Corporate criminal liability

The expanding legal net

Since the Bribery Act in 2010, corporate criminal liability in the UK has continued to expand and that trend has accelerated in recent years. The Economic Crime and Corporate Transparency Act 2023 (ECCTA) marked a major shift, introducing an expanded identification doctrine and creating the new “failure to prevent fraud” offence – changes that attracted significant attention at the time.

By contrast, the proposals in the Crime and Policing Bill 2025 (CPB) – currently progressing through Parliament – have received relatively little scrutiny, despite their potentially far-reaching implications. In this piece, we outline the proposal in Section 196 of the CPB to further expand the identification doctrine, its lack of a “benefit safeguard” or a defence based on the adequacy of a company’s compliance framework and the practical considerations for businesses.

ECCTA – a refresher

Two provisions of ECCTA have already broadened the scope of UK corporate criminal liability. The first is the expanded identification doctrine, in force since 26 December 2023. This widens the category of individuals whose actions can trigger corporate criminal liability for specified economic crimes - from a narrow group at the top of the organisation (typically the board) to a wider group of senior managers – under what is now referred to as the “senior manager test”.

The second major change is the new failure to prevent fraud offence, which came into force on 1 September 2025. From that date, companies may face unlimited fines if employees, or other associated persons, commit a fraud offence intending to benefit the organisation or its clients.

What’s new?

If enacted, the CPB would apply the senior manager test to all criminal offences under UK law - far beyond the list of economic crimes captured under ECCTA.

As under the existing ECCTA test, an organisation would be criminally liable where a senior manager commits an offence while “acting within their actual or apparent scope of authority.” However, determining who qualifies as a senior manager remains challenging: the definition is deliberately broad and designed to capture individuals who exercise significant influence within the organisation. This may include senior figures in functions such as compliance, finance, operations and HR.

Importantly, the senior manager test does not require that misconduct be intended to benefit the organisation (i.e. there is no benefit safeguard), nor does it allow any defence based on whether a company took reasonable steps to prevent the conduct. When combined with the CPB’s much broader scope of offences, this substantially lowers the bar for corporate liability.

What offences are covered?

Section 196 of the CPB casts a wide net. Beyond offences already included under ECCTA, in-scope offences can be grouped into two broad categories:

  1. Business-related offences: These occur during the course of normal business operations or relate closely to the duties of senior managers, making it easier to justify attributing responsibility to the organisation. Examples could include environmental breaches, data protection violations, computer misuse, modern slavery, human trafficking and health and safety offences.
  2. Personal offences: These offences are largely unrelated to business activities, and could include violent crime, sexual offences, driving offences and harassment. Under the CPB, no distinction is made between business-related and personal offences, meaning personal offences could, in theory, give rise to corporate liability. While one could argue that this type of personal offending falls outside a senior manager’s authority, there may be situations where misconduct occurs within the workplace or forms part of a systemic issue or work culture, making it possible to contend that it was within the actual or apparent scope of the senior manager’s authority.

While holding companies accountable for business-related offences may be defensible, extending the same standard to personal offences raises significant fairness concerns, particularly when the organisation has strong compliance measures in place or the senior manager acted without any intent to benefit the business.

Comparisons across the Atlantic

The UK’s expanding approach to corporate criminal liability contrasts with the current trajectory in the US, which has been narrowing and refining its corporate criminal enforcement practices. In February 2025, President Trump paused enforcement of the Foreign Corrupt Practices Act (FCPA) - the US equivalent of the Bribery Act - a pause effectively lifted in June when the US Department of Justice (DOJ) issued updated Guidelines. These Guidelines signal a resumption of enforcement but with a refocused agenda: targeting cartels and transnational criminal organisations, prioritising individual over corporate liability and protecting US business interests.

While the UK’s Serious Fraud Office (SFO) has hinted it might step in to fill gaps left by a softer US approach and increasingly has the legislative tools to do so, it is unlikely to have the resources to fully assume the DOJ’s international enforcement role.

Navigating the expanding legal net in 2026

The UK government’s objective of extending the identification doctrine beyond economic offences is understandable: holding organisations accountable for the conduct of senior employees can encourage stronger compliance and deter wrongdoing. However, implementing such a broad framework requires careful calibration. The CPB’s broad provisions - embedded within a bill focused on a wide range of other matters - risk imposing additional burdens on companies without delivering clear public benefits.

The Bill is currently at Committee Stage in the House of Lords and is expected to progress towards Royal Assent later this year with little indication that Section 196 will be significantly revised.

EXPLORE MORE FROM HORIZON SCANNING
Crisis Management | Article
The enforcement landscape UK regulators and prosecuting authorities are signalling a decisive shift toward tougher enforcement in 2026. Armed with new legislative tools, advanced analytics and stronger penalties, authorities are creating a higher-risk environment for corporates.
Crisis Management | Article
An inflexion point for litigation funding? Litigation funding has an important but contentious role at the heart of the civil justice system. The law has tolerated its growth because it can open up access to justice for people who could not otherwise afford it.
Crisis Management | Article
Class actions in England and Wales 2026 Class actions continue to play a prominent role in the legal landscape of England and Wales. New trends are emerging across competition, securities and ESG litigation, reshaping both opportunities and challenges for stakeholders.
Crisis Management | Article
The activist agenda Shareholder activism remained firmly on the corporate agenda in 2025, with activists proving resilient despite market uncertainty. Reflecting wider market trends, it was a year of two halves as year-on-year activity levels were relatively subdued in the first half of 2025, whilst the second half of the year, and the final quarter in particular, witnessed an uptick in activity – with the result that 2025 finished ahead of 2024.

See all

STAY INFORMED

We will continue to publish Horizon Scanning insights throughout the year.
Subscribe using the button below to receive the latest updates straight to your inbox.

 Subscribe

This material is provided for general information only. It does not constitute legal or other professional advice.