On 29 June 2026, a fundamental shift in UK corporate criminal law takes effect. Under Section 250 of the Crime and Policing Act 2026, organisations can be held criminally liable for any offence committed by a senior manager acting within their actual or apparent authority — not just the economic crimes previously in scope.

The practical implication: if your CFO, COO, divisional head, or regional director commits a criminal act in the course of their role, your organisation bears criminal liability. And unlike other recent extensions to corporate criminal law, there is no statutory “reasonable procedures” defence. The clock is running.

What Does the Crime and Policing Act 2026 Actually Change?

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) introduced corporate liability for failure to prevent fraud — but only for a defined list of Schedule 12 economic crimes, and only where organisations lacked reasonable prevention procedures. The Crime and Policing Act 2026 goes significantly further. Section 250 extends the attribution principle to cover all criminal offences, effectively making the senior manager’s crime the company’s crime across the full spectrum of criminal law.

This is not a compliance upgrade — it is a structural change to how criminal risk is allocated between individuals and organisations. Boards that have built their compliance architecture around ECCTA and the Bribery Act 2010 will need to reassess whether their frameworks are calibrated for this broader exposure.

According to research published by the UK Treasury, financial crime costs the UK economy an estimated £190 billion annually. Law enforcement agencies have made clear that prosecutorial appetite is growing — and the Crime and Policing Act 2026 gives them a significantly wider net.

Executive Action

• Brief your board and executive committee on Section 250 before 29 June — this is a material governance event, not an HR or legal department issue.
• Commission a gap analysis comparing your existing compliance frameworks (ECCTA, Bribery Act, UK GDPR) against the Act’s extended scope.
• Ensure your General Counsel or external legal adviser has confirmed in writing what your exposure looks like under the new attribution standard.

Who Qualifies as a “Senior Manager” Under the New Law?

The Act defines a senior manager as someone who plays a significant role in making decisions about the whole or a substantial part of the organisation’s activities, or in the actual managing and organising of those activities. In practice, this extends well beyond the formal board. CFOs, COOs, CTOs, and CHROs are clearly within scope. So too are divisional managing directors, regional heads, and senior operational leaders — anyone with meaningful authority over a substantial business unit.

This breadth of definition creates an uncomfortable reality for many organisations: they carry criminal risk through a wider layer of leadership than their existing governance maps acknowledge. Organisations with devolved, matrix, or regional structures face particular complexity, as multiple layers of management could independently trigger liability.

Legal analysis from Skadden, Arps, Slate, Meagher & Flom notes that the “acting within actual or apparent authority” test means even unauthorised acts — where a third party could reasonably assume the senior manager had authority — can be attributed to the company. This makes oversight processes, internal authority frameworks, and approval chains business-critical risk controls.

Executive Action

• Map your senior manager population against the statutory definition — this is likely broader than your formal board and executive committee.
• Review delegation of authority frameworks and approval chains to understand where criminal risk could be attributed to the organisation.
• Ensure employment contracts and role profiles for senior managers clearly define the limits of their authority, supported by documented oversight mechanisms.

Why Is the Absence of a “Reasonable Procedures” Defence So Significant?

Most recent expansions of corporate criminal liability — including ECCTA’s failure-to-prevent provisions and the Bribery Act’s Section 7 — have included a statutory defence for organisations that had adequate prevention procedures in place. The Crime and Policing Act 2026 does not. Under Section 250, a comprehensive compliance programme will not, on its own, prevent conviction.

This fundamentally changes the compliance calculus. Procedures remain valuable — they demonstrate culture, reduce the likelihood of criminal conduct, and will be relevant to sentencing. But they cannot serve as a liability shield. The only reliable mitigation is preventing the underlying conduct from occurring in the first place: through rigorous oversight, a genuinely embedded compliance culture, and robust whistleblowing and escalation mechanisms.

Fieldfisher’s analysis of the Act confirms that prosecutors do not need to prove senior management intent for the full range of offences — the act of commission by a qualifying individual, within the scope of their authority, is sufficient to attribute liability. This places significant weight on boards to demonstrate active, not passive, governance over their senior leadership population.

Executive Action

• Do not rely on existing compliance policies as a liability defence — reframe your programme around genuine conduct prevention rather than procedural documentation.
• Strengthen whistleblowing infrastructure: third-party channels, non-retaliation policies, and board-level escalation routes must be demonstrably functional.
• Consider whether your board receives sufficient management information to detect behavioural risks at senior manager level — not just financial performance data.

What Steps Should Boards Take Before 29 June 2026?

With less than four weeks until Section 250 takes effect, the priority is pragmatic triage rather than a full compliance overhaul. Boards should focus on three immediate actions: understanding their exposure profile, confirming the scope of their senior manager population, and ensuring their existing controls are adequately documented and operational.

Longer term, the Act should prompt a review of how your organisation’s risk appetite statements, compliance frameworks, and board reporting structures account for criminal conduct risk at senior management level. INFORMD has been tracking the legislative journey of this Act since Committee Stage, and the organisations best placed to respond are those where legal, risk, and the board have been working in alignment — not those treating this as a post-implementation legal advisory.

Boards should also note that the Act’s implications extend beyond regulated sectors. Financial services firms are experienced at mapping individual accountability under the Senior Managers and Certification Regime (SMCR). For corporates outside regulated industries, this level of individual liability mapping is new territory. INFORMD’s library of executive briefings includes practical guidance on individual accountability frameworks relevant to the post-Act environment. If your organisation needs to stress-test its current position, our team is available to support that process.

Executive Action

• Set a board agenda item for June to formally acknowledge the Act’s commencement and record your governance response — this creates an audit trail of proactive oversight.
• For regulated firms, cross-reference your SMCR prescribed responsibilities maps against the Act’s senior manager definition to identify any additional population.
• Instruct legal counsel to provide a written opinion on your current exposure profile under Section 250, with specific focus on your devolved or regional leadership structures.

INFORMD provides intelligence briefings for senior business leaders across technology, finance, strategy, and compliance. Based in Milton Keynes, UK, we help executives stay informed and act with confidence. Explore our full library of executive briefings or speak to our team.

Frequently Asked Questions

Does the Crime and Policing Act 2026 replace the Economic Crime and Corporate Transparency Act?

No. The two Acts sit alongside each other. ECCTA’s failure-to-prevent fraud provisions, which include a reasonable procedures defence, remain in force. The Crime and Policing Act 2026 adds a new, broader attribution mechanism through Section 250 that covers all criminal offences — not just those listed in ECCTA’s Schedule 12 — and does not include an equivalent defence.

Does this law apply to private companies as well as listed firms?

Yes. The Crime and Policing Act 2026’s senior manager attribution provisions apply to all corporate bodies operating in the UK, regardless of size, sector, or listing status. There is no SME carve-out. Private equity-backed businesses, subsidiaries of international groups, and family-owned mid-market firms are all within scope if they operate in the UK.

Can a senior manager be personally prosecuted alongside the company?

Yes. Section 250 creates corporate liability; it does not replace individual liability. A senior manager who commits a criminal offence can be prosecuted personally, and the company can simultaneously face prosecution for the same underlying conduct. Where the individual is also subject to SMCR, a parallel FCA enforcement action is also possible — meaning some individuals face a three-track exposure: personal criminal prosecution, civil FCA enforcement, and corporate criminal proceedings against their employer.

What sectors are most at risk under the new corporate criminal liability rules?

While the Act applies universally, sectors with complex supply chains, large regional operations, or significant third-party relationships face the greatest practical exposure — including financial services, construction, property, logistics, and professional services. Sectors accustomed to operating with devolved decision-making authority and limited centralised oversight should treat this legislation as a material change in their risk environment and act accordingly before 29 June 2026.

Stay ahead. Subscribe to INFORMD’s executive briefing at informd.co.uk/services.

---

Related Tools & Templates: Apply a structured framework to your board agenda — explore INFORMD executive assessments or download board-ready templates. Explore all INFORMD executive tools and assessments →