Recent high-profile criminal convictions from McKinsey, Volkswagen, FTX, and the US opioid scandal are a stark wake-up call that prison sentences for compliance failures are becoming a realistic threat.
And this isn’t just a US or German trend. The UK is now catching up. New legislative changes have and will significantly increase the risk of prosecution for both individuals and companies. The Economic Crime and Corporate Transparency Act 2023 (ECCTA) has already overhauled corporate criminal liability, introducing a new failure to prevent fraud offence and expanding the scope of responsibility to any “senior manager,” regardless of their job title. This alone makes it far easier for prosecutors to hold individuals accountable for organisational misconduct.
But the reforms don’t stop there. The forthcoming Crime and Policing Bill, expected to be passed later in 2025, will take this even further. The new “senior manager” liability test will be extended to all criminal offences, not just economic crime. That means directors and senior leaders could soon face prosecution for compliance breaches in areas ranging from environmental damage to data protection and workplace harassment.
Together, these changes represent a fundamental shift in corporate accountability. The long-standing legal shield that protected executives behind the corporate veil is being dismantled, replaced by a model where both companies and individuals face real consequences, including prison, for serious compliance failures.
When compliance cracks: the McKinsey case
Martin Elling, a former senior partner at McKinsey, received six months in prison after admitting he deleted documents tied to the firm’s work with Purdue Pharma amid the opioid crisis. His actions obstructed a Department of Justice probe and underscored how individual misconduct by senior figures can translate into personal criminal liability, even within top-tier consultancies.
This was part of McKinsey’s wider settlement: the firm agreed to a US$650 million deferred prosecution deal and imposed an enhanced compliance regime. But Elling’s sentence highlights that at senior levels, both personal and organisational compliance failures could result in time behind bars.
Systemic failure: Volkswagen’s “Dieselgate”
In Germany, the “Dieselgate” scandal led to multiple prison sentences for former Volkswagen executives. Jens Hadler, once head of diesel-engine development, was jailed for four and a half years. This wasn’t just bad engineering, it was a culture of deliberate regulatory evasion, tightly orchestrated, and massively damaging to VW’s global reputation.
The scandal involved the deliberate software installation of “defeat devices” in millions of diesel vehicles to cheat emissions tests, was not an isolated incident. It was the result of a coordinated effort to circumvent regulations, driven by a prioritisation of profit and market share over ethical conduct and environmental responsibility.
The fallout was enormous: over €32 billion in fines, compensation, and buy-backs, not to mention a crisis of trust in one of the most respected automotive brands.
Broader implications: FTX and beyond
Executives like Sam Bankman-Fried of FTX, sentenced to 25 years in prison, reinforce a troubling trend: serious personal consequences for white-collar and financial misconduct are no longer hypothetical. Coupled with mounting regulatory scrutiny, those at the helm of major companies are no longer shielded by titles or position.
This shift marks the end of an era where corporate wrongdoers could expect fines, resignations, or quiet settlements as the primary outcomes of scandal. Prosecutors and regulators, both in the UK and globally, are increasingly targeting individual accountability, especially when misconduct stems from leadership decisions or systemic compliance failures. The FTX case, in which Bankman-Fried was found guilty of defrauding investors, misusing customer funds, and lying to regulators, is emblematic of a growing appetite to punish not just the institution, but the people behind it.
Changing UK landscape: ECCTA and the Crime & Policing Bill
UK law is responding decisively. These new shifts increase risk exposure for UK and foreign companies, with more areas open to enforcement and higher stakes for leaders.
Economic Crime and Corporate Transparency Act (ECCTA) 2023
- New “failure to prevent fraud” offence: large companies now face strict liability if fraud is committed by associated persons and proper prevention systems aren’t in place
- Widened corporate liability: corporations can be prosecuted for economic crimes committed by senior managers, not just their “directing mind and will”
Crime and Policing Bill 2025
- Extends the “senior manager” liability test to all crimes, not only economic offences. That means compliance failures in areas like environment, data protection, modern slavery, or competition become prosecutable under the same standard
- The “scope of authority” test is broad: even if a senior manager didn’t authorise a crime, if the act fell within roles typically within their remit, the corporation may be liable.
Why this matters to all businesses
- Personal risk intensifies: senior executives now face jail if compliance cracks.
- Corporate exposure expands: liability spans all serious offences, replacing outdated legal doctrines.
- Global reach increases: even foreign firms with UK touches may be in scope
What compliance teams should do now
| Action | Why it matters |
| Map senior-manager roles | Identify who counts as a “senior manager” under ECCTA and Crime & Policing Bill. |
| Enhance “failure to prevent” frameworks | Ensure fraud-busting procedures are embedded and auditable. |
| Expand compliance scope | Go beyond fraud to include environment, data, modern slavery, competition. |
| Train and monitor senior staff | Give them tools and oversight to reduce personal and corporate risk. |
| Review liability exposure | Map cross-border compliance risk, including UK reach. |
