Section 250 of the Crime and Policing Act 2026 attributes criminal conduct by a "senior manager" to the organisation they help run. The s.250(3) test for who qualifies reaches well past the SM&CR population, and the scope of offences it captures is not limited to the Act itself. It comes into force on 29 June 2026.
The core provision
Section 250 attributes a senior manager's crime to their organisation. Under s.250(1), where a senior manager of a body corporate or partnership commits an offence under the law of England and Wales, Scotland or Northern Ireland, acting within the actual or apparent scope of their authority, the organisation is also treated as having committed that offence.
Read the scope carefully, because this is where the draft commentary often goes wrong. The offence does not have to be an offence "under the Act". It can be any criminal offence under UK law. The Crime and Policing Act 2026 supplies the attribution rule; the underlying crime can sit anywhere in the statute book.
There is no separate offence here for failing to hold declarations. Section 250 is the mechanism that routes a qualifying senior manager's conduct up to the organisation. And it reaches every UK body corporate and partnership, not just FCA-authorised firms.
What "senior manager" means under s.250(3)
Section 250(3) defines a senior manager as an individual who plays a significant role in (a) the making of decisions about how the whole or a substantial part of the activities of the body corporate or partnership are to be managed or organised, or (b) the managing or organising of the whole or a substantial part of those activities.
That is a functional test. It turns on organisational authority and decision-making scope, not job title or FCA registration. It also reaches every kind of activity the organisation undertakes, not only the regulated or financial ones.
So a chief operating officer, the head of a major business division, or anyone shaping how a substantial part of the firm actually runs can fall inside it, whether or not they hold a Senior Management Function or a Certification role. The wording will be familiar to anyone who has worked with the Corporate Manslaughter and Corporate Homicide Act 2007, which used the same significant-role formulation to identify senior management.
Why 29 June 2026 is a hard deadline
Section 250 comes into force at the end of two months beginning with Royal Assent. The Act received Royal Assent on 29 April 2026, which fixes commencement at 29 June 2026.
There is no commencement statutory instrument to wait for and no regulatory discretion to flex the date. It is set in the primary legislation itself. Only Parliament could move it, and Parliament has not.
A firm that reaches 29 June without a completed gap analysis, a documented declaration cycle, and a board evidence pack is exposed from that date. You cannot backfill compliance after the fact.
What the declaration should contain
A declaration that is just a signature on a form does little to protect the board. The point of the exercise is to show, later and on the record, that the firm identified who fell inside s.250(3) and acted on it.
That means each declaration should be timestamped, tied to a specific gap analysis, and held in a form whose integrity you can demonstrate. A file dropped in a shared drive, with no record of how it was produced, who it went to, or when it came back, gives you almost nothing to stand on if the work is ever questioned.
The practical standard to aim for: immutable records, a clear audit trail, and a documented process from gap analysis to signed declaration.
How the liability differs from SM&CR
Section 250 reaches into criminal liability for the organisation. Because it attributes the senior manager's offence to the body corporate, the organisation can face the criminal consequences of that underlying offence, not just an administrative penalty.
That is a real shift from how accountability usually bites in financial services. The SM&CR Duty of Responsibility under FSMA s.66B is enforced through regulatory sanctions: fines, prohibitions, withdrawal of approval. It is not, in itself, a route to criminal prosecution. (Narrow individual criminal offences do exist elsewhere in financial services law, but they are a separate matter.)
For a board, that changes the character of the task. Working out who meets the s.250(3) test, and keeping documented evidence that you did, is risk management with criminal exposure attached, not a compliance formality.
Counterparty considerations
Because s.250 covers every UK body corporate and partnership, your exposure is not confined to your own payroll. Firms that lean on significant third parties, such as sub-advisers, outsourced service providers, or key introducers, have an interest in whether those parties have identified their own s.250(3) population.
A sensible step is to ask significant counterparties for written confirmation that they have run their own gap analysis, then keep that confirmation alongside the rest of your evidence pack.
Related articles
Ready to identify your Section 250 exposure?
Import your SM&CR register, run your gap analysis, and download a PDF/A-3B evidence pack. First analysis is free.
Start Free Gap Analysis →Sources
- Crime and Policing Act 2026, s.250www.legislation.gov.uk/ukpga/2026/20/section/250
- FCA Registerregister.fca.org.uk/
- FCA — Senior Managers and Certification Regimewww.fca.org.uk/firms/senior-managers-certification-regime
- Corporate Manslaughter and Corporate Homicide Act 2007, s.1www.legislation.gov.uk/ukpga/2007/19/section/1