Crime and Policing Act 2026: How UK Corporates Face New Senior Manager Liability

The Crime and Policing Act 2026 received Royal Assent on 29 April, fundamentally reshaping corporate criminal accountability in the United Kingdom. From 29 June 2026—just over a month away—UK firms and their senior managers face unprecedented exposure to direct criminal liability for organisational failures, marking the most significant expansion of corporate liability since the Corporate Manslaughter and Corporate Homicide Act 2007.

For FTSE 350 boards and senior management teams, the implications are stark: individual directors and senior executives can now face personal criminal prosecution for failures within their organisations, even if they did not directly commit the underlying offence. This represents a seismic shift from historical practice, where corporate liability was primarily pursued against the organisation itself.

Understanding the Crime and Policing Act 2026: The Legislative Landscape

The Crime and Policing Act 2026 represents a comprehensive overhaul of UK policing and criminal justice frameworks, but its most contentious provision concerns corporate and senior manager liability. The Act introduces Section 213A of the Sentencing Code, which creates a new offence of "failing to prevent crime by senior managers."

Unlike historical corporate liability frameworks that required proof of a directing mind and will—the strict legal test established in R v Adomako and further refined in cases like R v Gloucestershire County Council—the new Act takes a fundamentally different approach. It imposes a strict liability framework where organisations can be held criminally liable if senior managers fail to prevent certain criminal offences occurring within the scope of their role, regardless of whether the organisation had actual or constructive knowledge.

The Act's scope encompasses a broad range of criminal conduct, from fraud and bribery to health and safety violations. The legislation operates on a "failure to prevent" principle, placing the onus on senior managers to demonstrate they took reasonable precautions to prevent criminal conduct across their areas of responsibility.

According to Pinsent Masons, one of the City's leading corporate law practices, the Act creates three distinct tiers of liability: organisational liability, senior manager liability, and where applicable, shadow director liability. This tripartite structure means that prosecuting authorities—including the Crown Prosecution Service (CPS) and the Serious Fraud Office (SFO)—can pursue multiple defendants simultaneously, significantly increasing exposure for boards.

Personal Liability for Senior Managers: What Constitutes Failure

The defining feature of the Crime and Policing Act 2026 is the personalisation of criminal liability. Senior managers—defined in the Act as individuals who hold a position within the organisation with responsibility for a significant part of its activities—can now face individual prosecution for "failures to prevent crime."

A "senior manager" includes chief executive officers, finance directors, managing directors, and heads of significant business units or functions. Critically, the definition extends beyond traditional board roles and captures individuals managing substantive operational areas. This means compliance directors, head of legal, heads of regional operations, and senior business division leaders could all fall within scope.

The Crown Prosecution Service's recent guidance (updated May 2026) clarifies that prosecutors must demonstrate three key elements:

  • A criminal offence was committed within the organisation, by any person, regardless of seniority
  • The senior manager had responsibility for the area in which the offence occurred
  • The senior manager failed to take reasonable preventative measures that a senior manager in that position ought to have taken

The third element—"reasonable preventative measures"—operates as a defence, but the burden falls heavily on defendants to demonstrate they acted with reasonable diligence. This is not a "strict liability" offence in the absolute sense; rather, it places the evidential burden on senior managers to prove they implemented proportionate compliance and prevention frameworks.

In practice, this means board-level executives and senior managers must be able to demonstrate:

  1. Documented evidence of compliance policies and procedures
  2. Regular board-level oversight and risk monitoring
  3. Training and communication of anti-crime standards to employees
  4. Effective investigation and remediation of reported breaches
  5. Proportionate consequences for misconduct
  6. Engagement with regulatory bodies and professional standards

The burden of proof remains "beyond reasonable doubt"—the standard criminal threshold—but the evidential starting point is now shifted. Senior managers are expected to hold comprehensive, demonstrable compliance infrastructure, with specific focus on their areas of responsibility.

Sector-Specific Implications: Financial Services, Construction, and Healthcare

The impact of the Crime and Policing Act 2026 is not uniform across sectors. Regulated industries—particularly financial services, pharmaceuticals, and construction—face heightened scrutiny, given existing regulatory frameworks under the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), and Health and Safety Executive (HSE).

Financial Services and Fraud Prevention

For FTSE banks and financial institutions, the Act represents a significant escalation of individual accountability. The FCA has already signalled—in its May 2026 feedback statement—that it will work closely with the CPS and SFO to pursue senior managers involved in fraud, market abuse, and anti-money laundering (AML) failures. Banks with AML control failures, particularly following the Financial Conduct Authority's enforcement actions against major UK lenders in 2024-2025, should expect heightened scrutiny of senior management decision-making around compliance investment and oversight.

The Senior Managers Regime (SMR), which already held individual accountability for certain senior bankers, is now reinforced by the Crime and Policing Act's broader framework. The new Act extends beyond SMR-regulated firms and applies across all corporate entities.

Construction and Health and Safety

The construction sector has witnessed increasing criminal liability since the Health and Safety at Work etc. Act 1974, refined by the Work at Height Regulations and recent Case Law extending HSE prosecutions. The Crime and Policing Act 2026 now adds explicit criminal liability for senior managers overseeing construction operations where safety breaches occur.

For firms undertaking major infrastructure projects—including the Northern Powerhouse Rail (NPR) schemes, HS2 construction, and regional regeneration programmes—senior project directors and operations managers face direct personal criminal exposure if site safety failures result in prosecution.

Healthcare and Pharmaceutical Manufacturing

NHS trusts, private healthcare providers, and pharmaceutical manufacturers must now demonstrate robust quality assurance frameworks under the new regime. Healthcare CEOs and chief medical officers overseeing clinical governance can face prosecution for systemic failures in patient safety or medicine quality, even absent direct knowledge of specific breaches.

Practical Compliance Steps: Building Defensible Frameworks

From 29 June onwards, boards must implement demonstrable compliance infrastructure. The following steps are essential:

1. Board-Level Governance and Oversight

Establish a board-level compliance and risk committee with explicit oversight of crime prevention. This committee should receive monthly (minimum quarterly) reporting on:

  • Fraud detection and prevention metrics
  • Regulatory breaches and remediation status
  • Whistleblowing complaints and investigation outcomes
  • Third-party and supplier compliance audits
  • Employee training completion rates and assessment results

Document all discussions, decisions, and dissenting views. In the event of prosecution, board minutes demonstrating active oversight of crime prevention will be the primary evidence distinguishing reasonable precaution from negligence.

2. Detailed Role-Based Responsibility Mapping

Create explicit documentation of which senior managers hold responsibility for which functions. This should be signed off by the CEO and company secretary, updated annually, and communicated to all stakeholders. A senior manager in the finance function cannot later claim they were unaware of anti-fraud responsibilities within their remit.

3. Comprehensive Compliance Policy Framework

Implement documented policies covering:

  • Anti-fraud and financial controls (including segregation of duties, approval hierarchies)
  • Bribery Act 2010 and UK Export Control Act compliance
  • Anti-money laundering (AML) and Know Your Customer (KYC) procedures
  • Health and safety protocols (including incident reporting and investigation)
  • Data protection and Information Commissioner's Office (ICO) compliance
  • Whistleblowing procedures and confidentiality protections
  • Third-party due diligence and ongoing monitoring
  • Sanctions and export control compliance

Policies must be accessible, regularly reviewed (at least annually), and updated to reflect operational changes.

4. Mandatory Training and Competency Verification

Implement role-specific training for all employees, with mandatory refresher cycles. For senior managers and board members, annual training on crime prevention obligations under the new Act is now essential. Document training completion and post-training assessment scores. Training should cover:

  • Sector-specific regulatory requirements
  • Company-specific policies and procedures
  • Individual accountability under the Crime and Policing Act
  • Escalation and reporting procedures
  • Consequences of failure to prevent crime

5. Third-Party Due Diligence and Monitoring

Extend compliance obligations to suppliers, contractors, agents, and business partners. The Act does not explicitly extend to third-party liability as of June 2026, but prosecutors will examine whether organisations took reasonable precautions to prevent crimes committed by representatives. Implement:

  • Pre-engagement due diligence on all material third parties
  • Contractual compliance clauses with audit rights
  • Periodic reassessment of high-risk third parties
  • Clear escalation procedures for identified compliance risks

6. Effective Investigation and Remediation

Where compliance breaches are identified, demonstrate swift, independent investigation and meaningful remediation. The strength of an organisation's response to a detected breach becomes evidence of whether reasonable precautions were in place. Weak investigation processes or failure to escalate serious breaches can itself constitute evidence of systemic failure to prevent crime.

Senior Manager Insurance and Personal Indemnification

Many senior managers are now seeking enhanced directors' and officers' liability insurance (D&O). However, D&O policies typically exclude intentional criminal conduct, fraud, and dishonesty. Coverage under Crime and Policing Act prosecutions remains legally uncertain, as policies predate the Act's passage.

Senior managers should review their existing D&O policies immediately to clarify whether crime prevention failure scenarios are covered. The cost of D&O insurance is expected to increase 20-40% for regulated industries as insurers reassess risk.

Additionally, indemnification arrangements (where companies agree to cover senior managers' legal costs) are increasingly scrutinised by prosecutors as evidence of improper incentives or accountability structures. Boards should seek specialist legal advice before implementing bespoke indemnification arrangements.

Enforcement Outlook: Early Signals from Prosecuting Authorities

The Serious Fraud Office (SFO) and Crown Prosecution Service have published preliminary enforcement priorities for the new Act:

High Priority Targets:

  • Large-scale fraud involving senior management involvement or oversight failure (target: cases >£5m)
  • Bribery and corruption involving overseas public officials or breaches of the Bribery Act 2010
  • Healthcare and pharmaceutical quality failures affecting patient safety
  • Major construction or infrastructure safety breaches
  • Systematic anti-money laundering or sanctions breaches

Lower Priority (initially):

  • Minor or isolated employee misconduct without evidence of systemic failure
  • Highly technical regulatory breaches with minimal financial or safety impact

The SFO has also signalled closer coordination with sector regulators (FCA, PRA, ICO, HSE) to identify cases for prosecution. This regulatory-criminal coordination is unprecedented and represents a genuine escalation in enforcement intensity.

Regional Considerations: Scottish and Northern Irish Variations

The Crime and Policing Act 2026 applies throughout the United Kingdom, but Scotland and Northern Ireland have distinct criminal law systems with some procedural variations.

Scotland: Crown Office and Procurator Fiscal Service (COPFS) will prosecute senior manager liability cases in Scottish firms. The test is substantively identical to England and Wales, but Scots law recognises some distinct defence frameworks. Scottish firms should ensure boards understand Scottish-specific regulatory bodies (Financial Conduct Authority still applies; however, local regulatory relationships may differ).

Northern Ireland: Public Prosecution Service for Northern Ireland (PPS) handles prosecutions. The Act applies equally, but firms operating across both the UK and Republic of Ireland should note that the Republic has different corporate liability frameworks (see Irish Statute Book for cross-border considerations).

Forward-Looking Analysis: Post-June 2026 Landscape

The Crime and Policing Act 2026 represents a watershed moment in UK corporate accountability. Several implications merit consideration as the implementation date approaches:

Increased Board Turnover and Risk-Aversion: Senior managers facing personal criminal liability may reconsider executive appointments. Boards may see increased demand for compliance backgrounds in senior finance and operations roles. Risk appetite across UK corporates is likely to decrease, potentially slowing M&A activity and investment decisions as boards become more cautious about inherited compliance liabilities.

Increased Cost of Governance: Compliance infrastructure—legal, audit, and investigation resources—will become more expensive. Smaller publicly listed firms and mid-cap companies may struggle to absorb these costs. Expect consolidation in smaller listed companies as governance burdens increase.

Regulatory Coordination and Enforcement Intensity: The SFO, CPS, and sector regulators are entering an unprecedented coordination phase. Expect a significant rise in corporate prosecutions from 2026 onwards, particularly in financial services and construction. Early test cases will emerge by Q4 2026, providing guidance on prosecutorial interpretation of the Act's ambiguous provisions.

International Implications: UK firms operating internationally will face questions about whether Crime and Policing Act standards should be extended to overseas operations. Major multinationals with UK headquarters (e.g., HSBC, Unilever, BP) may face pressure to implement global crime prevention standards aligned with UK Act requirements, even where not legally mandated overseas.

Professional Indemnity and Insurance: Expect rapid evolution in professional indemnity insurance products tailored to the new regime. Legal, audit, and governance advisory firms will market specialist crime prevention services. Insurance premiums across sectors are likely to rise materially.

The Crime and Policing Act 2026 is not merely a legislative technicality; it is a fundamental recalibration of personal accountability for senior executives. With just over a month until implementation, boards must act decisively to implement demonstrable, documented compliance frameworks. The cost of inaction—personal criminal prosecution, imprisonment, and reputational destruction—far outweighs the investment required in governance infrastructure.

For FTSE-listed firms and substantial private enterprises, external legal and compliance counsel should be engaged immediately to conduct Crime and Policing Act compliance audits. The window for demonstrating reasonable precautions closes on 29 June 2026.

Key Resources and Further Reading