Open navigation
  • People
Search
Search
  • People

Overhaul of the Corporate Criminal Liability Regime in UK: Relevance for Indian Companies

16 Jul 2026 India 9 min read

Authors

A. Introduction

On April 29, 2026, the Crime and Policing Act, 2026 (“CAPA”) received Royal Assent, heralding one of the most significant overhauls of corporate criminal liability in the UK in decades. With its enactment, CAPA introduces a new statutory route to corporate criminal liability that operates alongside the long-standing Doctrine of Identification (“Doctrine”),  (which is widely used to attribute the criminal liability to organizations for offences committed by their senior manager), applicable to organizations operating in the UK or those having connections with the UK. Section 250 of CAPA, being the operative provision discussed in this article, came into force on June 29, 2026. But the story begins earlier. In 2023, the Doctrine was given concrete statutory form with the implementation of the Economic Crime and Corporate Transparency Act, 2023 (“Economic Crime Act”) which attributed the economic offences committed by the senior manager to its organization. 

Yet the Economic Crime Act told only part of the story. Confined to specific economic crimes, it left other offences frustratingly difficult to prosecute in the UK. To fill this gap, CAPA stepped in to expand the scope of criminal liability beyond economic crime to encompass all offences including areas such as environment, cyber security, data protection, harassment, health and safety. In effect, any offence committed by a “senior manager” will make the organization equally liable for such offence. 

That said, until the provisions of CAPA are tested before courts and authorities, the precise scope of criminal offences and the senior managers’ criminal liability remains uncertain.

Against this backdrop, we have put together our thoughts on the provisions of CAPA and the key implications and considerations for Indian companies operating in the UK or having connections with the UK.

B. Background

1. Legislation on Corporate Liability for Financial Crimes

To ensure that large institutions are not spared from criminal liability merely because of decentralised management, the UK Government in 2023 brought into force the Economic Crime Act. Sections 196 to 198 of the Economic Crime Act expanded the scope of criminal liability of corporates by introducing an expansive definition of “senior manager”. The effect was that where a senior manager, acting within the “actual or apparent scope of authority”, commits a relevant offence, the corporate is also guilty of such offence.

A senior manager under the Economic Crime Act includes an individual who exercises significant decision making authority for a substantial part of the organisation or who has managerial control over a substantial part of the organization’s activities. This is a deliberately expansive definition which goes beyond the “directing mind and will” threshold. This indicates a shift towards a functional approach in corporate criminal liability situations, ensuring the liability is determined by substance over form, such that a title or designation has no relevance in establishing liability. 

2. Limitation of the Economic Crime Act: A Need for Reform

However, while the intent of the legislation was sound, the Economic Crime Act had its own limitations: it attributed criminal liability only in respect of specified “economic crimes” including money laundering, fraud, false accounting, forgery and counterfeiting.

Additionally, Section 199 of the Economic Crime Act introduced a separate and distinct corporate offence of “failure to prevent fraud,” applicable only to large organisations. Under this offence, an organisation is criminally liable if a person associated with it commits a specified fraud offence intending to benefit the organisation, unless the organisation can demonstrate it had reasonable fraud prevention procedures in place at the relevant time.

C. CAPA− Enhanced Corporate Criminal Liability

1. Expansion of the Scope of Liability

While CAPA neither affects the Doctrine nor amends the definition of senior manager under the Economic Crime Act, it significantly expands the scope of offences for which the corporates could be held liable. Section 250 of CAPA repealed and replaced Sections 196 - 198 of the Economic Crime Act thereby extending the regime to “all criminal offences”, not merely the economic offences enumerated in the Economic Crime Act. Effectively, where a senior manager, acting within the actual or apparent scope of their authority, commits “any offence”, the organization also commits that offence.

As an illustration: An individual is entrusted with managing environmental compliances within an organization. While acting within their actual or apparent authority, they knowingly authorise the harmful discharge of untreated industrial effluents into the environment. This offence will be directly attributed to the organization.

2. Exception to the Applicability of Criminal Liability

Section 250(2) of CAPA provides a circumstance in which an organization will not be held liable for an offence committed by its senior manager provided both of the following conditions are satisfied together:

  1. entirety of the conduct constituting the offence occurs outside the United Kingdom, and
  2. the organisation would not have commit the offence had the conduct been attributed to the organisation, rather than the senior manager.

This is an extra-territorial exclusion where an offence is committed by a senior manager outside the UK, and that offence would not amount to an offence in the UK if committed by the organization itself, then the organization may rely on this statutory defence against prosecution.  

3. No Defence of Adequate Measures

Unlike the “failure to prevent fraud” offence under Section 199 of the Economic Crime Act, which provided a defence to large organisations that had reasonable fraud prevention procedures in place, CAPA does not provide a reasonable or adequate measures defence to corporates. Simply put, attribution of criminal liability under Section 250 of CAPA is a matter of law, and corporates cannot escape such liability despite having a sophisticated compliance framework in place.

In practice, however, prosecutors will still assess the liability on a case by case basis, and the extent of an organisation’s effort to prevent such misconduct may operate as a mitigating factor in charging and sentencing decisions.

D. Key Implications and Considerations for Indian Companies

The impact of CAPA is not just confined to the organizations incorporated in the UK but also extends to: (a) their affiliates, group companies or subsidiaries operating in India; and (b)Indian companies operating through their affiliates, group companies or subsidiaries in the UK (together, “Indian companies”). Any Indian company with a UK connection now carries a real risk of criminal liability and cannot afford to look the other way. 

With Section 250 now in force, the following steps are worth prioritising for Indian companies without delay:

  1. Mapping and Identification of “Senior Manager Roles”:  Titles and designations do not matter under CAPA, what counts is the substantial role a person actually plays. Indian companies should take a fresh look at who falls within CAPA's definition of a "senior manager" and map those individuals clearly, focusing on actual decision-making authority and managerial control rather than formal job titles or reporting lines.
  2. Revision and Policy Update: Existing codes of conduct and internal procedures should be broadened to cover non-economic offences − from environmental violations to data breaches and should make clear that consequences can include termination. Importantly, these policies should be communicated widely and displayed prominently at conspicuous places, so employees at all levels are actually aware of them.
  3. Risk Assessment and Audit: CAPA now covers a wide range of offences that companies have not historically had to worry about offences such as environmental harm, cybersecurity and data protection, workplace harassment, and health and safety. Indian companies should conduct a self-assessment of their risk exposure across all relevant operational areas, in advance of any regulatory scrutiny.
  4. Re-Building Detection and Prevention Mechanisms: With the removal of the “reasonable or adequate measures” defence under CAPA, it is no longer sufficient for Indian companies to rely on the existence of a compliance framework on paper as a safeguard. The emphasis must shift towards building robust mechanisms that actively detect and deter criminal conduct by senior managers before it occurs.
  5. Additional Organisational Measures: Indian companies should implement targeted training programs for senior managers to ensure a genuine understanding of the expanded liability regime under CAPA. Alongside this, organisations should foster a culture of early internal reporting, where employees at all levels feel safe to raise concerns without fear of retaliation. Finally, a clear and accessible complaints platform should be instituted to ensure that potential misconduct is effectively raised internally before it attracts external scrutiny or enforcement action.

The precise boundaries of CAPA will no doubt be tested in the courts over time. However, pending judicial interpretation should not deter organisations from taking proactive steps to strengthen their governance and compliance frameworks, particularly now that Section 250 is in force. For Indian companies with a UK nexus, CAPA represents a significant expansion of potential corporate criminal liability. 

Organisations should identify individuals who may qualify as "senior managers", review and update their internal policies and procedures, and strengthen mechanisms for preventing, detecting, and reporting misconduct. Taking these measures on priority will place organisations in a stronger position to mitigate legal, regulatory, and reputational risks arising under CAPA.


This alert is for information purposes only. Nothing contained herein is, purports to be, or is intended as legal advice and you should seek legal advice before you act on any information or view expressed herein. Although we have endeavored to accurately reflect the subject matter of this alert, we make no representation or warranty, express or implied, in any manner whatsoever in connection with the contents of this alert. No recipient of this alert should construe this alert as an attempt to solicit business in any manner whatsoever.

Back to top Back to top
Opens in new window