Section 250 of the Crime and Policing Act 2026 is a corporate attribution mechanism that makes organisations liable when their senior managers commit qualifying offences. This guide covers everything you need to identify your exposure, run the gap analysis, complete the declaration cycle, and produce litigation-grade board evidence — before June 29.
Start Free Gap Analysis →Section 250 of the Crime and Policing Act 2026 is a corporate attribution mechanism: where a “senior manager” (s.250(3) functional test — significant role in managing a substantial part of the organisation’s activities) commits a qualifying offence within the scope of their authority, the organisation itself is liable. Applies to all UK bodies corporate and partnerships — not FCA-regulated firms only. The statutory deadline is June 29, 2026. It cannot be extended. Recommended process: (1) identify individuals meeting the s.250(3) test via SM&CR gap analysis, (2) obtain signed declarations, (3) generate a litigation-grade board evidence pack in PDF/A-3B format.
In this guide
Section 250 of the Crime and Policing Act 2026 is a corporate attribution mechanism. Where a "senior manager" of a body corporate or partnership commits a criminal offence under the Act within the actual or apparent scope of their authority, the organisation itself is treated as having committed that offence. Section 250(3) defines "senior manager" as an individual who plays a significant role in (a) the making of decisions about how the whole or a substantial part of the activities of the body corporate or partnership are to be managed or organised, or (b) the managing or organising of the whole or a substantial part of those activities.
The test covers all organisational activities — not only financial ones — and is independent of FCA approval status. This is not a standalone criminal offence for failing to hold declarations. It is a mechanism that attributes the criminal conduct of qualifying senior managers to their organisation. The practical effect: organisations need to know who their "senior managers" are under this definition, because any qualifying criminal act those individuals commit in scope of their authority becomes the organisation's liability.
The legislation was passed in recognition that existing frameworks did not fully address the gap between individual criminal accountability and corporate liability. Section 250 fills that gap by making senior organisational decision-makers a defined risk point for their employers.
The s.250(3) test asks whether an individual plays a significant role in (a) the making of decisions about how the whole or a substantial part of the activities of the organisation are to be managed or organised, or (b) the managing or organising of the whole or a substantial part of those activities. The test is based on organisational authority and decision-making scope — not job title, FCA registration status, or whether their role is specifically financial.
Individuals typically in scope include: chief executive officers, chief operating officers, chief financial officers, heads of major business divisions, senior portfolio managers with discretionary authority over significant mandates, heads of risk and compliance with oversight of substantial operations, and directors of material subsidiary entities with a UK nexus. The common thread is that these individuals make or shape decisions about how a substantial part of the organisation operates — whether or not they hold a formal SMF or Certified Function designation.
Critically, s.250 is not limited to FCA-regulated firms. It applies to all UK bodies corporate and partnerships. FCA-regulated firms are particularly well-positioned to run the gap analysis because SM&CR provides a documented baseline of approved persons — making the gap visible.
The gap analysis is the foundation of a robust Section 250 risk management process. It requires you to compare two populations: everyone currently approved or certified under SM&CR at your firm, and everyone who meets the s.250(3) functional test — playing a significant role in managing or organising a substantial part of the organisation's activities (whether or not they are approved).
Step one is obtaining your FCA register extract for your firm(s). This is available via the FCA Register Extract Service and identifies every approved person associated with your FRN. Step two is preparing a list of all individuals who meet the s.250(3) functional test at your firm. This requires judgment — a mechanical job-title filter will miss people and over-include others. The test is about organisational authority, not title. Step three is comparing the two lists. Everyone on the second list but not on the first represents your potential Section 250 exposure.
The declaration cycle is CoverProof's recommended approach to building a documented, auditable record of your Section 250 risk management process. While s.250 does not itself mandate declarations, having signed declarations from every individual identified in your gap analysis provides the strongest evidential record that your organisation identified its exposure and took positive steps to address it.
Each declaration should identify the individual, their role, the basis on which they were assessed as meeting the s.250(3) test, and their acknowledgement of the obligation. Declarations must be timestamped and traceable to the gap analysis that generated them. A declaration stored in a shared drive folder with no audit trail provides limited evidentiary value. The declaration cycle must include: sending formal declaration requests with delivery confirmation, tracking responses and non-responses, chasing outstanding declarations with documented attempts, and handling any refusals with escalation to the board.
Your board needs to demonstrate that it identified the Section 250 risk and acted before June 29, 2026. This requires a well-documented evidence pack containing: the gap analysis methodology and results, all declarations sent and received with timestamps, any re-send attempts for non-responders, and an executive summary for board sign-off.
CoverProof generates evidence packs in PDF/A-3B format (ISO 19005-3 compliant) with a SHA-256 cryptographic hash recorded at generation time. These properties ensure the document cannot be modified after the fact and that its provenance is verifiable — the same documentation characteristics required in regulatory and legal proceedings. Courts determine admissibility; the pack provides the strongest evidential foundation currently achievable for this type of compliance record. A formal board resolution or minute acknowledging the analysis and confirming completion should be retained alongside the pack.
Section 250 is not a one-time exercise. Declarations expire and must be renewed — annually, or sooner if there is a material change to the individual's role. The population of individuals in scope changes as staff join, leave, or change roles. New significant hires must be assessed against Section 250 criteria at onboarding.
An annual review cycle should be built into your compliance calendar. Each cycle requires a fresh gap analysis, a declaration renewal cycle for all existing declarations approaching expiry, and an updated board evidence pack.
What is Section 250 of the Crime and Policing Act 2026?
Section 250 is a corporate attribution mechanism. Where a "senior manager" of a body corporate or partnership commits a criminal offence under the Act within the actual or apparent scope of their authority, the organisation itself is treated as having committed that offence. "Senior manager" is defined in s.250(3) as an individual who plays a significant role in (a) the making of decisions about how the whole or a substantial part of the activities of the organisation are to be managed or organised, or (b) the managing or organising of the whole or a substantial part of those activities. The test covers all organisational activities — not only financial ones — and applies regardless of FCA approval status.
When does Section 250 take effect?
Section 250 takes effect on June 29, 2026. This is a statutory deadline written into primary legislation. The FCA cannot extend it, and there is no grace period for firms that have not completed their gap analysis and declaration cycle by that date.
Does Section 250 apply beyond FCA-regulated firms?
Yes. Section 250 applies to all UK bodies corporate and partnerships — it is not limited to FCA-authorised firms. FCA-regulated firms face particular exposure because SM&CR creates a documented population of approved persons, making the gap between SM&CR and the s.250(3) test visible and auditable. But the provision applies equally to any UK body corporate whose senior managers commit qualifying offences. There is no minimum threshold.
What is the difference between SM&CR and Section 250?
SM&CR identifies who needs FCA pre-approval (Senior Managers) or firm-level certification (Certified Persons) based on specific regulatory roles. Section 250 uses a different test — the s.250(3) functional test asks whether the individual plays a significant role in managing or organising a substantial part of the organisation's activities (any activities, not only financial ones), regardless of their SM&CR designation. The Section 250 population is typically wider than the SM&CR population because the functional test reaches individuals who exercise real organisational authority but hold no formal SMF or CF.
What documentation standard do CoverProof evidence packs meet?
CoverProof evidence packs are generated in PDF/A-3B format (ISO 19005-3) with a SHA-256 cryptographic hash recorded at generation time. These properties ensure the document cannot have been modified after the fact, has a clear and traceable provenance, and records the full process from gap analysis to declaration completion. Courts determine admissibility on the facts of each case — the pack provides the strongest evidential foundation currently achievable for this type of compliance record.
How long does the Section 250 gap analysis take?
With CoverProof, an initial gap analysis takes under 30 minutes from import to report. Manual approaches take days to weeks and typically produce documentation that lacks the integrity properties (cryptographic hash, immutable audit trail, PDF/A-3B archival format) that strengthen evidentiary value.
Import your SM&CR register, identify your Section 250 gap, send declarations, and download your litigation-grade evidence pack — all before June 29.
Start Free Gap Analysis →