The extension of corporate criminal liability to offences committed by senior managers marks a significant widening of an organisation's liability net. Organisations should treat the commencement date in June as an important milestone for ensuring their governance and compliance arrangements adequately address the expanded scope of exposure. In this article, we provide an overview of the reform and the practical implications for companies and LLPs, including professional services firms.

What's changing?

The Crime and Policing Act 2026 (CPA 2026), which received Royal Assent on 29 April 2026, will significantly extend corporate criminal liability from 29 June 2026 for all bodies corporate (including limited liability partnerships (LLPs)) and partnerships. The long-established principle that companies can only be criminally liable for offences committed by those representing the 'directing mind and will' of the organisation, a high bar to satisfy, will be entirely replaced. In its place, CPA 2026 provides that where a senior manager commits any criminal offence within the actual or apparent scope of their authority, the organisation itself may be held criminally liable for that offence. 

Background and rationale

For many years, the common law 'identification doctrine' has meant that a company could only be held criminally liable where an offence was committed by an individual representing its 'directing mind and will'. This category was confined to the board of directors, the managing director and other superior officers carrying out management functions[1]. The established position was often criticised as being at odds with the reality of large modern companies, which often have a much wider and diffused management structure, with the directors being several levels removed from the individual who committed the offence. 

The practical impact of the traditional status quo was that the imposition of direct corporate criminal liability was largely limited to small companies with only one or two directors, while it has historically been far harder to prosecute large corporates. The government acknowledged this imbalance and issued a Call for Evidence in 2017 and subsequently commissioned the Law Commission to give recommendations for reform.

These recommendations were first taken forward in ss 196–198 and Schedule 12 of ECCTA 2023, which introduced a senior manager attribution for specified economic crimes with effect from 26 December 2023. However, the government acknowledged during the passage of ECCTA 2023 that wider reform was required to introduce corporate liability for all crimes, not just economic ones. The CPA 2026 delivers that reform. It repeals the ECCTA 2023 provisions, replicates their substance, and extends the senior manager attribution rules universally across the criminal law.

Who is a 'senior manager'?

Section 250(1) of the CPA 2026 provides that where a senior manager of a body corporate or partnership commits any criminal offence within the actual or apparent scope of their authority, the organisation itself is also guilty of that offence.

The definition of 'senior manager' (drawn from s 1 of the Corporate Manslaughter and Corporate Homicide Act 2007) is an individual who plays a significant role in:

• the making of decisions about how the whole or a substantial part of the organisation's activities are to be managed or organised, or
• the actual managing or organising of the whole or a substantial part of those activities. 

This covers not merely persons in the direct chain of management but also those in strategic or regulatory compliance roles. The ECCTA 2023 explanatory notes highlight that those in senior management would normally include directors, as well as other senior officers such as a Chief Financial Officer or Chief Operating Officer and may also extend to individuals with a significant role in relation to a substantial part of the business.

The definition could be particularly challenging for professional LLP structures due to broad and complex governance and management structures spreading a variety of responsibilities across the members.

It's also worth noting that despite the broadened scope, the practical issues of establishing liability of at least one senior manager remains, and aggregation of states of mind across multiple individuals is not permitted. The courts will also need to grapple with the boundaries of the 'senior manager' definition and the reach of 'actual or apparent authority' on a case-by-case basis.

'Actual or apparent authority'

The senior manager must be acting within the actual or apparent scope of their authority. It suffices that the act was of a type the senior manager was authorised to undertake, or which would ordinarily be undertaken by someone in that position, even if the specific wrongful act was not itself authorised.

No 'adequate procedures' defence

Unlike the failure to prevent fraud offence introduced under ECCTA 2023, there is no statutory defence of having reasonable or adequate procedures in place. If a senior manager commits an offence within the scope of their authority, corporate liability follows as a matter of law. However, companies that can demonstrate efforts to prevent offending may have a better chance of arguing that a corporate prosecution does not satisfy the public interest test to charge.

Application to LLPs

The CPA 2026 applies directly and fully to LLPs. For law firms and accountancy practices structured as LLPs, the reform raises particular challenges. There is no set or recognised framework for an LLP's leadership or its members' roles; each firm is likely to have its own bespoke and varied governance and management arrangements. There could be a number of individual LLP members who could potentially qualify as 'senior managers' by virtue of their particular management responsibilities.

Practical impact

In light of these reforms, companies and LLPs should prioritise the following actions:

• Map their senior manager population: Conducting a thorough review of governance documents, committee terms of reference, role descriptions and delegation powers to identify all individuals who could fall within the statutory definition based on function rather than title. For LLPs, this requires careful consideration of the LLP agreement and the sometimes informal governance structures typical of professional services firms.
• Strengthen governance, oversight and decision-making: Establish clear descriptions of roles, clarify authorities, signing powers and approval thresholds across the senior management tier.
• Risk assessments: Broaden beyond fraud and bribery to encompass all areas of potential criminal exposure, including data protection, health and safety, competition law, money laundering and employment law.
• Training: Make sure all senior managers receive training on the new regime and its implications for both the organisation and themselves.
• Update detection, escalation and response frameworks: Strengthen whistleblowing channels, investigation frameworks and incident response protocols to ensure that concerns about potential criminal conduct by senior individuals can be identified and addressed promptly.
• Compliance: Whilst robust compliance frameworks will not provide a legal defence, they remain important tools for detecting and preventing criminal conduct and for demonstrating to prosecutors that a corporate prosecution may not be in the public interest.