How it works
A documented, three-step process
From your current SM&CR register to an immutable board evidence pack — without building anything, without chasing anyone for logins.
Start your free gap analysis →Map your significant role population
Upload your FCA register extract. CoverProof maps every approved person against the Section 250 criteria — flagging individuals in significant roles who fall outside your SM&CR perimeter.
AI-assisted classification with mandatory human review
Claude analyses each individual's role and responsibilities against the statutory criteria. Your compliance team reviews and confirms every classification before any declaration is sent.
Send structured declarations. Generate an immutable evidence pack.
CoverProof sends zero-login declaration requests to every uncovered individual. As declarations come in, your board evidence pack builds automatically — PDF/A-3B compliant, timestamped, cryptographically signed.
CoverProof does not make scope determinations. At each step, your compliance team reviews and confirms the classifications before any declaration is sent or any pack is generated.
Built for FCA-regulated firms that need to show their working
A declaration is only as good as the evidence trail behind it.
Evidence packs structured for court use
PDF/A-3B documents (ISO 19005-3) with embedded XMP metadata, SHA-256 tamper-detection hash recorded in the audit database at generation, and immutable audit log. Generated server-side — no headless browser, no fragile third-party renderer. Technical specification available on request. Whether specific documents are admitted in any particular legal proceeding is subject to judicial discretion.
Zero-login declarations
Recipients complete their declaration without creating an account. No friction, no IT overhead, no excuse not to respond. Completion rates are higher when the barrier is a URL, not a signup form.
AI-assisted gap classification — compliance officer review required
Claude maps each individual against the Section 250 statutory criteria — not a generic questionnaire. Structured output (constrained Zod schema, no free-form code can leak through), auditable classification logic, mandatory human review step before sending.
Row-level data isolation
Multi-tenant architecture with Row Level Security at the database layer. Your firm's data is isolated by design — not by configuration or trust.
Audit-grade timestamps
Every declaration send, every download, every status change — timestamped in UTC and recorded to an immutable log. You can prove exactly what happened and when.
FCA Register cross-reference
When FCA API access is configured, CoverProof cross-references each individual against the live FCA approved persons register — verifying their registration status and SMF function codes against the authoritative source.
Section 250 doesn't add to your regulatory obligations.
It creates criminal ones.
This is not a regulatory fine with an FCA enforcement cap. It is a criminal liability statute. The distinction is material.
Crime and Policing Act 2026 — Section 250 (verbatim enacted text)
“Where a senior manager of a body corporate or partnership (“the organisation”) acting within the actual or apparent scope of their authority commits an offence under the law of England and Wales, Scotland or Northern Ireland, the organisation also commits the offence.”
s.250(1), Crime and Policing Act 2026 (c.20) — the organisation faces an unlimited fine on conviction.
s.250(3) defines “senior manager” as an individual who plays a significant role in the making of decisions about how the whole or a substantial part of the activities of the organisation are to be managed or organised, or in managing or organising those activities. The test is functional — it covers all activities, not only financial ones, and applies regardless of FCA approval status.
Unlimited fine
Corporate criminal conviction
Section 250 imposes criminal liability on the organisation — not a regulatory fine with a cap. When a senior manager commits any offence within their authority, the organisation commits it too.
No statutory safe harbour
No adequate-procedures defence
Unlike the Bribery Act or ECCTA failure-to-prevent provisions, Section 250 contains no adequate-procedures defence. Documented governance does not create a statutory shield — but it is material to prosecutorial discretion.
Your current register misses them
Outside SM&CR perimeter
SM&CR covers FCA-approved persons. Section 250 uses a separate functional test — it reaches anyone playing a significant role in managing or organising a substantial part of the firm's activities, regardless of FCA approval status.
June 29 is statutory
The FCA cannot extend it
This is not a regulatory deadline that can be pushed. The date is written into primary legislation. It does not move.
Ready to close your gap?
From upload to first evidence pack in under one hour.