How the Crime and Policing Act 2026 creates a new era of corporate criminal liability

For boards, directors and senior leadership teams, the Crime and Policing Act 2026 represents one of the most significant developments in corporate criminal law for decades.

A single criminal act committed by a senior manager could now expose an entire organisation to criminal prosecution.

New Regime for Corporate Criminal Liability

The new provisions, which come into force on 29 June 2026, make it considerably easier for prosecutors to attribute criminal liability to organisations for offences committed by individual senior managers acting within the actual or apparent scope of their authority.

While public attention has largely focused on the Act’s policing powers and measures to tackle knife crime and anti-social behaviour, the most far-reaching consequence is the expansion of corporate criminal liability.

For businesses across every sector, and of every size, this is much more than a technical legal amendment. It is a fundamental change to the way corporate criminal responsibility is assessed and attributed.

Why does this matter?

Historically, prosecutors often faced significant obstacles when attempting to prosecute large organisations for criminal offences.

Under the “identification doctrine”, prosecutors generally had to prove that the individual responsible represented the company’s “directing mind and will”. While this was relatively straightforward in small owner-managed businesses, it was considerably more difficult in larger organisations with layered management structures and delegated decision-making.

In practice, this meant that some organisations avoided prosecution not because wrongdoing had not occurred for which the company had some responsibility, but because investigators could not attribute the offending conduct to someone sufficiently senior within the corporate hierarchy.

The Crime and Policing Act 2026 substantially lowers that hurdle.

Where a senior manager commits a criminal offence whilst acting within the actual or apparent scope of their authority, the organisation itself may now face criminal prosecution.

Importantly, these provisions apply across the whole spectrum of the criminal law and are not confined to economic crime.

For many organisations, the actions of one senior individual could now expose the entire business to criminal liability.

What has changed?

The Act introduces a statutory basis for attributing criminal liability to organisations where offences are committed by senior managers.

This reflects a wider policy objective of ensuring that large organisations cannot avoid prosecution simply because decision-making responsibilities are dispersed across complex management structures.

Whilst the legislation undoubtedly makes prosecution easier in many cases, companies do not become automatically guilty because a senior manager commits an offence. Prosecutors must still establish that the underlying criminal offence was committed and that the individual was acting within the actual or apparent scope of their authority.

How the courts interpret these provisions will develop over time, but organisations should not wait for the first reported cases before reviewing their governance arrangements.

Who Is a Senior Manager?

The legislation deliberately focuses on function rather than job title.

A senior manager is someone who plays a significant role either:

• in making decisions about how the whole or a substantial part of the organisation’s activities are managed; or
• in managing or organising the whole or a substantial part of those activities.

This may include:

• Managing Directors
• Finance Directors
• Operations Directors
• HR Directors
• Compliance Directors
• Regional Managers
• Heads of Department
• Senior Operational Managers

Equally, an individual with no board position may nevertheless fall within the statutory definition if they exercise sufficient influence over a substantial part of the organisation’s operations.

Why does the definition of Senior Manager matter?

One of the most significant areas of uncertainty is determining precisely who qualifies as a senior manager.

The legislation provides a statutory definition, but the courts have yet to interpret its scope.

Businesses should therefore avoid assuming that only board directors are senior managers.

Individuals responsible for regional operations, compliance, major business units or significant operational functions may all fall within the definition depending upon their responsibilities.

Questions may arise in relation to:

• regional managers;
• site managers;
• compliance officers;
• heads of department;
• operational managers.

Until judicial guidance develops, organisations are well advised to adopt a cautious approach.

What is Apparent Authority?

The legislation extends criminal liability to the organisation where a senior manager acts within their apparent authority, in addition to senior managers acting within their authority.

In simple terms, this means criminal liability will extend to the organisation where a third party reasonably believes that an individual is authorised to act on behalf of the organisation, even if they exceed their actual authority.

For example:

• a regional manager agreeing unlawful arrangements with a supplier;
• an operations director making improper representations to regulators;
• a departmental head giving unlawful instructions to staff.

Businesses should therefore consider not only formal reporting structures but also how authority is exercised and perceived not just within the business, but also by customers, stakeholders, business partners and indeed by all outside of the business.

What types of offences could be caught?

The new provisions apply to the whole spectrum of criminal offences, including but not limited to:

• fraud;
• bribery and corruption;
• health and safety offences;
• environmental crime;
• money laundering;
• false accounting;
• data protection offences;
• modern slavery offences;
• regulatory offences;
• transport compliance;
• road traffic offences;

Which sectors are affected?

 The legislation affects organisations of every size and sector.

Particular exposure may arise in:

• Manufacturing
• Transport and logistics
• Energy and utilities
• Healthcare
• Construction
• Professional services
• Education
• Retail
• Financial services

Is there a statutory defence if we have “reasonable procedures” in place?

Unlike certain other corporate offences, the legislation does not introduce a statutory “reasonable procedures” defence.

However, organisations that can demonstrate strong governance, effective compliance procedures and clear reporting mechanisms may be better placed to prevent issues arising and respond effectively if concerns emerge.

Further it will be easier to argue that it would not be in the public interest to prosecute an organisation which has reasonable procedures in place and has undertaken all due diligence.

Businesses may wish to consider:

• compliance audits;
• policy reviews;
• whistleblowing procedures;
• management training;
• internal investigation protocols;
• incident response plans.

What do Boards of Directors and Senior Management Teams need to know?

For directors and senior management teams, these changes are not simply another compliance issue.

Boards and SMTs should now seek to understand and document:

• Who exercises genuine decision-making authority;
• Whether delegated authority is clearly documented;
• Where criminal risk exists;
• Whether managers understand their legal responsibilities;
• Whether whistleblowing procedures are effective;
• How allegations would be investigated;
• Whether the organisation could respond quickly to a regulatory investigation.

Waiting until investigators arrive is unlikely to be the best time to identify weaknesses.

Boards and SMTs may wish to ask:

• Have we identified everyone who may qualify as a senior manager?
• Are reporting and escalation procedures effective?
• Are compliance responsibilities clearly allocated?
• Do senior managers receive appropriate legal and regulatory training?
• Are internal investigation procedures appropriate and documented?
• Could we respond effectively to a dawn raid or criminal investigation?
• Have we reviewed our governance framework since these changes were announced?
• Have we reviewed our compliance procedures since these changes were announced
• Do we have comprehensive Directors and Officers Liability Insurance in place?

Whilst such insurance will not respond to a fine, it may well cover legal fees in responding to an investigation or in defending a prosecution.

Looking Ahead

The Crime and Policing Act 2026 represents one of the most significant expansions of corporate criminal liability in recent years.

Although many aspects of the legislation will ultimately be shaped by future court decisions, organisations should not wait for the first prosecutions before considering their own exposure.

The businesses best placed to manage these changes will not be those reacting to an investigation after it has begun.

They will be those that have already identified potential areas of risk, strengthened governance arrangements and ensured that senior managers understand the responsibilities that now accompany their authority.

How can Flint Bishop help your business?

Our Regulatory and Corporate Defence (RCD) Team has many years’ experience and expertise of successfully advising businesses facing investigations, prosecutions and regulatory action.

We can assist with:

• corporate criminal risk reviews;
• senior management training;
• internal investigations;
• compliance reviews;
• regulatory investigations;
• prosecution defence;
• crisis response and incident management.

Early preparation may significantly reduce risk and place organisations in a much stronger position should issues arise.

Why choose Flint Bishop to help your business navigate the Crime and Policing Act 2026?

Independent legal directory Legal 500 describes Flint Bishop as “front-runners in providing expert advice and representation”.

L500 describes Head of Department Jeremy Scott as providing ‘commercially sensible guidance on managing corporate and individual regulatory liability’.