Section 250 doesn't stop at your own payroll. When you rely on a sub-adviser, an outsourced compliance function or a key introducer, their senior managers sit inside your risk picture too. Here's what to request from them, and what to keep.
Why counterparty compliance matters under Section 250
Section 250 of the Crime and Policing Act 2026 attributes a senior manager's criminal offence to the organisation itself. Under s.250(1), where a senior manager of a body corporate or partnership commits an offence under the law of England and Wales, Scotland or Northern Ireland while acting within the actual or apparent scope of their authority, the organisation also commits that offence. The scope is not limited to offences in the Act. It reaches any UK criminal offence committed by a qualifying senior manager in that capacity.
That framing has consequences beyond your own staff. If a sub-adviser manages your clients' assets, or an outsourced function runs part of your compliance, the people directing that work may meet the s.250(3) "senior manager" test in relation to activities that touch your firm. Their exposure does not become your criminal liability automatically, but it does sit inside your risk perimeter. A board that has documented its own gap analysis but ignored a material third party has a visible hole in its evidence.
The defensible position is simple. For each significant counterparty, hold written confirmation that they have done their own Section 250 work.
Who counts as a significant counterparty?
The test is influence over your FCA-regulated activities, not the size of the invoice. Section 250(3) defines a senior manager as an individual who plays a significant role in the making of decisions about how the whole or a substantial part of an organisation's activities are to be managed or organised, or in the managing or organising of the whole or a substantial part of those activities. A third party becomes significant when the people running it could meet that test for work that forms a substantial part of your regulated business.
In practice that usually means sub-advisers and delegated portfolio managers, outsourced compliance or risk functions, introducers or distribution partners with real client-facing authority, and technology providers with operational control over client data or trading systems.
A cleaning contractor or a marketing agency does not meet the threshold. A sub-adviser running £200m of your clients' assets almost certainly does. When you are unsure, ask whether that firm's senior managers could plausibly fall within s.250(3) for work that affects your regulated activities. If yes, treat them as significant.
What to request
Ask the counterparty to confirm in writing that they have: (1) completed a Section 250 gap analysis covering everyone with a significant role in the activities they perform for you, (2) sent declarations to each individual identified in that gap, and (3) produced a board evidence pack recording the analysis and the declaration cycle.
You do not need to read their evidence pack. You need their signed confirmation that one exists and is complete. Keep that confirmation, with its date and the name of the person who gave it, alongside your own pack.
This mirrors the workflow you should already be running internally: gap analysis first, then a declaration cycle for the people it surfaces, then an evidence pack that ties the two together. A counterparty that can describe all three steps has done the work. One that cannot has not.
Handling non-responses and refusals
Set a clear window. Ten business days is reasonable for a written confirmation, and if it passes, record the chase rather than letting it drift.
A refusal is a different signal from silence. A counterparty that actively declines to confirm its Section 250 status before 29 June 2026, the date s.250 comes into force, is telling you something about the relationship. Escalate it to your board and legal team and assess the risk on the record.
Keep the whole exchange. Every request, reminder and response belongs in the audit trail, because the question a court or regulator asks later is not only "were you covered" but "what did you do about the firms you relied on". CoverProof runs this cycle for you: it sends the requests, tracks who has replied, and logs each chase as part of your evidence.
Related articles
Ready to identify your Section 250 exposure?
Import your SM&CR register, run your gap analysis, and download a PDF/A-3B evidence pack. First analysis is free.
Start Free Gap Analysis →Sources
- Crime and Policing Act 2026, s.250www.legislation.gov.uk/ukpga/2026/20/section/250
- FCA Registerregister.fca.org.uk/