Crime and Policing Act 2026: A major shake up in corporate criminal liability

Background

The Crime and Policing Act 2026 (“the Act”) received Royal Assent on 29 April 2026. It is significant legislation that will have wide-ranging implications for organisations from 29 June 2026.

The Act covers an array of topics, and one section that will be of particular significance for organisations is Section 250, which will extend corporate criminal liability for the acts of senior managers acting within their actual or apparent authority to all criminal offences.

The Identification Doctrine

Throughout the 20th century, corporate criminal liability was governed by the principle that a company would only be held liable for acts of those who constitute its “directing mind and will”, also known as the identification doctrine. This, in practice, was usually confined to members of the board, but would prove difficult for large organisations with complex structures, where much of the decision making is decentralised, making prosecution under the “directing mind and will test” increasingly difficult.

This was famously demonstrated in the case of SFO v Barclays PLC [EWHC 3055] which emanated from the 2008 global financial crises, where Barclays were charged, by the UK Serious Fraud Office (“SFO”), with counts of conspiracy to commit fraud in relation to commission payments to investors. However, the prosecution failed as it could not be shown that the CEO and CFO demonstrated the directing mind and will of the company. Barclays successfully argued, amongst other things, that the “directing mind and will” of the company comprised of the entire Board of Directors, who had not delegated their authority to the specific defendants who had committed the acts. This highlights the difficulties with prosecution using “directing mind and will”.

Senior Manager Test under ECCTA

This provision was expanded by Section 196 of the Economic Crime and Corporate Transparency Act 2023 (“ECCTA”), which states that if a “senior manager” of a body corporate or partnership (“the organisation”) acting within the actual or apparent scope of their authority commits an economic crime offence, an organisation is also found guilty of the offence. Whilst this legislation undoubtedly extended corporate criminal liability, it only related to specific economic crimes.

Senior Manager Test under the Act

Section 250 of the Act adopts the same approach as ECCTA but significantly expands the provisions to the commission of any criminal offence by a senior manager, retaining its definition, acting within the scope of their apparent or actual authority.

This means that an organisation can now be prosecuted for any criminal offence that is carried out by a senior manager, so long as that manager is acting within their authority, or apparent scope of authority, subject to limited exceptions.

What does this mean for my organisation?

The dial in corporate criminal liability has now changed. Whilst there are thousands of common law and statutory criminal offences, we expect to see organisations at risk of prosecution in certain areas where there will be a business interplay. For example, data protection offences, competition law offences, harassment offences or environmental offences that can be committed by individuals may now expose their organisation to criminal liability.

However, those persons must be “senior managers” which will relate to individuals who play a significant role in the making of decisions about how the whole or a substantial part of the activities of the organisation are to be managed or organised, or a significant role in the managing or organising of the whole or a substantial part of those activities. It will be a matter of judicial or jury interpretation on who will constitute a senior manager, but we expect it would encompass a wide group of people in any organisation.

What can my organisation do?

We have not seen a shift in corporate criminal liability for 50 years. In the course of 3 years, legislation has now expanded corporate criminal liability across all areas of criminality attributable to conduct of senior management.

We would recommend that in the first instance, an organisation undertakes a review of who would form part of their senior management team under the test. Once identified, risk assessments should be conducted to identify risks of criminal activity within management. Policies and procedures may need to be reviewed in light of key legislative changes described in this article, and training introduced.

We would recommend undertaking a review of your incident response / crisis control procedures to ensure that there is robust governance in the event criminality is suspected or uncovered relating to senior management. If there is suspicion, a protective legally privileged internal investigation will ensure you have time as an organisation to investigate without fear of disclosing key materials to third parties including law enforcement and can inform key strategies moving forward.