Does SM&CR Compliance Protect You from Section 250?
No — and the reason matters. SM&CR and Section 250 of the Crime and Policing Act 2026 use different tests, cover different populations, and answer different questions. FCA PS26/6 (22 April 2026) has further widened the gap by reducing the certified population while leaving the s.250(3) functional-test population unchanged. This guide explains where the two regimes diverge and what firms need to do about it before 29 June 2026.
No. SM&CR asks whether someone holds a named FCA function. Section 250(3) asks whether someone plays a significant role in managing a substantial part of an organisation’s activities — any activities, any UK body corporate or partnership. FCA PS26/6 (22 April 2026) shrank the certified population while the s.250(3) population stayed the same. Firms that reviewed only their SM&CR register have not completed a Section 250 gap analysis.
The short answer: SM&CR compliance does not answer the Section 250 question
This is the single most common misunderstanding about Section 250 of the Crime and Policing Act 2026, and the one most likely to leave a firm with an unidentified gap.
SM&CR is a regulatory accountability framework. It identifies who needs FCA pre-approval (Senior Management Functions) and who needs annual firm certification (Certified Functions) at FCA-authorised firms, based on the specific regulatory roles those people perform. When a firm's SM&CR register is up to date, it has a clean record of who the FCA has assessed and who the firm has certified.
Section 250 is a corporate attribution mechanism. Under s.250(1), where a "senior manager" of a body corporate or partnership commits a criminal offence under the law of England and Wales, Scotland or Northern Ireland while acting within the actual or apparent scope of their authority, the organisation is also treated as having committed that offence. The provision applies to all UK bodies corporate and partnerships — not only FCA-authorised firms.
The critical point is that "senior manager" is defined in s.250(3) by a functional test that is independent of SM&CR status: an individual who plays a significant role in (a) the making of decisions about how the whole or a substantial part of the activities of the body corporate or partnership are to be managed or organised, or (b) the managing or organising of the whole or a substantial part of those activities. Nothing in s.250(3) references the FCA, an approved-person designation, or a Senior Management Function.
A firm that reviews only its SM&CR register has not completed a Section 250 gap analysis. It has identified who the FCA has already approved and who the firm has certified. It has not identified who meets the s.250(3) functional test.
Two tests, two populations — the structural difference
Understanding why the two regimes diverge requires holding their respective tests side by side.
SM&CR asks: Does this individual hold a named function that the FCA requires to be pre-approved or that the firm must certify at this firm? The eligible functions are defined in the FCA's Senior Manager Functions (SMF) list and the Certification Functions list. The analysis is function-specific and firm-specific. It applies only to FCA-authorised firms and their appointed representatives.
Section 250(3) asks: Does this individual play a significant role in making decisions about, or in managing or organising, a substantial part of this organisation's activities? The test is functional and general — it covers all the organisation's activities, not only its regulated or financial ones, and it applies to all UK bodies corporate and partnerships.
Three structural differences follow from these diverging tests.
First, scope of activities. SM&CR focuses on regulated activities and the specific FCA functions that govern them. Section 250(3) reaches every activity the organisation undertakes: operations, technology, legal, finance, HR, procurement. A head of technology who controls the firm's systems but holds no SMF is invisible to SM&CR; if their authority covers a substantial part of the firm's operations, they are within s.250(3).
Second, organisations covered. SM&CR applies to FCA-authorised firms and appointed representatives. Section 250 reaches any UK body corporate or partnership. This matters for group structures: a holding company officer or a parent-entity executive with real authority over the UK subsidiary can fall within s.250(3) without holding any FCA appointment.
Third, consequences. SM&CR non-compliance is enforced through regulatory sanctions — fines, prohibitions, withdrawal of approval — under the FCA's supervisory and enforcement powers. Section 250 operates in criminal law: the organisation faces the criminal consequences of the underlying offence committed by its senior manager. For offences tried on indictment, the penalty is an unlimited fine (the underlying offence's own penalty, which s.250 itself does not set).
FCA PS26/6 (22 April 2026): simplification that widens the gap
FCA PS26/6, published on 22 April 2026, simplified the SM&CR by reducing the scope of the Certified Persons regime. The policy statement adjusted which roles require annual firm certification, with the effect of removing some individuals from the formal certification population.
For Section 250 purposes, this creates a specific risk for firms that completed their gap analysis before PS26/6 was implemented. The s.250(3) functional-test population has not changed — it turns on what individuals actually do, not on whether they appear in a regulatory register. The SM&CR certified population has shrunk. Individuals who were previously captured by certification and therefore appeared on the firm's SM&CR register may no longer appear there after PS26/6 simplification — but they may still meet the s.250(3) test if their substantive authority remains unchanged.
The result is that the "unmapped middle" — individuals who meet s.250(3) but have no SM&CR coverage — has grown after PS26/6. A gap analysis that used a pre-PS26/6 register as its SM&CR baseline needs to be re-run against the updated register.
PS26/6 also addressed temporary cover and acting-while-pending arrangements. Acting while a new SMF application is pending — whether under the PS26/6 temporary cover regime or an older arrangement — gives at most partial SM&CR cover. It does not affect the s.250(3) analysis: the question of whether the acting individual meets the functional test is answered by reference to what they are actually doing in the role, not by the pending application.
SM&CR work is still necessary — it just does not answer this question
Nothing in this guide should be read as suggesting SM&CR compliance is unnecessary or less important than Section 250. The two frameworks address different risks, and a firm needs to maintain both.
SM&CR compliance is important for FCA-regulated firms because it is the FCA's primary mechanism for individual accountability in financial services. The Duty of Responsibility under FSMA s.66B, the FCA's ability to take action against approved persons, and the firm's obligation to certify fitness and propriety — all of these run through SM&CR. A gap in SM&CR compliance is a regulatory enforcement risk.
Section 250 addresses a separate exposure: criminal corporate liability for a senior manager's offending, regardless of whether that person is covered by SM&CR. Section 250 does not replace SM&CR, supersede it, or make it redundant. What Section 250 does is add a second, independent obligation that FCA-regulated firms must address alongside their existing SM&CR compliance.
The practical implication is that firms cannot discharge Section 250 obligations by pointing to SM&CR. The question "have we done our SM&CR?" is a separate question from "have we identified our Section 250 population, obtained declarations from them, and assembled a board evidence pack?" Both questions need answers before 29 June 2026.
The unmapped middle: who falls in the gap
The gap between the SM&CR population and the s.250(3) population is not a theoretical edge case. It is a predictable feature of how FCA-regulated firms are structured.
The most consistent occupants of the gap are roles exercising real organisational authority in non-regulated functions. The chief technology officer who controls the firm's systems and data infrastructure, the chief operating officer whose remit spans operations and vendor management, the general counsel with oversight responsibility across the whole business — these individuals typically do not hold SMFs or Certified Functions because their roles are not directly regulated activities. But if their authority covers a substantial part of the firm's activities, they are strong candidates for the s.250(3) functional test.
A second category is divisional heads at certified-but-not-SMF-approved level. Certified Functions are identified by the firm's assessment that the individual could cause significant harm to consumers or markets. That is a different question from whether the individual plays a significant role in managing a substantial part of the firm's activities. A divisional head running a major business line may be a Certified Person but is not automatically SMF-approved; they may nonetheless meet s.250(3).
A third category is interim and acting executives. SM&CR approval lags operational reality: an individual stepping into a senior role may be actively managing a substantial part of the firm's operations weeks or months before any registration catches up. PS26/6 addressed acting-while-pending for SM&CR purposes, but that provides at most partial SM&CR cover and does not remove s.250 exposure.
The gap analysis task is to identify these individuals — not by working from the register outwards, but by asking who is actually exercising authority over a substantial part of the organisation's activities and then cross-referencing against the register.
What firms should do
The Section 250 gap analysis is a distinct piece of work from SM&CR compliance. Firms that have invested in SM&CR are well-positioned to run it — they have the approved-persons register as a starting point and a culture of documented accountability. But the gap analysis requires additional steps.
Start with two populations. The first is everyone currently approved or certified under SM&CR — your FCA register extract provides this. The second is everyone who meets the s.250(3) functional test: playing a significant role in managing or organising a substantial part of the firm's activities. This second list must be built by looking at what individuals actually do, not by filtering job titles or FCA designations.
Cross-reference the two populations. Everyone on the second list but not the first is your potential Section 250 exposure — a senior manager under s.250(3) who has no SM&CR coverage. These individuals should be assessed individually, with reasoning recorded for each verdict.
Obtain declarations from everyone in the gap and from anyone whose s.250(3) status is uncertain. Send formal declaration requests with delivery confirmation, track responses, chase non-respondents, and document any refusals. Assemble the full cycle into a board evidence pack.
Section 250 has no statutory defence based on documented diligence — documentation is not a statutory shield. What documented assessment does is provide material relevant to prosecutorial discretion under Joint SFO-CPS guidance and may be relevant at sentencing. There is no Sentencing Council guideline for s.250 yet. The right framing is that thorough documentation reduces attribution risk and informs prosecutorial judgment; it is not a guarantee of any outcome.
The deadline is 29 June 2026, fixed by the Act's commencement provisions (s.255(3)), two months after Royal Assent on 29 April 2026. Only Parliament could change it.
Does SM&CR compliance protect a firm from Section 250 liability?
No. SM&CR and Section 250 answer different questions. SM&CR focuses on who holds a named FCA function at an authorised firm; Section 250 uses a functional test — whether an individual plays a significant role in managing a substantial part of any UK organisation's activities. These are independent tests, and a firm whose SM&CR register is complete can still face Section 250 exposure for individuals who fall outside SM&CR but inside the s.250(3) functional test.
What is the difference between the SM&CR test and the s.250(3) test?
SM&CR asks whether an individual holds a named Senior Management Function (needing FCA pre-approval) or a Certified Function (needing annual firm certification), based on the specific regulatory role they perform at an FCA-authorised firm. Section 250(3) asks whether an individual plays a significant role in making decisions about, or in managing or organising, the whole or a substantial part of the organisation's activities — any activities, not only regulated ones, at any UK body corporate or partnership regardless of FCA authorisation.
What is FCA PS26/6 and how does it affect Section 250 exposure?
PS26/6 (FCA, 22 April 2026) simplified SM&CR by reducing the Certified Persons population. Because the s.250(3) functional-test population is unchanged while the SM&CR certified population shrinks, the gap between the two — individuals who meet s.250(3) but have no SM&CR coverage — grows after PS26/6. Firms that completed a gap analysis before PS26/6 should re-run it to ensure the analysis reflects the current SM&CR baseline.
If someone holds an SMF, are they automatically covered for Section 250 purposes?
No. SM&CR approval confirms that the FCA has accepted someone for a named regulatory function. It does not close the s.250(3) question. The correct approach is to assess SMF holders against the functional test explicitly — the answer is usually that they also meet s.250(3), but the reasoning should be on the record so the firm has demonstrated deliberate assessment rather than assumed cover. More importantly, SMF approval says nothing about whether individuals outside the SMF population meet the s.250(3) test.
Are there individuals who are inside SM&CR but outside Section 250 scope?
Yes, though less common. Some Certification Regime holders — identified because they could cause significant harm to consumers or markets — exercise a specific, bounded function that does not amount to playing a significant role in managing a substantial part of the organisation's activities. The tests are independent. The mapping runs in both directions: some SM&CR-covered individuals may fall outside s.250(3); many s.250(3)-caught individuals will fall outside SM&CR.
What should a firm do if PS26/6 changed its SM&CR population?
Re-run the Section 250 gap analysis using the updated SM&CR register as the baseline. The core task is unchanged: identify everyone who meets the s.250(3) functional test, cross-reference with current SM&CR coverage, and document the gap. Because PS26/6 reduced the certified population, some individuals previously covered by certification may no longer appear on the register — which does not change whether they meet s.250(3).
CoverProof cross-references your SM&CR register against the s.250(3) functional test and identifies individuals who fall in the gap. Run the free FRN check to see your firm’s starting position.