In recent years, the United Kingdom has become increasingly aggressive in its approach to holding corporate persons criminally liable for the acts of their employees. Proposals in the new UK Crime and Policing Bill 2025, which is currently passing through Parliament, advance this trend further, creating criminal liability risk for corporate persons worldwide.
These proposals follow the recent creation of a new prosecutorial taskforce by the UK, France and Switzerland. The taskforce will focus on international financial crime (particularly corruption) and is widely viewed as a counter to the US pause on enforcement of the Foreign Corrupt Practices Act of 1977 (See, "US Halt on Foreign Anti-Corruption Enforcement Prompts New European Taskforce").
The Current Position
There are three broad doctrines under which corporate persons may currently be liable for criminal conduct in the UK: (i) the Identification Principle; (ii) strict liability for some "failure to prevent" statutory corporate offences and (iii) the "senior manager" test for some economic crimes.
Identification Principle
The oldest of these doctrines is liability under the "Identification Principle." To convict a company of a criminal offence, it must be established that the "directing mind and will" of the organisation is behind the offence (Lennard's Carrying Co Ltd v Asiatic Petroleum Co Ltd [1915], see also Tesco v Nattrass [1972]). Generally, this would be limited to directors or very senior executive management.
A major criticism of the Identification Principle is that larger organisations (with complex corporate governance structures) were often immune by virtue of the senior leadership and board being disconnected from misconduct happening many layers lower in the organisation, making it difficult to determine who is a "directing will and mind".
Failure to Prevent Corporate Offences
In 2010, the UK introduced a new corporate offence of "failure to prevent bribery". This created strict liability for corporate persons where they failed to prevent persons associated with the corporate organisation from engaging in bribery.
Since 2010, three additional "failure to prevent" corporate offences have been created, covering facilitation of tax evasion (UK and overseas — see Criminal Finances Act 2017, s. 45 and s. 46) and, most recently, a "failure to prevent fraud" (see Economic Crime and Corporate Transparency Act 2023 (ECCTA), s. 199).
'Senior Manager' Regime for Economic Offences
In 2023, the UK passed the ECCTA which, in addition to the new failure to prevent fraud offence, extended criminal responsibility for corporate organisations under a new "senior manager regime" (not to be confused with the Senior Manager Regime (SRM) for financial sector regulated businesses).
The senior manager regime makes corporate persons responsible for certain types of financial criminal conduct (e.g., fraud, money laundering, bribery, false accounting, tax evasion, sanctions evasion) committed by their "senior managers" while acting in the scope of their actual or apparent authority.
The test for senior managers is broad and relies on the role, responsibilities and managerial influence of the individual rather than their title. A "senior manager" is defined as any person who plays a significant role in (i) the making of decisions about how the whole or a "substantial part" of the activities of the company are to be managed or organised, or (ii) the actual managing or organising of the whole or substantial part of those activities.
Proposals Under the Crime and Policing Bill 2025
The new Crime and Policing Bill, currently at Committee stage in the House of Commons, expands the senior manager regime described above to cover all criminal offences, not just the listed economic offences in the ECCTA.
If passed, this will materially expand corporate criminal liability, making companies effectively vicariously liable for the conduct of their "senior" employees. The "Senior Manager" test in the Crime and Policing Bill is identical to that in ECCTA.
Identifying which employees meet this test is difficult. Until we have judicial precedent (and none is currently expected), it will remain unclear which employees are Senior Managers for the purpose of managing this risk.
The Explanatory Notes attached to the Crime and Policing Bill (Explanatory Notes) observe that the definition of a "senior manager" covers both those in direct chain of management and those in strategic or regulatory compliance roles, and would normally include directors, senior officers (CFO, COO), some human resources functions. The Explanatory Notes also add that "senior management" is not limited to individuals who perform an executive function or are board members but covers an individual "who falls within the definition irrespective of their title, remuneration, qualifications or employment status".
The test also refers to the senior manager "acting within the actual or apparent scope of their authority." It remains to be seen how the "scope of authority" will be assessed, whether it will be based on an objective or subjective test, the evidence that will be required to prove that point, etc. That being said, the more senior an employee is, the more likely they will be assumed to have acted within their authority.
The Explanatory Notes remark that "acting within the actual or apparent scope of their authority" does not mean that the senior manager must have been authorised to carry out a criminal offence. Instead, it would be enough if the act (i) is of a type that the senior manager is authorised to undertake or (ii) is ordinarily undertaken by a person in that position. The following example is provided: If a CFO commits fraud by deliberately making false statements about a company's financial position, the company would be liable for the offence because the act of making statements about a company's financial position is within the scope of that person's authority.
While it is not clear how companies might become liable for certain criminal offences committed by senior managers (for example, offences against the person, such as assault), there may be other offences that could increase the risk of liability for the company. For example, if a person, acting within their authority as a senior manager, commits offences under the environmental, health and safety, data protection, or competition legislation.
In practice, this question may not arise; many corporates will not want to risk criminal proceedings and will either choose to plead guilty and pay a financial penalty or seek to enter into a Deferred Prosecution Agreement — for those offences where that route is available. The outcome is uncertain. If adopted, this new Crime and Policing Bill will raise further difficulties for companies in creating an effective compliance programme.
Extraterritoriality
The UK regime applicable to corporate liability can pose real challenges, not only to companies incorporated in the UK, but also to foreign organisations.
The "senior manager" regime (both in the ECCTA and in the proposed Crime and Policing Bill), and the failure to prevent fraud offences may expose foreign corporations to criminal liability if any part of the offence occurs in the UK, or if the victim or intended victim is a UK person.
This can be particularly problematic for "conduct" offences, like fraud, where the offence is committed when the conduct is completed (i.e. at the point of a dishonest and false representation), rather than when the harm occurs. For frauds directed generally at the public, the risk of a UK person being a potential victim is significant. For large corporates publishing corporate materials, the assumption will need to be that a UK person may be a recipient.
Conclusion
The proposed expansion of corporate liability in the UK, is broad and hard to manage for organisations of all sizes. Many organisations outside the UK may not understand their exposure until they have an issue.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
