Existing clients

Log in to your client extranet for free matter information, know-how and documents.

Client extranet portal

Staff

Mills & Reeve system for employees.

Staff Login
01 Jul 2026
2 minutes read

Crime and Policing Act 2026: Implications for charities

The extension of corporate criminal liability under the Crime and Policing Act 2026 (CPA) is a significant development for the charity sector, building directly on reforms introduced by the Economic Crime and Corporate Transparency Act 2023 (ECCTA).

The ECCTA as the foundation

The ECCTA marked a shift away from the traditional “directing mind and will” test, introducing a broader “senior manager” test for certain economic offences.

Alongside this, it created the failure to prevent fraud offence, which came into force on 1 September 2025 and applies to large charities that do not have adequate procedures in place to prevent fraud by associated persons.

For more information about failure to prevent fraud read our blog

These reforms recognise that decision-making in modern organisations is often decentralised and seek to ensure that liability reflects how authority is exercised in practice.

The CPA: A further extension

The CPA takes this approach further. From 29 June 2026, the senior manager test will apply to all criminal offences, not just economic crime.

This has three important consequences for charities:

  • exposure is no longer limited to financial or economic crime.
  • liability may arise across the organisation’s full range of activities.
  • unlike the failure to prevent fraud offence, there is no equivalent “adequate procedures” defence.

Who is a “senior manager”?

A senior manager is someone who plays a significant role in:

  • making decisions about how a substantial part of the organisation is managed, or
  • actually managing those activities.

In a charity, this may include:

  • chief executives and executive directors.
  • senior leadership team members.
  • heads of functions (for example finance, fundraising or services).
  • programme or regional leads with operational autonomy.

The focus is on actual decision-making authority, not job title.
Interaction with the failure to prevent fraud offence

Many charities have been considering their economic crime controls in connection with the changes brought in by ECCTA outlined above.

The CPA is broader as it applies to all offences. Together, these regimes reinforce expectations of robust governance and control.

Practical implications

Charities should now:

  • identify senior managers in practice: map where real decision-making sits.
  • reassess risk: extend beyond fraud to all areas of potential criminal exposure.
  • review governance: ensure oversight reflects operational reality
  • build on existing work: align with fraud prevention and internal controls.
  • raise awareness: ensure senior staff understand the implications of their roles.

Potential risk areas include safeguarding, health and safety, data protection, fundraising practices and regulatory compliance and reporting.

Conclusion

The CPA continues a clear legislative direction initiated by the ECCTA: a move towards broader, more realistic attribution of organisational liability.

For charities, the key message is that liability is no longer confined to trustees or the board. It extends to those exercising meaningful decision-making authority in practice.

Ensuring that governance and oversight frameworks reflect that reality will be central to managing risk in the current environment.

If you have any questions please contact Rachel McDonnell, Claire O’Reilly or Matthew McGarvey.

Our content explained

Every piece of content we create is correct on the date it’s published but please don’t rely on it as legal advice. If you’d like to speak to us about your own legal requirements, please contact one of our expert lawyers.