Corporate criminal attribution for UK senior managers

The Crime and Policing Act 2026 received Royal Assent on 29 April 2026 and makes wide-ranging amendments to policing powers and criminal offences in the UK.

Most notably for corporates, it significantly extends the UK’s current law on corporate criminal attribution so that corporates can be criminally liable for any offence committed by their senior managers. This marks a wholesale and seismic change to UK corporate criminal law.

Prior to recent reforms to the law, when an individual committed a criminal offence, it could generally only be attributed to the corporate if the individual was the “directing mind and will” of the corporate. Within complex modern corporates, it was often very challenging for law enforcement authorities to establish this type of liability.

The Bribery Act 2010 was the start of a change to corporate criminal attribution in the UK. The law in this area was later expanded by the Economic Crime and Corporate Transparency Act 2023 (ECCTA). Section 196 of ECCTA created a new law of corporate criminal attribution, under which a corporate would be liable for a criminal offence where a “senior manager” committed a qualifying criminal offence while acting within the actual or apparent scope of their authority. However, the qualifying offences under ECCTA were limited to certain economic crimes, such as fraud and money-laundering offences.

The reforms in the Crime and Policing Act significantly broaden the changes made by the ECCTA and aim to make it easier for law enforcement to hold corporates criminally liable. We outline below what this means and what businesses need to know about this new liability ahead of the new liability regime coming into force on 29 June.

Who is a senior manager?

A senior manager is an individual who plays a significant role in:

• the making of decisions about how the whole or a substantial part of the activities of the body are to be managed or organised; or
• the actual managing or organising of the whole or a substantial part of those activities.

Assessing whether someone is a senior manager requires a substantive assessment of whether they meet the above criteria.  It is not only determined by the individual’s title, remuneration, qualifications or employment status. Senior management typically includes a company’s directors and other senior officers, such as the chief financial officer (CFO) or chief operating officer (COO). 

However, the definition of senior manager goes beyond those in an executive or board function role and will include others who have significant roles in relation to a substantial part of the organisation’s activity.

Do companies have a defence?

There is no specific defence provided for in either ECCTA or the Crime and Policing Act. If a senior manager has committed the offence, the organisation can also be prosecuted. It does not matter if the senior manager was not expressly authorised by the business to carry out the criminal conduct provided the offence was the type of act that fell within their authority – for example, a CFO committing fraud by deliberately making false statements about the company’s financial position.

Unlike other extensions to corporate criminal liability, such as the failure to prevent fraud offence also imposed by ECCTA, there is no defence if the organisation has reasonable procedures in place to prevent a senior manager committing an offence. There is also no need for law enforcement to show that the senior manager intended to benefit the corporate through their actions.

However, prosecutions must be in the public interest and a company that strives to prevent offending by senior managers will be better placed to submit that prosecutors should focus on individual liability and that a prosecution of the company is not in the public interest.

What should businesses do now?

To date, there have been no prosecutions of corporates under ECCTA, but these changes to the law signal an appetite to increase enforcement in this area. 

Many businesses will already have taken steps to prepare for the failure to prevent fraud offence introduced by ECCTA from 1 September 2025, including undertaking fraud risk assessments and enhancements of their compliance programmes targeted at fraud risks.  However, they may not have carried out an equivalent assessment and review for the risks posed by senior managers.

The changes to corporate criminal attribution under the Crime and Policing Act will apply from 29 June 2026, meaning that all offences that take place on or after that date will fall under the new corporate criminal liability regime. From then, UK businesses will be vicariously and criminally liable for the actions and intentions of their senior managers when their misconduct constitutes an offence.

With just two months to prepare, the steps that businesses can take now to mitigate the risks posed by senior managers include:

• identifying who might qualify as a senior manager by considering the individuals’ role in the business regardless of job title, remuneration and employment status;
• incorporating into future risk assessments the risks of senior managers committing criminal offences while acting within the actual or apparent scope of their authority;
• carrying out due diligence on those in senior manager positions, both in the hiring and promotion stage;
• reviewing the authorities and responsibilities of senior managers, to ensure these are appropriate for their role and clearly documented; and
• ensuring that those who might qualify as a senior manager receive appropriate training that covers the new risks under ECCTA and the Crime and Policing Act.

Businesses should also continue to enhance their compliance programmes to reduce potential opportunities and incentives for employees to commit offences, including having clear whistleblowing processes in place.