Corporate criminal liability in the UK: is change in the air?

In what some have described as a development ‘seismic’ in its potential consequences, in June 2021, the Law Commission launched a consultation concerning proposals to reform corporate criminal liability in the UK. The consultation seeks views on whether, and how, to improve the law relating to the identification and punishment of criminal offences committed by companies, their directors or senior management. The Law Commission is due to report on its work at the end of 2021, following which further consultations with the government will ensue.

Prosecutors have long advocated for reform of the law on corporate criminal liability to make it easier to prosecute large companies. In a speech to the Royal United Services Institute (RUSI) in late 2020, Lisa Osofsky, director of the UK’s Serious Fraud Office (SFO), said that the introduction of a new corporate criminal offence for ‘failing to prevent economic crime,’ running alongside the Bribery Act 2010 (UKBA) and Criminal Finances Act 2017 (CFA), topped her wish list. Others have argued that such a reform is incompatible with the criminal justice system and, if accepted, would create hardship and unfairness for innocent shareholders and creditors when criminal liability is imposed. It is, of course, individuals that commit fraud and pay bribes and, many argue, those individuals should pay the price. If the objective of reform is disincentivising corporate wrongdoing, then many argue that efforts are better directed at ensuring the criminal acts of individuals are effectively investigated and prosecuted. Put simply, imprisonment disincentives crime, not a corporate fine.

In this article, we consider the current position in relation to UK corporate criminal liability, criticism levelled against the current law, proposals for reform, and our thoughts as to the effect that any reform of the law may have. We then offer our thoughts as to the risk mitigation steps that companies could take in the event that the scope of corporate criminal liability is (some argue, inevitably) widened.

The ‘identification principle’

Broadly speaking and absent express legislation creating corporate criminal liability for particular offences (such as the ‘failure to prevent’ bribery and tax evasion offences, and some consumer protection, health and safety, and environmental laws), it is necessary to apply the ‘identification principle’ to establish corporate criminal liability on the part of a company in the UK. This principle requires that when a mental state is an element of an offence (for example, dishonesty), only the mental state of those representing the ‘directing mind and will’ of a company can be attributed to the company. Identifying individuals who represent the ‘directly mind and will’ of a company depends on various factors, including to whom the performance of the relevant function was delegated, but could include one or more individuals or the board.

Criticisms of the law on corporate criminal liability

In her 2020 speech to RUSI, Ms Osofsky posited that the ‘narrow application of the “controlling mind” test, [makes] it very difficult to hold companies with complex governance structures to account for their fraudulent conduct.’

The ‘identification principle’ has been cited by some as the reason for the failure of a number of recent high-profile prosecutions in the UK because its effect is to limit the number of directors and senior managers of a company who will be considered to have sufficient discretion and autonomy to be regarded as the company’s directing mind and will. That is particularly so in large organisations when the authority to perform a relevant function does not lie with one individual but with a group of senior individuals. In the recent high-profile collapse of a prosecution brought by the SFO, the Court said that the identification principle was not met by the alleged involvement of senior individuals in the alleged wrongdoing since those individuals did not, in fact, have the requisite authority to conclude the transactions in question.

It also has been suggested that the current law on corporate criminal liability creates unfair disparities between larger and smaller companies. Smaller companies are more prone to successful prosecution as a result of the identification principle as their senior management are more likely to be involved in day-to-day decisions, as compared to their counterparts in larger companies who are likely to be more distanced from daily decision making.

Proposals for reform

The Law Commission’s consultation paper does not set out the various options for reform, but we consider that at least the following options are available:

  1. Maintain the current ‘identification principle.’ Given that there have been calls to reform the principle for many years, we consider that maintaining the status quo may no longer be a viable option. With so many other issues higher on the legislative agenda, however, the question is whether reform will be further kicked into the long grass.
  2. Replace the ‘identification principle’ with an approach more akin to those taken by other jurisdictions (eg, the vicarious liability approach adopted in the US whereby a company generally is held criminally liable for the acts of any of its employees). Such an amendment likely would have a radical effect on UK enforcement activity, as can be seen from the significantly higher levels of enforcement activity in the US and the resulting multimillion-dollar corporate fines.
  3. Expand the ‘identification principle’ by extending it to wider classes of senior management. Agreeing a ‘one size fits all’ definition of ‘senior management’ seems almost impossible, however, given the variance in the make-up and governance of companies.
  4. Expand regulatory powers on an industry-by-industry basis. For example, financial services firms already are subject to sector-specific criminal offences including the Money Laundering Regulations 2017, which require firms to implement measures to identify their clients and monitor how clients use their services. In October 2021, the UK’s financial regulator, the Financial Conduct Authority, secured its first criminal conviction of a UK bank for breaching anti-money laundering regulations in failing to perform enhanced risk monitoring and due diligence on, and adequately monitor its relationship with, one of its gold dealing clients.
  5. Extend the current ‘failure to prevent’ offences to a broader range of economic crimes (eg, money laundering, fraud, false accounting, fraudulent trading and breach of financial sanctions or counter-terrorism measures). Section 7 of the UKBA introduced the first corporate ‘failure to prevent’ offence in the UK, which was followed, in 2017, by two further ‘failure to prevent’ offences under ss45 and 46 of the CFA, which created the offences of failing to prevent the facilitation of UK and foreign tax evasion. These offences are accompanied by a statutory defence when the company can demonstrate that it had in place at the relevant time, ‘adequate procedures’ designed to prevent bribery or the facilitation of tax evasion, as relevant. The SFO has utilised the failure to prevent bribery offence successfully and HMRC has reported thirteen ongoing live investigations for the failure to prevent tax evasion offences, although there have been no criminal proceedings so far. Accordingly, in our view, this option seems the most attractive to legislators.

The consequences of reform

Expanding the ‘identification principle’ or introducing a new corporate offence inevitably will increase the circumstances in which a company can be prosecuted. We can expect to see an increase in investigations by law enforcement, prosecutions, Deferred Prosecution Agreements and convictions, with the attendant consequences on companies’ balance sheets, reputations and, ultimately, their survival.

Introducing a new corporate crime – a ‘failure to prevent economic crime’ or something similar – also could have very significant repercussions for compliance programmes. The UKBA almost universally placed an increased compliance burden on companies, which resulted in companies scrambling to implement – and demonstrably show that they had implemented – ‘adequate procedures’ designed to prevent bribery (without concrete guidance as to what constituted ‘adequate’). One can expect that a broad corporate offence of ‘failure to prevent economic crime’ would have a similar impact, requiring further investment in the enhancement of compliance programmes.

Practical steps to take

Absent any reform to corporate criminal liability, it remains good governance – and in some cases, a regulatory requirement – to maintain adequate procedures to prevent the commission of a criminal offence (leaving aside the reputational risks of a criminal investigation and conviction). We also are of the view that, assuming some reform is likely, companies would be well advised to take steps now to strengthen their compliance efforts designed to prevent corporate crime, which may include:

  1. Maintaining an ethical culture throughout the company, from top to bottom.
  2. Ensuring that potential new employees and contractors undergo adequate screening (including their qualifications and past references).
  3. Providing regular, adequate training to employees and contractors. Providing training in what is acceptable (and what is not) is the first step to ensuring that offences are not committed.
  4. Undertaking regular (and, if possible, real time) monitoring, including implementing artificial intelligence software that can detect and flag unusual behaviour. Companies also should ensure that, as between their employees and contractors, nobody is marking their own homework and impose a segregation of duties (eg, those who request payments to be made should not also be approving them).
  5. Where possible, maintaining an internal audit function, staffed by independent auditors with knowledge of the company.
  6. Implementing a robust whistleblowing policy that empowers individuals to raise concerns and offers an easy and accessible way to do so. Employees and customers are a primary source of information about potential criminal behaviour in any organisation.