UK corporate criminal liability: what’s changing?
Wider scope for senior manager attribution
On 29 June 2026, the rules for prosecuting corporate bodies and partnerships in the UK will change. This reform materially reshapes the corporate criminal risk landscape and extends well beyond economic crime.
The old 'directing mind and will' test made prosecuting larger or decentralised organisations very difficult. Prosecutors had to pin the offence on a board director or top executive.
The Economic Crime and Corporate Transparency Act 2023 introduced a senior manager test for certain economic crimes, under which the conduct of a senior manager could be attributed to the organisation. S.250 of the Crime and Policing Act 2026, which received Royal Assent on 29 April this year, replaces that provision. It extends the senior manager attribution model across UK criminal offences more broadly. Now within scope are offences including those:
- Under the Modern Slavery Act 2015, the Data Protection Act 2018 and the Computer Misuse Act 1990.
- Relating to health and safety.
- Involving assault or bodily harm.
Importantly, unlike the corporate 'failure to prevent fraud' offence, this change applies to organisations of all sizes.
Three important implications for organisations
The senior manager population may be bigger than people think. The statutory test is on the nature of the role, not the title. The statutory definition covers anyone who plays a significant role in making decisions about, managing or organising all or a substantial part of the organisation's activities.
There’s no reasonable procedures defence. Unlike the 'failure to prevent fraud' offence, s.250 gives the organisation no statutory defence. If a senior manager commits an offence within the scope of their authority, the organisation commits it too, and a compliance framework won't provide a defence.
Unlike ‘failure to prevent fraud’, it doesn’t matter whether the offence is intended to benefit the organisation. A senior manager who commits a data protection offence, environmental offence or who relies on forced or compulsory labour in the operations they run, can expose the organisation to liability.
Five immediate priorities for organisations
Identify your senior managers
Assess each individual’s role, influence and decision-making authority in practice, rather than relying on job titles or the organisational chart. Document the assessment and reasoning, as the quality of the process will be considered if it’s later scrutinised.
Refresh the risk assessment
Existing fraud risk assessments may not be enough to protect the organisation. The issue is no longer confined to who holds certain roles, but where a senior manager could realistically commit a UK criminal offence within the scope of their authority.
Review policies, procedures and controls
Schedules of authority, role descriptions, approval limits and committee terms of reference may all be examined in an investigation. Reviewing and updating relevant policies, procedures and internal controls could help prevent issues.
Invest in compliance that shapes outcomes
A credible compliance and risk programme still matters. Charging decisions are made in the public interest, and an organisation that took the risk seriously may be in a stronger position to argue that the case should focus on the individual.
Have an investigations response ready
If an issue is identified, the quality and speed of the internal investigation may shape whether the matter ends in prosecution, civil enforcement or no action at all.
What do organisations need to consider?
This new legislation is unlikely to transform corporate prosecutions overnight, but it removes long-standing structural barriers to prosecuting organisations and changes the shape of corporate criminal risk.
Organisations that have invested in fraud and bribery compliance but not in wider conduct risk may find themselves more exposed than they expect. With commencement fast approaching, the most effective steps will be proportionate, time-bound and achievable.
We can help you assess what this change means for your organisation, identify where exposure may sit and prioritise practical steps to strengthen governance, controls and investigation readiness. To find out more about what your organisation should do, please contact Nick Gilbey or your usual RSM contact.