Corporate Criminal Liability: New Risks for UK Private Fund Managers

In a recent alert, “The UK’s Failure to Prevent Fraud Offence: Private Fund Managers, Portfolio Companies, and Placement Agents,” we discussed the impact of the new offence of a “failure to prevent fraud” (FTPF) set out in the Economic Crime and Corporate Transparency Act 2023 (ECCTA) on private fund managers (Managers).

The Crime and Policing Act 2026 (CPA), which comes into force on 29 June 2026, will likely have a more significant impact through its expansion of criminal liability of a body corporate or partnership (Organisation) in the UK.

For Managers who took steps to address the advent of the FTPF offence, the steps necessary to address the extended liability in the CPA should not be overly burdensome. The principles are similar to those that apply to Managers under the senior manager and certification regime (SMCR) administered by the Financial Conduct Authority (FCA), and the CPA will be relevant to conduct governed by the FCA Financial Crime Guide. As was the case with ECCTA, Managers will need to show that they are aware of and have considered the impact of the CPA provisions.

Managers will also have to consider the impact of the extended liability on existing and intended fund investments, including investments in portfolio companies, with the larger and more complex UK portfolio companies requiring particular scrutiny. As ever, even if the likelihood of a criminal conviction is low, the economic and reputational impact will be high.

What is the Scope of the CPA Changes?

Under the CPA, an Organisation will be liable for any criminal offence which a “senior manager” commits when acting within the actual or apparent scope of their authority. This will potentially expose Organisations to criminal prosecution in circumstances where liability would not previously have arisen.

The CPA builds on ECCTA, which introduced a statutory offence of corporate liability which applied where a “senior manager” committed an economic crime offence whilst acting within the actual or apparent scope of their authority. As a result of ECCTA, it was no longer necessary to rely on the common law test of whether an offence has been committed by the “directing mind and will” of an Organisation.

How Will the New Attribution Rule Work?

The CPA introduces a new basis for attributing criminal liability to Organisations. This new attribution rule does not replace the common law doctrine but provides an alternative route to corporate liability. Where a senior manager commits any criminal offence while acting within the actual or apparent scope of their authority, the legislation provides that the Organisation also commits the offence.

There is no requirement for the prosecution to demonstrate that the Organisation authorised, encouraged, or was aware of the conduct in question; rather, the act must be the type of act that the senior manager was generally authorised to take or which would ordinarily be carried out by someone in that position.

The Explanatory Notes to the Crime and Policing Bill (the Explanatory Notes) give the example of a chief financial officer (CFO) who commits fraud by deliberately making false statements about a company’s financial position. In that scenario, the company would be liable for the offence, as the act of making statements regarding the company’s financial position is something that would generally be within the scope of a CFO’s authority.

Who is a Senior Manager?

A key question for a Manager and an investee Organisation will be who falls within the definition of a senior manager. The CPA defines a senior manager as an individual who plays a significant role in:

• making decisions about how the whole, or a substantial part, of the Organisation’s activities are managed or organised; or
• managing or organising the whole, or a substantial part, of those activities.

The definition is broad and may capture not only directors, board members, and senior officers, such as the CFO or chief operating officer, but also individuals below board level who exercise substantial operational or strategic responsibility.

The Explanatory Notes explain, as an example, that individuals in a human resources function would also be included if they are performing a substantial part of the Organisation’s activity. A Manager and investee Organisation should assess which individuals fall within the definition based on the substance of their role rather than job title, remuneration, qualifications, or employment status alone. For a Manager, an individual’s designation as a senior manager function holder under the SMCR should provide a strong indicator, if not demonstrate conclusively, that the individual is a senior manager for CPA purposes.

Are There Any Limitations on Liability?

Yes. An Organisation will not be liable where:

• all of the conduct constituting the offence takes place outside the United Kingdom; and
• the Organisation itself could not have committed the offence had it carried out the relevant conduct directly.

The Explanatory Notes clarify that “criminal liability will not attach to an organisation based and operating overseas for conduct carried out wholly overseas, simply because the senior manager concerned was subject to the UK’s extraterritorial jurisdiction: for instance, because that manager is a British citizen.”

Are There Any Statutory Defences?

The CPA does not provide for any statutory defence. This makes it different from, for example, the offence of FTPF, noted in our earlier FTPF alert, which provides a “reasonable procedures” defence. That said, and depending on the nature, scale, and complexity of its business as discussed further below, it will be prudent for an Organisation to put in place or develop existing procedures that have the effect that the “reasonable procedures” established in the context of the FTPF or prevention of bribery would have. A Manager or the investee Organisation will instead need to seek to establish any defence available in relation to the underlying offence.

Moving Liability Beyond Economic Crimes

The new provisions represent a material shift in the UK’s approach to corporate criminal liability, making it significantly easier for prosecutors to hold Organisations accountable for criminal conduct of senior personnel beyond just economic crimes.

This will now include data protection offences, environmental law offences, health and safety offences, modern slavery offences, and many others. The most significant impact is likely to be on larger businesses, where responsibility for key activities is delegated to individuals or committees below board level. It will also likely have an impact on start-up, growth-stage, and other smaller Organisations, where individuals often perform multiple strategic and operational roles.

Some Practical Implications

For Managers that are subject to the SMCR, the additional steps to address the CPA should not be material. Investee Organisations that are not subject to the SMCR or that did not take steps to address the FTPF will need to identify which individuals fall within the senior manager definition and ensure that governance, compliance, and risk management frameworks are sufficiently robust, taking into consideration the nature, scale, and complexity of the investee Organisation.

Other steps should involve a focus on prevention and early detection of potential criminal conduct to mitigate the legal risk of prosecution so that Managers and investee Organisations can confirm that they have been proactive in seeking to prevent criminal conduct. This may include:

• identifying the types of criminal conduct that may arise in the business;
• reviewing and updating risk assessments and matrices in light of likely conduct identified;
• reviewing and updating investigation and escalation procedures for potential criminal conduct;
• reviewing governance structures and identifying individuals who may fall within the definition of senior manager;
• assessing whether existing compliance frameworks adequately address risks arising from senior manager decision-making;
• updating training programs for senior managers and compliance and other staff who support them; and
• confirming that senior managers and staff who support them understand the broader circumstances in which corporate liability may now arise.

The CPA signals a clear intent to hold Organisations to a higher standard of accountability. Organisations that act promptly to strengthen their governance and compliance frameworks will be better placed to manage the risks arising from this expansion of corporate criminal liability.