Crime & Policing Bill — proposals to expand corporate criminal liability
We explore the implications of extending liability beyond economic crimes to all criminal offences and outline six practical steps to prepare.
Read more
Crime & Policing Bill — proposals to expand corporate criminal liability
AuthorsLucy Ryczany
7 min read
Organisations across the UK should start preparing for proposals made by the Crime & Policing Bill, which is set to significantly expand corporate criminal liability. In essence, this means that if a ‘senior manager’ commits a criminal offence, the organisation may also be held liable.
Here, Lucy Ryczany from our corporate defence and compliance team explores the implications of extending liability beyond economic crimes to all criminal offences and presents six practical steps that businesses and their leaders should take in preparation for this new era of compliance.
The identification principle explained
The identification principle has long been a foundation of corporate criminal liability in the law of England and Wales. Under this doctrine, a company can be held criminally liable for the criminal acts of others where the offence was committed by an individual who represents the organisation’s “directing mind and will”.
However, the principle has come under intense scrutiny in recent years in circumstances where identification of the ‘directing mind and will’ of an organisation has made prosecution extremely difficult. Complex management structures, layered governance and decentralised decision‑making often mean that prosecutors struggle to identify a single individual who embodies the directing mind and will — enabling corporate wrongdoing to go unpunished.
A shift towards broader corporate accountability
In recent years, there has been growing pressure to modernise the law and make it easier to hold companies to account. This shift has been most prominent in the economic crime arena, where new corporate offences — such as failure to prevent bribery, tax evasion and fraud — have emerged. Instead of requiring the identification of the directing mind and will of the organisation, these offences create a new offence where an organisation fails to prevent the criminal activities of associated persons.
In addition to introducing the Failure to Prevent Fraud offence, the Economic Crime and Corporate Transparency Act (ECCTA) marked a significant shift in the legislative efforts to lower the burden for the prosecution of corporate bodies by introducing a ‘senior manager test’ for attributing criminal liability to organisations. Under ECCTA, where a senior manager commits a ‘relevant economic crime’, the organisation can be held liable. This change provides prosecuting authorities the opportunity to prosecute corporates for the activities of a much wider range of people.
However, this reform is currently limited to a defined list of economic offences.
Extending the senior manager test to all offences
The Crime & Policing Bill (currently before the House of Lords) proposes a major expansion of this new regime. The Bill would extend the senior manager attribution test to all criminal offences — not just economic crime.
Under these proposals, if a senior manager commits any criminal offence while acting within the actual or apparent scope of their authority, the organisation itself will also commit the offence.
Crucially, corporate liability would arise even if the organisation had no knowledge of the conduct and the organisation wouldn’t have a defence based on reasonable prevention procedures (unlike with the ‘failure to prevent’ offences).
This represents a dramatic widening of potential corporate exposure to criminal liability.
Who is a senior manager?
A senior manager is defined as someone who plays a significant role in the making of decisions about how the whole or a substantial part of the activities of the body corporate or (as the case may be) partnership are to be managed or organised or the managing or organising of the whole or a substantial part of those activities.
Although this is a statutory definition, in practice enforcement agencies are likely to look beyond a person’s job title or contractual terms of employment and will instead consider the reality of an individual’s responsibilities on the ground. Someone who lacks the formalities of a title but is able to exercise substantial influence may still be deemed a senior manager.
Organisations therefore need to undertake a careful internal review to identify who falls within this definition and ensure role descriptions accurately reflect levels of authority.
What should organisations do now? Six practical steps
Even though the Bill is still progressing through Parliament, given the significant changes that are proposed it’s important for organisations to start preparing now.
The expansion of the senior managers regime to bring ‘all offences’ into scope means that risk exposure is far broader and more difficult to identify than under existing ‘failure to prevent’ regimes.
Here are six practical steps to consider:
1. Demonstrate genuine and ongoing commitment to compliance
Cultural leadership is essential — policies and statements are insufficient without visible, active engagement. Boards and senior leaders should lead by example, modelling ethical behaviour and reinforcing a zero‑tolerance approach to any and all misconduct.
2. Conduct comprehensive risk assessments
Although prevention procedures won’t constitute a statutory defence, risk assessments remain critical. These enable organisations to identify areas where criminal conduct might occur, implement appropriate controls and reduce opportunities for wrongdoing to occur.
Given the broad scope of liability, risk assessments should be tailored (among other things) to the nature of the business, the size and structure of the organisation and any sector‑specific vulnerabilities. Risk assessments must be regularly reviewed and updated as operations evolve.
3. Implement proportionate policies and procedures
Although having reasonable policies and procedures won’t afford a defence to an organisation in the event that an offence is committed by a senior manager, having such policies and procedures will help to manage exposure to the risk of criminality taking place.
What those policies and procedures look like and how they’re implemented will depend on (among other things) areas of exposure identified by the risk assessment, which are influenced by the corporate’s size, jurisdiction and the sectors in which it operates.
Some examples include:
- Conduct policies.
- Whistleblowing processes.
- Escalation protocols.
- Supervision and oversight mechanisms.
Such policies should form part of a wider suite of policies and procedures that engender the ethical and responsible behaviours of a robust compliance culture.
4. Strengthen due diligence measures
In the context of internal crime prevention due diligence refers to the steps that are taken — both before and during the course of employment — to inform an organisation of the risk of an individual committing a criminal offence while working for the organisation and mitigate the risks of such conduct occurring.
Appropriate checks may include:
- References and criminal record checks (where appropriate) during the onboarding process.
- Refreshing due diligence periodically during employment and when individuals move into roles with higher-risk profiles. Where roles carry higher inherent risk, more extensive scrutiny and monitoring may be required.
5. Monitor and review
Business is rarely static, so risks are always evolving. This may be prompted by changes in staffing or variations in business activities. Consequently, compliance programmes should be alive to evolution — with monitoring and reviews built-in to identify and implement necessary changes.
To ensure that compliance systems remain relevant and effective, monitoring may include:
- Employee questionnaires.
- Refreshed due diligence.
- Periodic, at‑desk risk assessments.
- Regular reporting to senior leadership or the board.
6. Communication and training
Policies and procedures won’t help an organisation to mitigate against the risk of criminal conduct occurring unless staff understand them and are aware of their obligations, responsibilities and the impact of criminal conduct on the business.
Organisations should ensure that:
- Expectations around conduct are clearly communicated.
- Training targets relevant risks for specific roles.
- The personal and corporate consequences of wrongdoing (including any disciplinary procedures) are explained.
Talk to us
The Crime & Policing Bill signals a major shift in corporate criminal liability. The expansion of the senior manager test to all offences will result in organisations being exposed to an increased risk of criminal liability for the actions of others.
To make sure that you’re compliant, get in touch with our corporate defence and compliance experts. We advocate the ethos that ‘prevention is better than cure’ and are experienced in advising corporates on the strength of their existing compliance regimes, as well as how to adopt suitably risk-assessed policies to protect against prosecution.
Book a chat with our team today by emailing hello@brabners.com, calling 0333 004 4488 or completing our contact form.
Talk to us
Loading form...
Related insights
Supreme Court decision increases VAT recovery risk on share sale costs
We explain what the Hotel La Tour decision means in practice and how businesses can manage the resulting VAT risk.
Read more
Accountability in action — FCA’s enforcement against Monzo & Barclays explained
Recent FCA enforcement actions highlight systemic weaknesses in financial crime controls across both traditional and digital banking models.
Read more