The Crime and Policing Act 2026 (“CPA 2026”) received Royal Assent on 29 April 2026, making wide ranging amendments to policing powers and criminal offences in the UK. The Economic Crime and Corporate Transparency Act 2023 (“ECCTA 2023”) introduced a statutory basis for attributing certain economic crimes to companies through the actions of senior managers, and now the CPA 2026 extends that approach to all criminal offences.
Can companies or partnerships be held criminally liable for the acts of their employees?
From 29 June 2026, companies and partnerships can be held criminally liable for any offence committed by a senior manager, acting within the actual or apparent scope of their authority The change in law represents a major shift in the approach to corporate criminal liability and means employers must carefully consider who within their organisation may potentially create criminal exposure.
Unlike previous reforms that were focused on economic crime, the new law applies to all criminal offences capable of being committed by a corporate body. Therefore, the potential exposure extends beyond fraud and financial misconduct and may include areas such as health and safety, environmental compliance, regulatory breaches, employment related offences and other operational risks.
For employers, the issue is not just about corporate liability. It is also about understanding who exercises significant managerial authority; how those individuals are supervised; and whether existing arrangements adequately address the risks created by senior decision makers.
Who is a Senior Manager?
A key issue for employers will be identifying who falls within the statutory definition of a senior manager. The test focuses on an individual’s role and responsibilities, rather than their job title. A “senior manager” is someone who plays a significant role in:
- The making of decisions about how the whole or a substantial part of the activities of a body corporate or partnership are to be managed or organised; or
- The actual managing or organising of the whole or a substantial part of those activities.
This requires a substantive assessment of the authority an individual has in practice and not just what their job description may say. Employers should therefore look beyond organisational charts and job titles. A practical and detailed review of reporting, delegated authority, decision making responsibility and operational control may be needed to identify who can materially affect how a substantial part of the business operates. Those individuals may now create a route to corporate criminal liability.
The definition of a senior manager is no longer not limited to board members, nor does it not depend on remuneration, qualifications or formal status. Depending on the organisation’s structure, those within scope could include:
- divisional leaders;
- regional managers;
- heads of business departments;
- operational directors;
- senior functional leaders; and
- other employees who exercise significant influence over a substantial part of the organisation’s activities.
For many employers, the main challenge will be identifying the wider senior management team. In larger organisations, decision making authority is often delegated across different business areas, meaning individuals who are responsible for major functions, regions or business units may have significant influence even if they are outside the formal leadership structure.
How do Companies protect against Corporate Criminal Liability?
There is no specific defence under ECCTA 2023 or the CPA 2026 where a senior manager commits an offence while acting within their actual or apparent authority. A company or partnership could also be prosecuted, even if it did not directly approve the conduct of the Senior Manager.
Therefore, strong policies, training and oversight will still help reduce risk and show that the organisation takes misconduct seriously. They may also help the organisation argue that prosecuting the company would not be in the public interest, especially where it has taken proper steps to prevent wrongdoing by senior managers.
What are the implications for Employers of the Crime and Policing Act 2026?
This introduction of the new policy creates a closer link between employment, governance and criminal risk management. HR teams should consider whether existing processes adequately address the responsibilities of individuals who may fall with the senior management definition. This may include:
- Conducting a risk assessment to determine which offences are potentially within scope (areas such as health and safety, environment and data protection are all likely to be of concern).
- Updating any compliance procedures to reflect the changes.
- Carrying out extensive due diligence for those in senior positions and all stages of promotions.
- Mapping senior management roles, establishing who is a senior manager and the extent of their delegated authority.
- Having an incident response plan in place, including procedures for internal investigation, escalation and reporting.
- Increase training for those who might qualify as a senior manager and cover risks under the ECCTA 2023 and the CPA 2026, with clear documentation.
Where allegations involve a potential senior manager, the implications may extend beyond an internal disciplinary issue. Employers will need to consider the possibility of regulatory scrutiny, law enforcement involvement and potential corporate exposure.
What Should Employers Do?
Employers should consider taking the following steps:
- Identify potential senior managers
Review who exercised significant managerial responsibility, looking beyond job titles and formal reporting structures.
- Review delegated authority arrangements
Ensure that decision making responsibilities and accountability are clearly documented.
- Update training and risk assessment processes
Provide targeted guidance to senior managers regarding their responsibilities and the potential consequences of misconduct.
- Review investigation procedures
Ensure that allegations involving senior managers are escalated appropriately and managed with consideration of potential corporate exposure. Ensure HR teams have created clear processes to identify and respond to conduct that may create a criminal risk.
The Crime and Policing Act 2026 places senior managers firmly in the spotlight. The most significant challenge for employers will be understanding what decisions and actions, or Senior Managers may now expose the organisation to criminal liability. It is important to reassess delegated responsibility; clarify accountability; and ensure that employees are properly trained for their roles.
Simon deMaid comments:
The CPA 2026 is likely to prompt many employers to review who they see as a ‘Senior Manager’. The legal definition is far broader than many organisations expect. The key is to identify where significant decision-making authority exists within an organisation and ensuring that the appropriate checks and balances and oversight of those individuals is in place. For all businesses, this exercise should start now.
If you need help with drafting or updating policies and procedures, please contact a member of the team here.
The information on this site about legal matters is provided as a general guide only. Although we try to ensure that all of the information on this site is accurate and up to date, this cannot be guaranteed. The information on this site should not be relied upon or construed as constituting legal advice and Howes Percival LLP disclaims liability in relation to its use. You should seek appropriate legal advice before taking or refraining from taking any action.
