Corporate criminal liability – changes ahead

Upcoming changes to corporate criminal liability (under which a business can become liable for an offence committed by an individual) will bring a much wider range of possible offences within scope.

To mitigate risk, businesses should map their management structure to identify how they would be affected, and a board briefing and targeted training to affected managers are recommended.

Section 250 of the Crime and Policing Act 2026 comes into effect on 29 June 2026 (the legislation having received royal assent at the end of April). By creating potential corporate criminal liability for any offence committed by a senior manager, this provision significantly extends the breadth of corporate criminal liability, although its precise boundaries will only be clarified in practice.

Scope of new corporate liability

Any offence? Not quite: under the new law, where a ‘senior manager’ acting within the ‘actual or apparent scope of their authority’ commits an offence, then the relevant organisation also commits that offence. Clearly, there are two elements here: who is a ‘senior manager’? And then the key determinant for whether the senior manager’s office might trigger corporate criminal liability: was the act within the senior manager’s ‘scope of authority’?

The first element is relatively straightforward: the provision contains a definition of senior manager as ‘an individual who plays a significant role in (a) the making of decisions about how the whole or a substantial part of the activities of the body corporate or partnership are to be managed or organised, or (b) the managing or organising of the whole or a substantial part of those activities’.

This was further discussed in the explanatory note to the draft legislation, which stated that this would normally include directors, senior officers such as the CFO or COO (whether or not on the board), and any others who had significant roles in relation to a substantial part of the organisation’s activity. Thus, although it can be assumed that the board and C-suite would always be within scope, this is a matter of function rather than title, and so some within lower management tiers could in particular cases fall within this definition.

For corporate liability to occur, the manager must then have been acting within the actual or apparent scope of their authority. Actual authority can be either express (for example, contained in a job description or governing documents, or conferred by a company resolution) or implied (activities typically associated with a given role). Apparent authority occurs where the company represents to others that a given person (ie the senior manager) is authorised to act on its behalf (for example, in signing a contract or making a payment). These concepts are much litigated in the context of contract law and agency, and naturally no senior manager would be given authority by the company to go out and commit an offence.

The explanatory note to the legislation suggests that a rather simpler and broader approach may apply here, stating (our emphasis): ‘It would be enough that the act was of a type that the senior manager was authorised to undertake, or which would ordinarily be undertaken by a person in that position.’ Therefore, if the act itself (rather than its commission in a criminal way) was authorised, that would suffice. These notes give the example of a CFO making deliberately false financial statements – this is within the scope of their authority because making financial statements was part of the CFO’s role.

There are no defences available if the elements of the statutory offence are made out. Neither is there a requirement that the act must have benefitted the company to any degree (that question is relevant to certain existing economic crimes), although one might imagine that this factor could be relevant in any decision to prosecute the company itself.

How did we get here?

The new law represents a significant step in the evolution of corporate liability for offences committed by individuals. The common-law position for over a century arising from Lennard’s Carrying Co Ltd has been that liability could only be attributed to the company (the ‘identification principle’) if the relevant individual was the ‘directing mind and will’ of the company or its ’embodiment’.

This test requires a degree of direct control and influence that can more readily be established for smaller businesses where key individuals can be easily identified, but has been criticised as unsuited to larger corporate structures where individuals, even though very senior, did not have that overarching degree of control over the entire business to meet this test, thus creating an enforcement gap for large-scale businesses.

Partly to counter that, the identification principle was codified in the Economic Crime and Corporate Transparency Act 2023 (ECCTA) for a number of ‘economic crimes’ such as false accounting, bribery, money laundering, fraud, etc. ECCTA, like the new legislation, dispenses with the concept of ‘directing mind and will’ and instead attributes liability for relevant offences to the company when conducted by senior managers acting within their actual or apparent scope of authority.

As far as we can tell, there have to date been no published prosecutions of companies under the ECCTA economic crime regime, and so the way in which the question of senior manager authority in relation to criminal acts will be interpreted has not yet been developed, but this is likely to be a critical issue for any prosecutions.

Practical steps

What should companies do? The Crown Prosecution Services’ current guidance on economic crimes (albeit not yet updated for this new wider law) points to a number of public interest factors weighing against prosecution, which include the company:

• adopting a proactive approach when any offending is identified;
• having a genuine and effective corporate compliance programme;
• having lack of prior form for criminal, civil and/or regulatory enforcement issues.

This clearly suggests that maintaining a good record on wider civil and regulatory matters, supported by internal training and a compliance policy that is effective and which is really implemented operationally would be important if a business found itself charged with an offence committed by a senior manager.

To this, a business may also want to chart what tiers of management might fall within the scope of ‘senior managers’ under the legislation, and ensure they receive targeted training on the risks of this new corporate offence.