The legal framework governing the personal liability of directors and senior managers for corporate corruption has undergone a significant transformation in the United Kingdom. Drawing on themes explored at the “Corruption Without Frontiers” seminar held during London International Disputes Week 2026, this article examines the expanding scope of action against directors in the context of bribery, fraud, and economic crime.
The Shifting Statutory Landscape
The past several years have witnessed a marked legislative escalation in the tools available to prosecute directors and senior managers for their involvement in corporate wrongdoing. Three principal statutes now form the backbone of this enforcement architecture: the Bribery Act 2010, the Economic Crime and Corporate Transparency Act 2023 (“ECCTA“), and the Crime and Policing Act 2026 (“CPA 2026“).
The Bribery Act 2010 established a foundational framework for tackling bribery, with particular emphasis on areas of concern such as facilitation payments, corporate hospitality, tendering for public projects, supply chain integrity, and construction documentation. Importantly, both the Bribery Act and ECCTA are designed to be complementary, placing the burden of oversight to avoid corrupt practices directly onto companies and, by extension, onto the individuals who manage them. The stated intention of both statutes is to prevent bribery and fraud rather than merely to punish it upon detection.
ECCTA and the Senior Manager Attribution Test
ECCTA introduced a broader “senior manager” attribution test that significantly widened the circumstances in which an organisation, and its directors, can face criminal liability. Under ECCTA, an organisation can be held criminally liable if a senior manager committed an economic offence while acting within the actual or apparent scope of their authority. The Act also introduced the new strict liability offence of “failure to prevent fraud,” for which the only available defence is demonstrating that the organisation had adequate prevention procedures in place.
ECCTA further mandated identity verification for all company directors, LLP members, and persons with significant control, effective from 18 November 2025. This reflects a broader objective of ensuring that those who hold positions of corporate authority can be identified, traced, and held accountable.
The Crime and Policing Act 2026: A New Threshold
The CPA 2026, coming into force on 29 June 2026, represents perhaps the most consequential development for directors and senior managers. The Act significantly broadens the circumstances in which companies, LLPs, and other organisations can be prosecuted for criminal offences committed by individuals within their management structures. Its focus on senior managers is twofold: first, it establishes a lower threshold for attributing criminal conduct to the company itself; and second, it extends liability to conduct occurring within a senior manager’s “apparent” authority, not merely their actual authority.
A critical distinction compared to both the Bribery Act 2010 and ECCTA is that the CPA 2026 provides no statutory defence for organisations based on reasonable or adequate procedures. This represents a fundamental shift: whereas a company could previously shield itself by demonstrating robust compliance frameworks, under the CPA 2026, there is no procedural safe harbour. As Dame Diana Johnson, Minister for Policing and Crime Prevention, stated during the parliamentary debate on the Bill, it “will ensure that businesses cannot continue to avoid liability where senior management have clearly used the business to facilitate or conduct crime“.
Directors Are Not Shielded by Corporate Prosecution
A guiding principle underpinning the current enforcement posture is that prosecution of a corporate entity should never serve as a substitute for the prosecution of criminally culpable individuals. As the relevant guidance makes clear, the full range of criminality must be captured, and this includes directors, senior managers, officers, employees, shareholders, and persons associated with the corporate entity. The prosecution of corporate entities is intended to have a deterrent effect, protect the public, support ethical business practices, and increase confidence in the criminal justice system, but individuals who bear personal culpability must face prosecution in their own right.
The International Dimension
The CPA 2026 is expressly intended to have international reach. Part 17 of the Act addresses international law enforcement data-sharing agreements, and Section 246 deals with extradition. Section 250(3) defines “body corporate” to include a body incorporated outside the United Kingdom, and “partnership” to include firms formed under the law of a country or territory outside the United Kingdom. This means that directors of overseas entities with a UK nexus may find themselves within the reach of UK criminal enforcement.
There are, however, limits on scope. Under Section 250(2), an organisation does not commit an offence if all of the conduct constituting the offence occurs outside the United Kingdom and the organisation would not commit the offence if that conduct were its own rather than the senior manager’s. In practice, however, the threshold for establishing some UK-connected conduct is relatively low, as illustrated by examples involving foreign subsidiaries of UK companies or foreign employees engaged by UK firms.
Institutional Enforcement and Companies House
The enforcement architecture is being reinforced at an institutional level. Companies House has significantly increased its headcount to 1,861 staff as of 31 March 2025, adding 552 employees compared to the previous year, with a major focus on investigation and enforcement, and staff costs increasing by £14 million to £88.8 million in 2024–25. The ECCTA marked the most significant reform of Companies House’s role in 180 years, with the Registrar’s objectives now explicitly including ensuring that records do not create a false or misleading impression and preventing companies from carrying out or facilitating unlawful activities.
Personal Exposure in the Context of Parallel Proceedings
Directors facing allegations of corruption frequently find themselves at the centre of multiple parallel proceedings: arbitration, internal investigations, regulatory engagement, and personal criminal exposure. This is not experienced as separate processes but rather as one cross-border crisis requiring a coherent strategy. The risk of diverging narratives across forums, loss of privilege, and uncoordinated disclosure can dramatically increase a director’s personal exposure.
Corporate criminal exposure has shifted such that commercial disputes can quickly become criminal risk. At the outset, practitioners must ask whether there is a UK jurisdictional hook and whether the circumstances could trigger organisational, and therefore personal liability. The SFO’s Section 2 powers under the Criminal Justice Act 1987 allow for compulsory production of documents and information, with criminal sanctions for non-compliance, introducing compulsion that can override strategic disclosure and lead to a loss of control over the narrative.
Proactive Measures for Directors
Given this landscape, directors and senior managers of international corporates must take proactive steps to manage their exposure. These include knowing who the senior managers are within the organisation, being curious about what their teams are doing, and having checks and balances in place. Robust internal reporting and whistleblowing mechanisms are essential, as are reasonable fraud prevention procedures, fraud risk assessments, and adherence to the six guiding principles underlying both the Bribery Act 2010 and ECCTA. Directors must assess UK exposure, audit the corporate structure, and recognise that compliance with one piece of legislation does not absolve a company from compliance with other relevant statutes. Above all, the imperative is to act early and obtain legal advice to prevent prosecutions, fines, sentencing, and reputational damage.
Conclusion
The trajectory of UK law is unmistakable: directors and senior managers will face increasing personal accountability for corporate corruption. The combination of ECCTA’s broadened attribution test, the CPA 2026’s removal of procedural defences, expanded extraterritorial reach, and the institutional strengthening of enforcement bodies means that the era of corporate liability as a shield for individual wrongdoing is drawing to a close. For directors operating in an international context, understanding and proactively managing this risk is no longer optional; it is a matter of professional survival.
