Role Guide

Section 250 and Your Board Liability as CEO

Section 250 of the Crime and Policing Act 2026 does not just create firm-level obligations. It creates criminal liability for individuals in significant roles who are not properly covered — and it creates board-level liability for CEOs who cannot demonstrate that their firm identified the gap and acted. If the FCA investigates your firm and you cannot produce a documented gap analysis, a declaration cycle, and a timestamped board evidence pack, there is no good-faith defence available.

Start Free Gap Analysis →
TL;DR

Section 250 of the Crime and Policing Act 2026 does not just create firm-level obligations. It creates criminal liability for individuals in significant roles who are not properly covered — and it creates board-level liability for CEOs who cannot demonstrate that their firm identified the gap and acted. If the FCA investigates your firm and you cannot produce a documented gap analysis, a declaration cycle, and a timestamped board evidence pack, there is no good-faith defence available. CoverProof automates the SM&CR gap analysis, zero-login declarations, and litigation-grade evidence pack generation that CEOs need to complete before the June 29, 2026 statutory deadline under Section 250 of the Crime and Policing Act 2026.

Your Section 250 obligations

1

You are responsible for the firm's Section 250 compliance posture

As CEO, the buck stops with you. Your compliance director or CCO may execute the analysis, but you are accountable for ensuring it happens, that it covers the full scope, and that the board formally acknowledges it before the deadline.

2

The "reasonable steps" standard

Section 250 provides a defence for firms that can show they took reasonable steps to identify and remediate their exposure. A systematic, documented, AI-assisted gap analysis with a complete declaration cycle meets this standard. An oral assurance from your compliance team does not.

3

Board resolution

Your board needs a formal resolution or minute acknowledging the Section 250 gap analysis and confirming that the declaration cycle has been completed. This resolution, timestamped and signed, is the centrepiece of your evidence pack.

Your pre-June 29 checklist

  • Assign Section 250 ownership to your CCO or compliance director
  • Set a hard internal deadline of June 15 (two weeks before the statutory deadline)
  • Receive and sign off on the gap analysis report
  • Confirm that all declarations have been sent and received
  • Formally acknowledge at board level
  • Retain the litigation-grade evidence pack

Common questions

Can I delegate Section 250 compliance entirely to my compliance team?

You can delegate execution, not accountability. As CEO, the board-level obligation is yours. Your compliance team can run the gap analysis and manage the declaration cycle, but you must formally acknowledge the results and ensure the evidence pack is generated and retained.

What is the worst-case outcome if we miss the deadline?

Criminal prosecution under Section 250(3), which carries up to two years' custodial sentence and an unlimited fine. The FCA may also launch a parallel enforcement investigation. There is no cap on the fine and no good-faith defence without documented evidence of reasonable steps taken.

Give your board certainty. Not a verbal assurance.

CoverProof generates a litigation-grade PDF/A-3B evidence pack automatically as declarations complete. Your board can download it, sign it, and minute it — before June 29. First gap analysis is free.

Start Free Gap Analysis →