For many years, corporate criminal liability in the UK turned on the common law “identification principle”, which meant that a corporate could generally only be liable where an offence was committed by an individual, who, by virtue of their role, could be said to represent the company’s “directing mind and will”. In practice, the test struggled to reflect the structures and day-to-day operations of modern businesses. Decision-making is rarely confined to the boardroom, and responsibility is often dispersed across layers of management.
The “senior manager” test, adopted by the Economic Crime and Corporate Transparency Act 2023 (ECCTA), reflected a deliberate shift away from that model and saw the introduction of a fact-sensitive and functional test whereby a company will be criminally liable if a “senior manager” commits a specified offence while acting within their actual or apparent authority.
The Crime and Policing Act 2026 (CPA) takes this one step further and from 29 June 2026 will extend the senior manager test to all criminal offences.
The ECCTA starting point: A broader lens
Under ECCTA, from December 2023, a statutory basis for corporate liability was introduced for a wide range of economic offences (including, for example, fraud, bribery and money laundering), where a “senior manager” acting within the actual or apparent scope of their authority commits a relevant offence.
This shift recognised the reality that decision-making in large organisations is decentralised and that often, responsibility and risk sit well below board level. Notably, there is no statutory defence.
However, the scope of ECCTA was deliberately limited. The new test applied only to a defined list of specific economic offences and to date, there have been no reported prosecutions under this provision, so the concept and its practical application remain untested.
What is a “senior manager”?
A “senior manager” is an individual who plays a significant role in:
- The making of decisions about how the whole or a substantial part of the activities of a body corporate or partnership are to be managed or organised.
- The actual managing or organising of the whole or a substantial part of those activities.
The senior manager test is inherently fact sensitive. In practice, the key focus is on the scale of the individual’s operational role and the proportion of the organisation’s activities that fall within it.
Importantly, the test captures a broader category of individuals than those traditionally regarded as the company’s “directing mind and will”. It may extend beyond board-level roles to include regional, divisional or function heads as well as those in strategic roles (such as compliance).
Determining whether an individual meets this threshold requires a close examination of how decision-making authority is exercised within the organisation. This will depend on particular facts including the size and structure of the business, the number of management layers, and the extent to which responsibility is decentralised across different functions or divisions.
Consistent with the government policy paper, Crime and Policing Act 2026: Serious Crime Factsheet, which confirms that the CPA adopts the definition of “senior manager” from the Corporate Manslaughter and Corporate Homicide Act 2007, the focus is on the individual’s actual role in managing the business and the degree of control they exercise in practice. This approach better reflects the reality of modern corporate structures and facilitates prosecutions in a wider range of cases where senior level employees who “exert decision making power” are involved in the offending.
What now?
For organisations, the implication of the CPA is not simply one of increased compliance, but a need to understand in practical terms who exercises real decision-making authority.
Organisations should consider taking the following steps:
- Reassess risk: Map exposure across all criminal offences, not just economic crime, identifying where senior managers could realistically create attribution risk.
- Test governance: Ensure oversight matches how decisions are actually made.
- Train leadership: Make clear how conduct can attach liability to the business.
- Prepare for incidents: Make sure that investigation, reporting and response plans are current, well-understood and operating in practice.
Our content explained
Every piece of content we create is correct on the date it’s published but please don’t rely on it as legal advice. If you’d like to speak to us about your own legal requirements, please contact one of our expert lawyers.