Corporate crime and the senior manager test

Some of the best discoveries are made through errors: Alexander Fleming, as everyone knows, discovered penicillin having neglected his Petri dish! So, it was a delight to read in the Crime and Policing Bill 2025 the proposal to make organisations criminally liable for any offence committed by a senior manager while acting within the actual or apparent scope of their authority (the ‘senior manager test’). 

Various commentators have pointed out the unfairness (even absurdities) that could arise by not including an ‘intending to benefit the organisation’ provision. What if the senior manager were acting purely in their personal interest, where the organisation received no benefit? Indeed, what if the organisation were the victim of the senior manager’s crime? What about offences such as dangerous driving (committed by a senior manager during the course of employment)? It would be absurd for a company to be convicted of dangerous driving, would it not?

In fact, an organisation would be very unlikely to be pursued (successfully) for dangerous driving – courts have repeatedly held that offences requiring physical acts such as driving, assault, or sexual offences, by their nature can only be committed by natural persons – although there would be some risk here, unless the drafting is clarified. More to the point, by tugging on the threads of legal principle, it becomes apparent that we gave up on coherence some time ago.

And if incoherence (and unfairness) are no longer bars, why not look through the other end of the telescope? Why not follow the wording, and the logic, to its natural conclusion, and explore the merits of a more inclusive approach to corporate criminal liability?

Why corporate criminal liability?

Limited exceptions aside, it was only from the 1940s that courts found a way to hold corporates criminally liable. Previously, the generally accepted position was that a corporation was not indictable but the particular members of it were; and so notorious was the irresponsibility of corporations that Lord Thurlow, Lord Chancellor late in the eighteenth century, was credited with asking: ‘Did you ever expect a corporation to have a conscience when it has no soul to be damned, and no body to be kicked?’

The difficulty in holding corporates criminally liable is that many criminal offences require a ‘guilty intent’; and how can a corporation have such an intent? The solution, found in the context of the civil law of tort, was most famously explicated by Viscount Haldane LC in the House of Lords case of Lennard’s Carrying Co, Ltd v Asiatic Petroleum Co. Ltd [1915]: ‘A corporation is an abstraction. It has no mind of its own any more than it has a body of its own; its active and directing will must consequently be sought in the person of somebody who for some purposes may be called an agent, but who is really the directing mind and will of the corporation, the very ego and centre of the personality of the corporation.’

In the criminal context, the identification (or directing mind) principle, as it came to be known, requires the prosecution to first establish that an individual who was a ‘directing mind’ of the company (typically a director) committed the offence by proving each element of the offence against him, although not necessarily actually prosecuting him. His guilt is then attributed to the company without the need to prove anything further against the company. 

Particularly in the criminal context, the identification principle has always courted controversy. Glanville Williams thought it ‘little more than a crude personification of the group’ and queried the justification of fining corporations, effectively the shareholders, for conduct which they might well not have approved or even been aware i.e. of which they were innocent. Williams was also sceptical of the theory that shareholders would thereby be moved (or be in a position) to take steps to address the offending by the individuals concerned. In any event, he thought it ‘curious reasoning that an innocent person may properly be punished in order to compel him to do something that the law could, if it wished, do directly’.

The identification principle has been construed narrowly by the courts on the principle that the company must have been shown to have committed the crime itself, not a servant or agent acting on its behalf. As Lord Morris said (in Tesco v Nattrass): ‘In general, criminal liability only results from personal fault. We do not punish people in criminal courts for the misdeeds of others.’

Since the 19^th century, however (and proliferating rapidly during the 20^th century), there has also been another major route to corporate criminal liability: the ‘strict liability’ offence. Historically treated much less seriously than ‘mens rea’ offences, and often found in the fields of consumer protection and public health, strict liability offences do not require proof of any mental element, such as criminal intent. They do often include a statutory defence, such as having exercised all reasonable due diligence. The justification for such offences is that the most effective method of deterrence is to place upon the employer the responsibility of doing everything within its power to prevent employees from committing an offence.

However (Lord Diplock in Tesco v Nattrass) ‘this rational and moral justification does not extend to penalising an employer or principal who has done everything that he can reasonably be expected to do’.

A better world?

Since the mid to late 1990s there has been a trend towards corporate criminal liability. This includes an exponential increase in fines for offending companies, including fines for regulatory offences that do not require criminal intent (and were once considered much less serious). 

Fines for water companies for pollution incidents, for example, have over the past few decades increased from typical amounts in the tens of thousands to tens of millions in the most serious cases (intent is considered in the sentencing exercise). Fines for health and safety cases have likewise increased dramatically, with multimillion pound fines now being handed down routinely even for organisations with well-developed safety systems.

Then there has been the introduction of the ‘failure to prevent’ model. This applies regulatory principles to economic crimes. Applying to bribery, facilitation of tax evasion, and now fraud offences (for ‘large’ organisations), in broad terms the approach is to make commercial organisations ‘strictly liable’ for the wrongdoing of persons providing services on their behalf, unless the organisation can prove that it had in place ‘reasonable procedures’ designed to prevent the offending. The FTP fraud offence includes an intent to benefit the organisation provision and there is something similar in the FTP bribery offence (though not FTP the facilitation of tax evasion). 

So, now, not only must organisations (if they wish to have a defence) implement effective systems to avoid inadvertent harms arising during the conduct of their operations (pollutions, safety risks, etc.), they must have effective systems to prevent individuals providing services on their behalf from deliberately committing criminal offences. Only if they have reasonable procedures in place to prevent such harms will they have a defence. Which brings us to the ‘senior manager test’.

The ‘senior manager test’

The relevant section in the Crime and Policing Bill 2025 is in the same terms as section 196 of the Economic Crime and Corporate Transparency Act 2023, which made organisations criminally liable for specified economic crimes committed by ‘senior managers’ within the scope of their authority. ‘Senior manager’ is so broadly defined as to potentially include department heads, for example. 

For those economic crimes covered by the FTP model such organisations will already be liable for wrongdoing by senior managers via the relevant FTP offence. The key difference, of course, being that liability via the senior manager test does not have a reasonable procedures defence. Even organisations with reasonable procedures designed to prevent wrongdoing may be liable for wrongdoing by senior managers. 

In reality, however, this anomaly arises only in theory: the chances of an organisation being able to rely on a reasonable procedures defence when there has been wrongdoing by a senior manager are slim. The real point is that the senior manager test removes any pretence that the organisation is being found liable for its own culpable failings i.e. for failing to prevent someone else’s wrongdoing: this is simple vicarious liability for wrongdoing by a ‘senior manager’.

Arguments as to why organisations should be held liable for wrongdoing by senior managers include that it is fair to assume that conduct of a senior manager reflects corporate policy or decision-making. The counter-argument is that it is not fair to assume for the purpose of criminal liability and that the conduct may be of a rogue individual (potentially a mere department head) which has nothing to do with or is even starkly contrary to corporate policy or decision-making by the board of directors. 

Another argument was that the senior manager test closes the gap between liability for large and small companies – which is to ignore the principled justification for the identification doctrine and preference equality of outcome. This idea is allied to the notion that large companies were somehow ‘getting away with it’ – either because law enforcement couldn’t find the evidence to implicate directing minds (erm, evidence is quite important!) or because there was a feeling that it was really the company which was to blame.

This latter idea is fundamental. We have grown used to thinking of companies as having cultures, personalities of their own, which somehow has moral agency independent of its mere employees or other agents. X plc is the epitome of corporate greed. Y Inc is evil. (Somehow such generalisation with corporates is fair game.) And, so, if wrongdoing occurs, we can assume (again) that this wrongdoing reflects the organisation’s procedures, processes and culture.  

Finding a culpable individual is secondary, and maybe even misses the point. Even good people may be corrupted by the corporate culture: what we must do is hit the corporate where it hurts and remove its incentive to work against the public interest: we must put a cost on unethical corporate behaviours. So, the precise method of holding corporates criminally liable is besides the point; what matters is making it easier to prosecute organisations. Hence the senior manager test.

Irony

There is an irony to the ‘corporate personality’ approach: it was rejected by the Law Commission and has not been adopted in legislation. We do not have, as the Australians do, a method of attributing the offence using the corporation’s culture (for example, by proving that a corporate culture existed that directed, encouraged or tolerated or led to compliance with a relevant provision). Nevertheless, this is exactly the approach adopted by the courts.

For environmental or safety breaches, or in the context of FTP offences, with the benefit of hindsight, there will almost inevitably be red flags that were missed, controls that proved ineffective, measures that could have been implemented but were not. The reason for such failures will involve interesting questions about how humans think and make decisions, about group behaviours, and about the role of leadership. The criminal justice system however is neither equipped to nor interested in answering these questions. Instead, in all but the most exceptional cases, you can expect principles of ‘strict liability’ to be applied alongside largely unexamined notions of corporate culture. And corporates would run that risk even if they put their case to a jury through the prosecution’s framing of the case and the judge’s directions.

The Airbus deferred prosecution agreement (in relation to FTP bribery offences) is a good example. Airbus implemented an award-winning anti-bribery compliance programme. Dishonest individuals (mostly outside the company) used sophisticated methods including the creation of false documentation to deliberately circumvent procedures. Some might have turned a blind eye. After a period, the company spotted issues, stopped payments, and strengthened the systems. The outcome was that the company was penalised €991 million in the UK alone because ‘there existed a corporate culture which permitted bribery’, while the allegedly guilty individuals walked away scot-free. (The deterrence value of such an approach is uncertain!)

Where now?

We do not hold organisations criminally liable for offences such as dangerous driving, or sexual offences, because we cannot imagine an organisation committing such an offence (or at least must admit that it would be absurd to do so) – while the paying of bribes, or the making of false representations, or committing competition law violations also require physical acts, they are exactly the kinds of offences that we can imagine organisations committing. 

In part this is because we imagine corporate policies, systems, shadowy committees – a corporate culture – which contributes to such conduct and thereby justifies liability. This the assumption, once again, that the established culpability of one individual implies broader corporate culpability. Dangerous driving or sexual offences, by contrast, do not allow this assumption: they’re traditionally viewed as the acts of individuals acting alone. Unless there were some way to turn this on its head, such as a quixotic plan to make corporates a force for good (backed by criminal sanction).

Curiously enough, in 2018, a crossbench ‘Women and Equalities Commission’ investigated the issue of sexual harassment in the workplace, reporting: ‘Sexual harassment in the workplace is a serious health and safety concern, but we were astonished to find that the Health and Safety Executive (HSE) does not see tackling or investigating it as part of its remit. The HSE told us that there is no specific duty under health and safety legislation regarding sexual harassment, and that law on sexual harassment was for the Equality and Human Rights Commission (EHRC) and the police to enforce.’

Neither this Government nor the last has, so far, attempted to expand the scope of health and safety legislation so that it unambiguously imposes a duty on employers to implement reasonably practicable measures to prevent harassment and sexual violence in the workplace (there has been an unsuccessful private member’s bill with such an intent, while further civil protections were introduced in October 2024), nor to seek to force regulators to investigate and prosecute such potential offences as already exist.

This is now the frontier of the expansion of corporate criminal liability. What harms should we expect organisations to prevent, where failure may justify criminal liability? This is the FTP model being applied to an expanding range of economic crimes (never mind that no organisation in history has been able to prevent individuals from behaving dishonestly for money). This is the senior manager test being applied to any offence committed by a senior manager while acting within the actual or apparent scope of their authority (without even the pretence of a reasonable procedures defence). 

Find a way to get companies in the dock for some of these offences and we will, at least, no longer have to worry about conviction rates.