Beyond Economic Crime: UK Corporate Criminal Liability Expanded

From 29 June 2026, organisations will face potential criminal liability in the UK where senior employees commit any criminal offence under UK law. Under section 250 of the Crime and Policing Act 2026, where a “senior manager” commits any criminal offence under UK law whilst “acting within the actual or apparent scope of their authority”, the organisation will also commit that offence. This development will significantly expand the scope of corporate criminal liability in the UK. Organisations with operations in the UK will face a heightened risk of criminal investigation and increased scrutiny of their governance and compliance frameworks. Those businesses should consider acting now to reassess criminal risk across all business areas and update governance and compliance frameworks to address the risks specific to their business.

Headlines

• UK corporate criminal liability significantly expanded: Organisations will face potential criminal liability for any UK crime committed by senior employees, not just economic crime offences.  
• Uncertainty over how the offence will be applied in practice: The meaning of key terms “senior manager” and “actual or apparent scope of authority” is uncertain and likely to be contested in future litigation.
• How to prepare: Organisations should consider strengthening existing compliance frameworks to identify and mitigate criminal risks across their businesses.

Existing corporate criminal liability landscape

The scope of corporate criminal liability in the UK has been significantly expanded in recent years. The ways in which organisations can be held criminally liable for the acts of their employees now include (a) certain “failure to prevent” offences (read our previous alerts UK Government Details Proposed “Failure to Prevent Fraud” Offence and UK Government Publishes Guidance for Companies on the New Failure to Prevent Fraud Offence); and (b) a statutory attribution test, whereby the criminal acts of “senior managers” are attributed to the relevant organisation.

In particular, since December 2023, organisations can be held criminally liable for a range of UK economic crime offences (including bribery and fraud) committed by “senior managers”, provided those managers were “acting within the actual or apparent scope of their authority”[1]. In practice, this should make it easier to prosecute organisations for economic crime in the UK, because prosecutors no longer need to prove that the offence was committed by the “directing mind and will” of the organisation.   

Liability for all crimes

From 29 June 2026, organisations will face potential criminal liability for any UK crime[2] committed by a “senior manager” “acting within the actual or apparent scope of their authority”. Such liability will no longer be restricted to economic crime offences.

Potentially relevant offences could include, depending on the nature of the business, environmental offences (e.g., unlawful emissions or pollution); data protection breaches (such as unlawful obtaining or disclosure of personal data); immigration offences; modern slavery or human trafficking offences; and computer misuse (for example, unauthorised system access in a commercial context).

All companies and partnerships will generally be in scope, regardless of size or where they are incorporated. Organisations will be prosecuted for the underlying offence itself, not the failure to prevent it. Unlike with the “failure to prevent” offences, there will be no defence based on “reasonable procedures”, although robust compliance frameworks will remain key for several reasons (see below).

Areas of uncertainty

Prosecutors will need to establish both that the relevant employee was a “senior manager” and that they committed the relevant offence whilst “acting within the actual or apparent scope of their authority”. There is limited guidance on these terms, and their meaning is expected to be contested in future litigation.

Organisations should be mindful that the test for identifying a “senior manager” will be applied on an individual basis and will be a question of fact and function, not title. In practice, the term may capture a broad group, including business unit heads, function leads (e.g., operations or compliance), and others exercising meaningful decision-making authority.

Further, the provision is not directed at any and all wrongdoing by a senior manager. In practice, it seems likely that prosecutors and courts will need to assess whether, and the extent to which, the conduct in issue was connected to the senior manager’s functions and decision-making remit. Actions or conduct undertaken in a purely personal capacity are unlikely to give rise to corporate liability. However, organisations may find it harder to rely on internal limits on authority where, in practice, the individual was permitted to operate as though they had broader authority.

How to prepare

Whilst we will need to wait and see how prosecutors seek to use the new legislation, this development will certainly increase the risk that organisations will be investigated and, potentially, prosecuted for criminal misconduct by senior employees.

Although organisations will not benefit from a statutory defence of “reasonable procedures”, robust and effective compliance frameworks will remain key to minimising the risk of criminal misconduct by staff and associated corporate exposure. In the event of serious misconduct, such frameworks should also act as valuable mitigation when prosecutors come to evaluate whether there is a public interest in bringing a prosecution.

To strengthen compliance frameworks now, organisations should consider:

• revisiting existing risk assessments to identify the key potential criminal risks across their business and updating relevant policies and procedures to address such risks;
• training all employees (not just senior management) on how to identify the key risks in their business area, and familiarising those staff with relevant policies and procedures, and company expectations;
• actively monitoring for compliance with policies and procedures in higher risk business areas, where feasible; and
• ensuring that employees know who to report potential misconduct to internally and to do so in a timely manner, so that the organisation can try to contain the issue as quickly as possible. 

If you have any questions, please contact the authors of this alert.

Emma Masters-Oca, London Trainee Solicitor, contributed to the drafting of this alert.

[1] Under section 196 of the Economic Crime and Corporate Transparency Act 2023.

[2] Excluding a limited number of offences for which an organisation cannot be held liable under UK law.