat certain risks as someone else's problem. Second, training records are part of the documented diligence that can inform prosecutorial discretion — the Joint SFO-CPS Corporate Prosecution Guidance treats documented corporate governance and awareness measures as a factor bearing on whether prosecution of the organisation is in the public interest.

This is general information, not legal advice. Consult a qualified solicitor for your firm's specific circumstances. No Sentencing Council guideline for Section 250 offences exists yet, so claims about a training-related sentencing discount should not be made to participants or to the board.

Who the training is for

The training brief should address individuals who meet the s.250(3) functional test: anyone who plays a significant role in the making of decisions about how the whole or a substantial part of the organisation's activities are managed or organised, or in the managing or organising of the whole or a substantial part of those activities.

That population is wider than the FCA's approved-person perimeter. It includes individuals with SM&CR Senior Management Functions — but it also includes executives without an SMF who have real decision-making authority over a substantial part of the business. Operations directors, chief technology officers, divisional heads, senior portfolio managers: if they play a significant role in running a substantial part of the firm, they are in scope regardless of their FCA approval status.

The training is not appropriately delivered only to the compliance team or to SMF holders. It should reach every individual who has been identified in the gap analysis as meeting the s.250(3) test. For each individual who receives training, a record of attendance and acknowledgement should be kept and incorporated into the board evidence pack.

A brief reminder for the gap analysis: the starting point for identifying who needs training is the s.250(3) analysis, not the SM&CR register. SM&CR approval tells you who the FCA has approved; it does not tell you who meets the functional test.

What the training brief must cover

A Section 250 training session should cover six topics in plain terms.

First: what Section 250 is. The provision (s.250 of the Crime and Policing Act 2026, in force 29 June 2026) attributes a senior manager's criminal offence to the organisation where they act within the actual or apparent scope of their authority. The provision covers any UK criminal offence — not only financial crime. The commencement date is set by s.255(3) of the Act (two months after Royal Assent on 29 April 2026), not by the s.250 section text itself.

Second: what the "senior manager" definition means for this individual. The s.250(3) test — significant role in making decisions about, or managing or organising, the whole or a substantial part of activities — means them, specifically. The training should not be abstract: it should explain why this individual's role puts them in scope.

Third: what "within the scope of authority" means. The attribution mechanism in s.250(1) only applies where the senior manager acts within their actual or apparent authority. The individual should understand the documented scope of their authority and what falls outside it. This is why delegation matrices and authority documentation matter alongside the training.

Fourth: conduct examples relevant to this individual's role. For a CFO: financial reporting and tax. For a head of operations: health and safety and data handling. For a CTO: data protection and cybersecurity criminal exposure. Training is more effective, and the record is more credible, if it is tailored to the participant's actual risk surface rather than delivered as a generic corporate-liability briefing.

Fifth: how the organisation is managing the exposure. What the gap analysis found. What the declaration cycle achieves. What the board evidence pack records. This frames the training as part of a managed governance response rather than an isolated awareness exercise.

Sixth: what the individual is expected to acknowledge. Not a statutory declaration — the Statutory Declarations Act 1835 requires an authorised officer and prescribed form, so a web or paper acknowledgement is never that. A Section 250 Governance Acknowledgement, recording that the individual has received the training and understands their status under s.250(3), is the appropriate instrument.

What the training brief must not say

Several claims are incorrect and must not appear in a training brief.

Do not describe the training as "protection" from Section 250 liability. There is no statutory protection. The training is part of the firm's documented governance response — it is not a shield.

Do not describe the firm's compliance procedures as an "adequate procedures defence" or a "reasonable steps defence" to Section 250. Those defences exist in the Bribery Act and the Criminal Finances Act; they do not exist in s.250.

Do not state that Section 250 "carries X years imprisonment" or name a penalty as if it is set by the s.250 section text. Section 250 is an attribution mechanism: the organisation becomes liable for the same offence as the senior manager, and the penalty is whatever that offence carries under general sentencing law. The s.250 section text does not set a penalty.

Do not describe the declaration process as producing a "statutory declaration". That is a specific legal instrument with a specific formal requirement. The governance acknowledgement is a business-record document, not a statutory declaration under the 1835 Act.

Do not claim that completing the training "satisfies" the October 2025 Judiciary AI Guidance. That guidance is addressed to judicial office holders and court staff, not to parties or their representatives. It does not impose disclosure obligations on firms.

Documenting the training for the evidence pack

A training record that can support the board evidence pack should contain: the date of the training session; a list of attendees by name and role; the scope of topics covered (a summary agenda or the materials used); and an individual acknowledgement from each attendee recording that they received the training and understand their status under s.250(3).

The acknowledgement format can be a signed attendance form, an email confirmation from the individual, or a written governance acknowledgement generated through the compliance workflow. What matters is that there is a dated record per individual, linked to the training session, that can be incorporated into the board evidence pack.

The board evidence pack should then record: that training for in-scope individuals was completed; when; who attended; and that acknowledgements are held on file. This transforms the training from an unreferenced internal activity into a documented governance step that the board has formally noted.

For firms using CoverProof: the Section 250 Governance Acknowledgement workflow captures the individual-level record. The board evidence pack assembles these alongside the gap analysis, the declaration log, and the board minute into a single PDF/A-3B document with a SHA-256 integrity hash. No format guarantees admissibility — a court determines that on the facts of each case — but a fixed, integrity-verified document is the right foundation for a business-record artefact.

Timing: training before and after commencement

Ideally, training should be completed before 29 June 2026 or as close to commencement as possible. The purpose is to ensure that in-scope individuals understand the regime before they are subject to it in full force. Pre-commencement training, recorded in the evidence pack, is better evidence than training delivered months after the law took effect.

Post-commencement, training remains relevant. Section 250 exposure is ongoing — it tracks every criminal offence committed by a senior manager within their authority from 29 June 2026 forward, not just acts committed in the first month. New senior managers added to the in-scope population should receive training as part of their onboarding, and the training record should be refreshed annually alongside the declaration renewal cycle.

Firms that have not yet completed training should not wait. A post-commencement training record, completed promptly after the law came into force and documented in the board evidence pack, is a meaningful part of the governance record even if it does not pre-date commencement.

Related articles

Sources

• Crime and Policing Act 2026, s.250 (c.20)www.legislation.gov.uk/ukpga/2026/20/section/250
• Crime and Policing Act 2026, s.255(3) commencementwww.legislation.gov.uk/ukpga/2026/20/section/255
• Joint SFO-CPS Corporate Prosecution Guidancewww.cps.gov.uk/legal-guidance/corporate-prosecutions
• Bribery Act 2010, s.7 (adequate procedures defence — for comparison)www.legislation.gov.uk/ukpga/2010/23/section/7
• Statutory Declarations Act 1835 (governance acknowledgement must not be called a statutory declaration)www.legislation.gov.uk/ukpga/Will4/5-6/62
• FCA — Senior Managers and Certification Regimewww.fca.org.uk/firms/senior-managers-certification-regime