- with Senior Company Executives, HR and Finance and Tax Executives
- with readers working within the Law Firm industries
The Crime and Policing Act 2026 (CPA) significantly expands the scope for criminal liability to be attributed to companies. Under section 250 of the CPA, which came into force on 29 June 2026, a company can be held liable if a senior manager commits any offence while acting within the actual or apparent scope of their authority.
Previously, a company could only be held liable if the offence was committed by its "directing mind and will", which typically meant board-level directors or those exercising ultimate control. The expansion to "senior managers" was first introduced by the Economic Crime and Corporate Transparency Act 2023 (ECCTA) but only in respect of specified "economic crime" offences. The CPA removes that limitation, extending senior manager attribution to cover all criminal offences.
The CPA's reforms to senior manager attribution have several important implications for companies:
- Increased exposure to criminal liability: UK prosecuting authorities have an additional means by which to hold companies criminally liable for the actions of their key decision-makers, which now covers all offences. This change is intended to make it easier to prosecute companies where this was not previously possible and to build on other reforms in recent years, such as the introduction of the corporate offence of failure to prevent fraud.
- Broad definition of "senior managers": Companies may be held liable for the actions of any individual with meaningful decision-making authority. The concept of a "senior manager" in this context will not necessarily be confined to board-level directors or those within scope of any applicable individual accountability regime, and heads of business units, divisional leads, and senior operational managers may all potentially be caught.
- All companies within scope: UK prosecuting authorities can use this attribution route in relation to all companies (bodies corporate and partnerships), whatever their size and wherever they are incorporated.
- No corporate benefit required: There is no requirement to show that the senior manager's actions benefited the company for liability to be attributed to it.
No defence or exemption: There is no corporate defence of "reasonable procedures" where liability is attributed to a company using section 250 of the CPA, and a company may still be held liable even if it was a victim of the offence.
Some uncertainty remains about how UK authorities will use this attribution route in practice. So far, there has been no prosecution using the predecessor provision under ECCTA. In addition, authorities have other 'tools' which can be relied on to hold companies liable, such as specific corporate offences covering particular areas of conduct (sometimes on a strict liability basis) and, where a prosecution is not deemed necessary or appropriate, civil/regulatory penalty frameworks (which can provide a more time and cost-efficient route to enforcement and may still result in substantial financial penalties).
That said, the CPA reflects a clear legislative intention to make it easier to hold companies criminally liable for the conduct of their senior managers across all types of offences, and companies should not underestimate its significance. The CPA's reforms serve as a useful prompt for companies to consider the adequacy of their risk exposure and control frameworks.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]