Contact us

Search

A new era of corporate criminal liability: The Crime and Policing Act 2026

read time: 5 mins read time: 5 mins
22.05.26 22.05.26
<a href="/our-people/ian-manners">Ian Manners</a>, <a href="/our-people/zoe-hunt">Zoe Hunt</a>, <a href="/our-people/karl-taylor">Karl Taylor</a> Ian Manners, Zoe Hunt, Karl Taylor

The Crime and Policing Act 2026 (the CPA) received Royal Assent on 29 April 2026. A key provision comes into force on 29 June 2026, marking a significant shift in the UK’s approach to corporate criminal liability.

Section 250 of the CPA will introduce a new statutory route to corporate liability for all criminal offences, allowing for prosecution of a company where a senior manager within that company, acting under the actual or apparent scope of their authority, commits a criminal offence under UK law. The reform materially lowers the threshold for corporate prosecutions and expands exposure across all sectors and is an additional tool for prosecutors to use alongside their existing powers.

The identification doctrine and the introduction of senior management liability

Historically, corporate liability in England and Wales has been governed by the common law “identification doctrine”. Under this principle, a company could only be convicted where it was determined that the individual carrying out the offence, constituted the “directing mind and will” of the company.

As corporate structures grew and became more complex, the doctrine made it increasingly difficult to attribute criminal liability to companies in practice, creating a perceived enforcement gap.

The first substantive step to address this came with Section 196 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) which allows prosecution of companies where a “senior manager” commits certain economic offences (such as fraud or false accounting) within the actual or apparent scope of their authority. In such cases, the prosecutors can treat the company as also having committed the offence.

What changes under the Crime and Policing Act 2026?

Where previously, the senior management route to corporate liability under ECCTA was limited to specific economic crimes, Section 250 of the CPA extends the approach introduced under Section 196 ECCTA, applying the senior management attribution model to all criminal offences, not just economic crimes.

This means that where a senior manager commits a criminal offence under UK law, acting within the actual or apparent scope of their authority, the company itself may be held liable for the offence. This creates a new statutory route to corporate liability, independent of the identification doctrine.

Central to such liability are the concepts of “Senior Manager” and “Actual” or “Apparent” Authority. The definition of ‘Senior Manager’ is replicated from Section 196 ECCTA and includes any individual who plays a significant role in:

  1. The making of decisions about how the whole, or a substantial part, of the organisation’s activities are managed or organised; or
  2. The actual managing or organising of those activities.

Importantly, this is fact sensitive and not determined by job title, meaning it is not just a company's board of directors and senior executives that may fall within scope depending on their actual responsibilities and it could also include others who have significant responsibility in relation to the running of the business, such as divisional heads of 'substantial' parts of the organisation's business.

In addition, there is a requirement that the offence be committed within the Senior Manager’s “Actual” or “Apparent” authority. Where actual authority captures actions clearly within the scope of the individual’s role, the inclusion of apparent authority introduces considerable uncertainty and significantly widens potential exposure as it is likely to capture situations where the individual appears to be acting on behalf of the organisation but are acting beyond their formal powers. For example, where a third party perceives the acting individual to have authority which is not officially within the scope of their responsibilities.

With prosecutions likely to turn on the interpretation of these key phrases, the definition of “Senior Manager” and “Apparent Authority” are expected to become a key area of dispute in future prosecutions and companies should keep up to date with any future guidance and/or case law which provides clarity around the definitions.

Practical Impact

Unlike ECCTA, the new regime is not limited to economic offences but applies across the full spectrum of criminal law and means companies may now face prosecution for a much broader range of criminal offences which may have previously fallen outside the usual scope of business misconduct.

Notably, the provisions may extend liability to offences which have historically been difficult to attribute to corporate entities. For example, if a senior manager carries out acts which pervert the course of justice, such as the destruction of documents relevant to a regulatory investigation, the organisation itself may now face prosecution under Section 250.

Central to the introduction of Section 250 is the new ease at which prosecutors can find a company liable for regulatory offences, in cases where the Senior Manager has acted with actual or apparent authority. For example, if a senior manager, whose role encompasses responsibility for workplace safety or environmental compliance, commits an offence while exercising their actual or apparent authority, that offence will be attributed directly to the company.

Unlike some corporate offences, the CPA is not limited by size or turnover and applies to all organisations, across all sectors, regardless of size.

No “Reasonable Procedures” Defence

Importantly, there is the absence of a statutory defence (Section 250 is subject to some territorial  exclusions). Where the “failure to prevent fraud” offence under ECCTA allows for a defence where the company can prove that it had reasonable procedures in place to prevent the fraud, Section 250 does not allow for any such defence.

Whilst robust governance, training and controls remain highly relevant to sentencing and whether prosecution is in the public interest, they do not constitute a defence.

Action to take

In advance of Section 250 of CPA coming into effect, organisations should consider taking the following steps:

Identify individuals who are likely to fall under the definition of ‘Senior Managers’ and ensure that the scope of their roles, responsibilities and decision-making is clearly defined and documented. 

Ensure clarity around actual and apparent authority, particularly in areas involving regulatory, operational or compliance risk. 

Ensure that Risk Assessments cover exposure to all criminal offences, including ‘non-financial’ areas such as health and safety, environmental and regulatory compliance. Consider how risks are identified, escalated and monitored so that prompt investigations can be conducted where criminal misconduct is suspected. 

Existing policies, procedures and internal controls should be reviewed and updated to ensure that they are effective in preventing, detecting and responding to criminal conduct by senior managers and others. Central to this is ensuring a strong whistleblowing policy which is communicated to all employees. 

Provide enhanced training for senior managers and relevant staff on the expanded scope of corporate liability, covering the full range of potential offences and the implications of acting within actual or apparent authority. 

Ensure appropriate due diligence is undertaken in relation to senior appointments, acquisitions and third-party relations.

Foster a strong compliance culture, leading with example from the top. 

 

The introduction of Section 250 under CPA marks a shift in the UK’s approach to corporate liability, exposing organisations to greater enforcement risk. Whilst there is no ‘reasonable procedures’ defence available, putting in place a strong governance structure which clearly delineates responsibilities, embeds effective controls and fosters a robust compliance culture will be critical in mitigating risk and demonstrating to the regulator that it takes its legal responsibilities seriously. 

If you have any questions on how the change in law will affect your organisation, contact Ian Manners (Partner and Head of Business Risk and Regulation). 

Please note that this article is intended to be for general information purposes only, and it may not cover every aspect of the topic with which it deals, and should not be relied on as legal advice or as an alternative to taking legal advice. 

Related services

Legal Services
Business Risk & Regulation
Corporate

Related news & insights

View all
Sustainability Cycle Concept Green Circle
Client Story

Advising Viridor on strategic investment to support growth and innovation journey
Fergus Baker In Ashfords' Exeter Office
News

Ashfords promotes Fergus Baker to partner in the corporate team
Two Men Looking At A Tablet During A Conversation
Article

UK National Security and Investment Act 2021: proposed changes to mandatory notification sectors explained

Sign up for legal insights

We produce a range of insights and publications to help keep our clients up-to-date with legal and sector developments.  

Sign up