For most of legal history, convicting a company of a crime meant proving that its "directing mind" — effectively the board or a very senior controller — was personally culpable. That high bar let large, diffuse organisations escape liability for serious wrongdoing. UK law has now decisively widened the net. Building on the Economic Crime and Corporate Transparency Act, the senior-manager attribution rule makes a company criminally liable when one of its senior managers commits an offence within the scope of their authority. By mid-2026 this reaches across the criminal law.
The old problem: the identification doctrine
Under the traditional "identification doctrine", a company's criminal liability depended on identifying a person who was its "directing mind and will" — and proving that person had the guilty knowledge. In a large organisation, decisions are diffuse, so prosecutors often could not pin culpability high enough.
The senior-manager attribution rule
The reform attributes a senior manager's criminal conduct to the organisation. In essence: if a senior manager, acting within the actual or apparent scope of their authority, commits a relevant offence, the organisation can be criminally liable for it.
- A senior manager commits an offenceacting within their actual/apparent authority
- Their conduct is attributed to the organisationThe organisation is criminally liable
| Identification doctrine (old) | Senior-manager rule (new) | |
|---|---|---|
| Who must be culpable | The "directing mind" (very top) | A senior manager |
| Practical effect on large firms | Often escaped liability | Far easier to hold liable |
| Test | Narrow, near-board level | Functional: significant decision-making role |
Who is a "senior manager"?
This is a functional test, not a matter of job title. It captures people who play a significant role in making decisions about the whole or a substantial part of the organisation's activities, or in actually managing them.
Test the boundary
Decide whether each person is likely a 'senior manager' whose conduct could be attributed to the company.
They make strategic and operational decisions for a substantial part of the company's activities.
Why 2026 matters
ECCTA first applied senior-manager attribution to economic crimes. Subsequent reform extends the principle across the broader criminal law, with the expanded regime taking effect through 2026. Combined with the new failure-to-prevent-fraud offence and an assertive Serious Fraud Office, the message to boards is clear: corporate criminal exposure is materially wider than it was, and governance over senior decision-makers is now a frontline compliance issue.
Where Probitas fits
Wider attribution makes it more important than ever to know — and keep checking — the senior people who can bind the organisation to criminal liability. A Probitas check screens individuals and companies against sanctions, PEP and adverse media sources and surfaces the public record, each finding anchored to its source — supporting diligence on senior managers, directors and key counterparties. Governance and controls remain the organisation's own.
The
What changed about UK corporate criminal liability?
The law moved away from requiring proof that a company's very top "directing mind" was culpable. Under the senior-manager attribution rule, a company can be criminally liable when a senior manager commits an offence within the scope of their authority — making large organisations far easier to hold responsible.
Who counts as a "senior manager"?
It is a functional test, not about job titles. A senior manager is someone who plays a significant role in making decisions about, or actually managing, the whole or a substantial part of the organisation's activities.
How does this relate to ECCTA?
The Economic Crime and Corporate Transparency Act first introduced senior-manager attribution for economic crimes. Subsequent reform extends the principle across the broader criminal law, with the wider regime taking effect through 2026.
Is this the same as failure to prevent fraud?
No, they are complementary. Failure to prevent fraud is a standalone offence with a reasonable-procedures defence. Senior-manager attribution is a route to making the company liable for offences its senior managers commit. Together they significantly widen corporate exposure.
What should organisations do in response?
Map who genuinely holds significant decision-making authority, strengthen governance and oversight of those people, maintain robust compliance and prevention procedures, and conduct proper due diligence on senior managers and key counterparties.
Sources
This guide is written from primary sources. Each is linked below; claims in the text link to the specific reference they rely on.