Many compliance teams assume that if their SM&CR register is in order, they are covered for Section 250. They are not. The two frameworks target different populations with different standards of evidence. Here is what you need to know.
SM&CR: a framework for pre-approval and certification
The Senior Managers and Certification Regime was designed to ensure that the most senior and potentially harmful roles at FCA-authorised firms require either FCA pre-approval (Senior Management Functions) or firm-level certification (Certified Persons). The regime defines specific functions — SMFs, CFs, and Conduct Rules staff — and assigns accountability for each.
SM&CR is an ongoing regulatory framework. It has no sunset date and no deadline. It is the baseline accountability structure for FCA-regulated firms.
Section 250: a corporate attribution mechanism
Section 250 of the Crime and Policing Act 2026 is a corporate attribution mechanism, not a general regulatory framework. Under s.250(1), where a "senior manager" (as defined in s.250(3)) commits a qualifying offence within the actual or apparent scope of their authority, the organisation itself is treated as having committed that offence. The provision applies to all UK bodies corporate and partnerships — not only FCA-authorised firms.
Section 250 has a hard commencement date: June 29, 2026. Organisations that have not identified their s.250(3) population and built a documented record of having done so by that date face criminal exposure, not merely regulatory enforcement.
The key practical differences
First: SM&CR is about who you are (your role, your FCA registration), while Section 250 is about what you do — the s.250(3) test asks whether you play a significant role in managing or organising a substantial part of the organisation's activities (any activities, not only financial ones). Someone can be outside SM&CR but within Section 250 scope — and vice versa, though this is rarer.
Second: SM&CR is an FCA regime, enforced through FCA supervision and enforcement. Section 250 is a criminal law provision, enforced through the criminal courts with the consequences applicable to the underlying offence.
Third: SM&CR compliance is continuous and ongoing. A robust Section 250 response requires a specific documented action before June 29 — the gap analysis and declaration cycle — with ongoing review thereafter.
Why your SM&CR register is the starting point, not the endpoint
For FCA-regulated firms, the Section 250 gap analysis starts with your SM&CR register. You compare it against the population of individuals who meet the s.250(3) functional test at your firm — playing a significant role in managing or organising a substantial part of the organisation's activities. The gap — those in the second group but not the first — is your potential Section 250 exposure.
This means a firm with an impeccably maintained SM&CR register still needs to run a Section 250 gap analysis. The SM&CR register tells you who is already covered by the FCA framework. The s.250(3) analysis tells you who may not be — which requires looking at the full population of senior decision-makers, not just those on the register.
Related articles
Ready to identify your Section 250 exposure?
Import your SM&CR register, run your gap analysis, and download a litigation-grade evidence pack. First analysis is free.
Start Free Gap Analysis →