What should businesses do now?
Although demonstrating that procedures are in place to prevent offences is not a formal defence under the CPA 2026, it is still important to assess the risks and identify policies and procedures that can help to mitigate these risks at both an individual and an organisational level.
Organisations should start by:
- identifying individuals within the business who may meet the definition of a senior manager and ensuring they are fully aware of their roles and responsibilities;
- examining how authority is delegated within teams and units, as well as assessing the effectiveness and clarity of reporting and governance structures;
- reviewing whether any policies, procedures and compliance frameworks established under ECCTA can be extended or applied to other kinds of offences, beyond economic crime;
- updating training for all senior managers, covering the new threshold and how this impacts their role, as well as highlighting relevant company policies;
- reviewing and strengthening internal reporting procedures, such as whistleblowing policies, internal investigations, and record-keeping.
Under the CPA 2026, organisations could face liability even if a senior manager exceeded their actual or apparent authority, or breached internal policies and procedures, when committing the offence.
Nevertheless, clear and comprehensive training, record-keeping, documentation and due diligence remain crucial to reducing the risk of illegal activity by individuals within the organisation. They may also help to reduce the severity of sentencing where an organisation is found criminally liable, which could include an unlimited fine in the most serious cases.
Proactivity is the key to meeting these challenges. Our regulatory specialists can help organisations to assess their risk profile, identify individuals who may fall under the definition of a ‘senior manager’ and examine current policies and procedures to ensure they effectively manage the new risks introduced by the CPA 2026.