Legal development

Crime and Policing Act 2026: A new dawn for corporate criminal liability

By Neil Donovan, Judith Seddon, Andris Ivanovs and Tom Stroud

15 May 2026

Share Share
Print
statue
Share
Print

    Section 250 of the Crime and Policing Act 2026 (CAPA) comes into force on 29 June 2026 and will significantly extend the scope of corporate criminal liability in the UK.

    Under CAPA, organisations will be criminally liable if a senior manager commits any criminal offence while acting within the actual or apparent scope of their authority.

    CAPA will repeal the senior manager provisions in section 196 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) – which only covered specified economic crime offences (such as bribery or fraud) – and expand them to apply to a much wider range of criminal offences. See our previous briefings here and here for further background.

    In this article, we explore some of the key implications of this development and the steps organisations should consider taking ahead of CAPA coming into force.

    The Expanded Test

    Who is a "Senior Manager"?

    The definition of "senior manager" is identical to that in ECCTA. A senior manager is anyone who plays a significant role in:

    • decision-making about how the whole or a substantial part of an organisation's activities are to be managed or organised; or
    • the actual managing or organising of the whole or a substantial part of those activities.

    This extends beyond the boardroom to a much wider pool of individuals with management responsibilities. The risks are increased by the diffusion of decision-making in many businesses across multiple tiers of management. It may, dependent on the facts, cover positions such as divisional and corporate function heads, as well as others with significant managerial responsibilities. The definition is broad and, until tested in court, is likely to be interpreted expansively by prosecutors.

    Actual or Apparent Authority

    The senior manager must be acting within the "actual or apparent" scope of their authority. This does not mean the senior manager needs to have been authorised to carry out the criminal conduct. It is sufficient if the act was a type of act that the senior manager was authorised to undertake, or which would ordinarily be undertaken by someone in that position – for example, a CFO who commits fraud by deliberately making false statements about a company’s financial position.

    Broader range of offences

    The senior manager provisions in ECCTA were limited to specified economic crime offences. CAPA will replace the provisions in ECCTA and expand them to all criminal offences.

    While certain offences are not capable of being committed by a company as principal, for example murder (where there is no availability of a fine), the list of new offences is wide. Offences such as modern slavery and trafficking, data protection offences, offences related to contempt of court or misleading statements to regulators/investigators, and many others are now all in scope. Certain economic crime offences, which were outside the scope of the provisions in ECCTA, also now appear to be in scope, including the offence of failing to disclose knowledge or suspicion of money laundering under section 330 of the Proceeds of Crime Act 2002 (an offence in relation to which a DPA can be entered). Despite the unequivocal wording of section 250, there are arguments that offences which specifically apply only to 'individuals' – such as the insider dealing provisions in section 52 of the Criminal Justice Act 1993 – would remain out of scope.

    Key Takeaways

    1. Further softening of existing prosecutorial hurdles

    The expansion of the attribution doctrine is the latest in a series of reforms aimed at expanding the investigation and prosecution of corporate criminality, notably through the introduction of strict liability offences for failing to prevent bribery, the facilitation of tax evasion, and fraud.

    On paper, the new provisions in CAPA are a powerful prosecutorial tool. They will apply to all organisations irrespective of their size and there is no requirement for the prosecutor to establish that the criminal conduct benefited the company.

    Time will tell, however, whether the reforms will have a meaningful impact on the number of corporate prosecutions, particularly given there have been no prosecutions under the senior manager provision in ECCTA in the almost three years since its enactment. There is also significant uncertainty as to how key concepts will be applied in practice, including the scope of the "senior manager" definition and "actual or apparent" authority.

    We expect prosecutors to seek to bring more clear cut cases in the first instance before attempting more borderline test cases which are likely to be challenged before the courts.

    2. No reasonable procedures defence

    There is no "reasonable procedures" or "adequate procedures" defence available in respect of the provisions in CAPA (or the provisions in section 196 of ECCTA, which will be repealed on 29 June 2026), as there is for the failure to prevent fraud, tax evasion and bribery offences.

    However, even if there is sufficient evidence that a senior manager acting within their actual or apparent authority has committed an offence, prosecutors will still have to satisfy the public interest test in order to bring a prosecution.

    The Joint SFO-CPS Corporate Prosecution Guidance sets out a number of public interest factors for and against prosecution in corporate cases. Public interest factors against prosecution include:

    • A genuinely proactive approach adopted by management, involving self-reporting, remedial actions and compensation of victims.
    • A lack of history of similar conduct.
    • The existence of a genuinely proactive and effective corporate compliance programme.
    • Where the offending represents isolated actions by individuals.
    • Where the offending is not recent in nature and the company is a different body to that which committed the offences (e.g. culpable individuals have left or corporate structures and processes have changed).
    • Where the conviction is likely to have disproportionately adverse consequences for the corporate entity.

    This means that representations regarding the effectiveness of the organisation's compliance programme and remedial measures will remain central in mitigating the risk of a criminal prosecution.

    It is also notable that no changes have (yet) been made to the deferred prosecution agreement (DPA) regime to reflect the changes in CAPA. For newly in-scope offences (such as those relating to modern slavery or data protection), organisations therefore cannot currently rely on a DPA as an alternative resolution mechanism. This may impact an organisation's considerations of whether to self-report in respect of these offences.

    3. What should organisations be doing?

    CAPA represents a fundamental recalibration of UK corporate criminal liability, and suggests that holding organisations accountable for criminal offences is a government priority. Organisations should consider their exposure and take steps to understand the impact of the new law on their business.

    To mitigate the criminal enforcement risks, organisations should consider taking the following practical steps:

    • Broaden risk assessments. Organisations should move beyond economic crime to assess relevant non-economic criminal risks which could be committed within their business and consider appropriate mitigation measures.
    • Assess governance structures and delegations of authority. Noting that the scope of the "senior manager” definition remains uncertain, organisations should consider the types of roles and activities that may fall within the definition of a senior manager and review delegations of authority to ensure they are fit-for-purpose. Regulated firms should consider overlap and distinctions with the Senior Management Functions under the Senior Managers and Certification Regime.
    • Update policies and procedures. Codes of conduct, policies and procedures may require updating to reflect the new offences and scope of personnel who could cause criminal liability for the company. Internal investigation protocols should be refreshed so that investigation teams can identify quickly whether an individual subject to investigation is a senior manager under the statutory definition. Given the risk of potential corporate liability, it will be important that this analysis is conducted under legal privilege.
    • Conduct training and awareness raising. Targeted training – for the potential senior managers and across the wider business – to increase awareness and understanding of the new law and its implications may be prudent. Whistleblowing procedures should be enhanced to ensure that relevant criminal risks are escalated for investigation.

    For further information, please contact the Ashurst Corporate Crime and Investigations team.

    Other authors: Rebecca Akroyd, Solicitor.

    The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
    Readers should take legal advice before applying it to specific issues or transactions.

    Key Contacts