CoverProof exists because June 29, 2026 is a hard statutory deadline — not a regulatory target date — and no existing compliance tool was built to meet it. We built one.
CoverProof is a compliance SaaS platform for FCA-regulated UK firms. It automates SM&CR gap analysis (identifying individuals who meet the s.250(3) functional test but are not covered by existing SM&CR designations), sends zero-login declarations to uncovered individuals, and generates PDF/A-3B board evidence packs (SHA-256 hashed, designed for business-record admissibility under CEA 1995 s.8–9). It was built specifically for Section 250 of the Crime and Policing Act 2026, which takes effect June 29, 2026.
Section 250 of the Crime and Policing Act 2026 is a corporate attribution mechanism. Where a "senior manager" — defined in s.250(3) by the functional test of playing a significant role in managing or organising a substantial part of the organisation's activities — commits a qualifying offence, the organisation itself is liable. The SM&CR approved-person framework does not cover everyone who meets this test. The gap is the exposure, and the firms most at risk often don't know it yet.
When the Act received Royal Assent in April 2026, compliance teams across the industry faced the same problem: they needed to identify who was uncovered, send them declarations, and produce PDF/A-3B documentation designed for business-record admissibility — and there was no software to do any of it.
CoverProof solves all three. It is purpose-built for the Section 250 compliance workflow — not a generic compliance platform stretched to fit.
Section 250 is written into law on 29 April 2026 with a June 29, 2026 commencement date. FCA-regulated firms face corporate attribution risk when individuals in significant roles outside their SM&CR perimeter commit qualifying offences — an exposure not addressed by existing SM&CR tooling.
After reviewing the FCA register data format, the SM&CR approved-person framework, and the Section 250 statutory criteria, the team determines the gap between "what SM&CR covers" and "what Section 250 requires" can be closed systematically — with a versioned multi-stage classifier (pre-LLM deterministic lookup, routed primary classifier, structured Zod output, SHA-256 prompt fingerprint, mandatory compliance-officer review queue), structured declarations, and PDF/A-3B evidence generation.
The multi-stage classification pipeline identifies Section 250 gaps in a test FCA register extract in under 2 minutes. The PDF/A-3B evidence pack — with SHA-256 hash and immutable audit trail — is verified against the ISO 19005-3 standard.
The platform is available to all FCA-regulated firms. The Professional plan (£299/month) covers a compliance officer at an FCA-regulated firm managing ongoing Section 250 obligations. Firm (£699/month) covers compliance teams managing declarations across multiple sites or FRNs. Enterprise pricing supports multi-entity groups and banking groups with 3+ FRNs.
See the full technical methodology at coverproof.co.uk/methodology.
Every classification is the output of a versioned, multi-stage pipeline. A pre-LLM deterministic lookup short-circuits cleanly-covered cases; the rest route to the primary classifier — Claude Sonnet 4.6 for the default path, Claude Haiku 4.5 for lower-complexity rows — at temperature 0 against a structured Zod schema. Every row carries a methodology version and SHA-256 prompt fingerprint, with input-hash caching for provable equality on re-runs. Medium-confidence rows are deliberately re-sampled three times at non-zero temperature so intra-model disagreement itself escalates the row to review. The pipeline applies the verbatim s.250(3) functional test alongside an SM&CR role taxonomy with explicit routing thresholds. Every Medium- and Low-confidence row routes into your reviewer queue — nothing auto-passes. Pre-merge benchmark suite blocks regressions; nightly drift monitoring catches model-side changes. Full architecture documented at /methodology.
Evidence packs are generated to PDF/A-3B standard (ISO 19005-3) with embedded XMP metadata and SHA-256 cryptographic hashes. The document hash is recorded in the CoverProof database at generation time — you can prove the downloaded file has not been modified since it was generated. These properties are designed to meet the documentation standards required in legal and regulatory proceedings. Courts ultimately determine admissibility — no document format can guarantee that outcome.
Declaration recipients receive a unique, cryptographically random URL. They complete and submit their declaration without creating an account. This eliminates the most common reason for declaration non-response: friction. Completion rates are significantly higher when the barrier is clicking a link rather than creating a login.
When FCA API access is configured, CoverProof cross-references each individual against the live FCA approved persons register — verifying their registration status and SMF function codes against the authoritative source. Bulk import via the FCA Register Extract Service is on the roadmap.
No. CoverProof is a compliance workflow tool, not a legal services provider. We automate the gap analysis, declaration cycle, and evidence pack generation. Your compliance team and legal counsel are responsible for reviewing the AI classifications and confirming your Section 250 strategy.
CoverProof was founded in 2026 by a team with experience in UK financial services compliance technology and AI engineering. The platform is built specifically for the FCA-regulated market.
Data is processed under UK GDPR with appropriate international transfer safeguards. Multi-tenant isolation is enforced at the database layer using PostgreSQL Row Level Security — your firm's data is isolated by design, not configuration.
CoverProof provides compliance workflow software, not regulated financial services or legal services. We are a technology provider. Your firm remains responsible for its own FCA compliance obligations.
The first gap analysis is free. No contract. No setup fee.
Start your free gap analysis