Establishing the criminal liability of corporations

In the government’s recent 
consultation on the introduction of 
deferred prosecution agreements (DPAs), one of the reasons given in favour of them was that DPAs would assist with the difficulties of establishing the necessary mens rea of many corporate criminal offences.1 The logic of this is questionable, but, given the current focus on DPAs as a potential enforcement tool, it is worth exploring why corporations are so difficult to prosecute under the current law, and the possible alternatives. 


A company is a legal person capable of being prosecuted for most criminal offences, unless a statute indicates otherwise.2 Insider dealing and the criminal cartel offence are two criminal offences for which corporate liability is expressly excluded (see s52 of the Criminal Justice Act 1993 and s188 of the Enterprise Act 2002, respectively).

There are various ways that liability for a criminal offence can attach to a corporate entity. For serious offences involving a fault element, ie those that do not impose strict liability, a company will normally only be criminally liable where the commission of the offence can be attributed to someone who at the material time was the ‘directing mind and will’ of the company (Lennard’s Carrying Co Ltd v Asiatic Petroleum Co Ltd [1915] at 713) or ‘an embodiment of the company’ (Tesco Supermarkets Ltd v Nattrass [1972] at 170E).

It will normally only be senior officers of a company, at or close to board level, whose acts can be identified with the company in this way, as opposed to those acting merely as the company’s agent or servant. For example in Tesco v Nattrass, which remains the leading authority on the identification principle, Tesco was prosecuted under the Trade Descriptions Act 1968 for displaying a notice indicating that goods were being offered at a price less than that at which they were actually being offered. This occurred because the manager of one of their branches had negligently failed to notice that he had run out of the low-price packets. The House of Lords considered that the branch manager could not be held to embody the company as a whole, which made available to Tesco a due diligence defence under s24 of the Trade Descriptions Act 1968.

Corporate criminal liability may also arise where the board of directors has delegated part of its management functions and the delegate has ‘full discretion to act independently of instructions from them’ (Tesco v Nattrass at 171F). Applying this delegation principle to Tesco v Nattrass, the branch manager could not be identified with the company because the board was found not to have delegated any of its functions. While the directors had set up a chain of command through regional and district supervisors, they remained in control and the shop managers had to follow orders. The acts or omissions of shop managers could therefore not be imputed to the company itself.

More recently, the courts have moved away from a blanket application of the identification principle towards a more critical examination of the statute creating the offence. In Meridian Global Funds Management Asia Ltd v Securities Commission [1995], the chief investment officer of an investment management company purchased substantial shares in a public issuer with the company’s authority but without the director’s knowledge. No notice was given as required by the relevant statute (New Zealand’s Securities Amendment Act 1988), and the company was held to be in breach of its duty to give notice on the basis that the chief investment officer was the directing mind and will of the company. The Privy Council upheld the decision and determined that, where the normal principles of attribution would defeat the intention behind a particular statutory provision, a special rule of attribution might be necessary to determine whose act, knowledge or state of mind is to be attributed to the company. In this case, having regard to the legislation, the appropriate rule of attribution to be implied was that a company knew it was a substantial holder in a public issuer when that holding was known to the person who acquired it with the company’s authority, irrespective of whether that person was properly described as the directing mind and will.

It is difficult to see how the authority given to the chief investment officer in Meridian differs in principle from that given to the Tesco branch manager in Tesco v Nattrass, who was also doing a job on behalf of the company, albeit at a significantly more junior level. Perhaps what Meridian tells us is that, where the legislation creating the offence is concerned with a corporation’s regulatory obligations, the courts will be quicker to depart from traditional principles of attribution in order to find a company criminally liable (although see R v St Regis Paper Co Ltd [2011] discussed below).

The Law Commission supports the approach taken in Meridian and has proposed, in its consultation ‘Criminal Liability in Regulatory Contexts’, that the courts examine the underlying purpose of the relevant statutory scheme rather than applying the identification doctrine as the default doctrine of liability.3 The Commission’s proposals on corporate criminal liability are currently on hold and it is expected that they will be dealt with as part of a full-scale project on corporate liability in the future.

In any event, it is clear that whether a departure from traditional Tesco v Nattrass principles is justified will depend very much on the facts of the case. The recent case of St Regis Paper Co was an appeal by a company against convictions for dishonestly making false entries in a record required for environmental pollution control. The Court of Appeal considered Meridian, but held that, as a matter of statutory construction, it was impossible to impose criminal liability on the company unless the intention to make a false entry could be attributed by operation of the rules in Tesco v Nattrass. This is perhaps a surprising decision and it will be interesting to see how it is treated in future cases on similar facts. The criminal offence created by the regulation in question (intentionally making a false entry in any record required to be kept under the condition of a permit) was arguably aimed at the company, since the company was the permit holder. The Court of Appeal’s decision effectively allows companies to avoid liability for this offence by assigning record-keeping duties to employees of sufficiently low status – surely not the intention of Parliament.


As the government acknowledged in its consultation on DPAs, it is difficult to prosecute companies for criminal offences because the threshold for criminal liability attaching to a corporate entity is high. A company can only be criminally liable if it can be shown that the directing mind, ie the board or the people at the most senior levels of the organisation, were involved in the commission of the offence. Identifying a directing mind within a company is not always straightforward, particularly in a world where decision-making is increasingly decentralised and businesses frequently operate at a multinational level. With the exception of corporate manslaughter, the current law also does not cater for situations where there has been a clear collective failure at board level but where it is impossible to attribute specific failings to particular individuals.

Perhaps as a result of these difficulties, the outcomes reached in relation to companies subject to investigation often fail to reflect the seriousness of the offending by individuals within them. For example, in July 2012 Oxford University Press reached a £1.9m civil settlement with the Serious Fraud Office (SFO) over bribery allegations after admitting that it made improper payments to win government contracts in East Africa. Similarly, in July 2011 Macmillan Publishing reached an £11m civil settlement with the SFO over bribery allegations after admitting it had made improper and unauthorised payments to local officials in Sudan in an attempt to win contracts.

Moreover, the Law Commission argues that the current law on corporate criminal liability is potentially unfair to smaller companies, since the smaller the company the more likely it is that the directors will have played an active role in the commission of the offence. Although this may not be problematic per se, it may provide a perverse incentive for companies to operate through devolved structures in order to protect directors or equivalent from knowledge of what their managers/employees are doing, effectively turning a blind eye. It also provides an incentive to prosecutors to pursue smaller companies, where convictions will be easier to secure.4

The Corporate Manslaughter and Corporate Homicide Act 2007 (the 2007 Act) has gone some way to addressing the difficulties identified above (although, as its name suggests, it deals only with corporate conduct that results in a person’s death). Most significantly, the 2007 Act sets the threshold substantially lower than director level and does not require the prosecution to prove specific failings on the part of individual senior managers. Under s1, an organisation can be guilty of the offence if the way that its activities are managed or organised by senior management is a substantial element in the relevant breach. It is therefore sufficient to show that the senior management of an organisation collectively did not take adequate care, 
and that this was a substantial part of 
the failure.

However, since it came into force in 2008, the 2007 Act has only been used to prosecute three companies. Cotswold Geotechnical Holdings and JMW Farms, convicted in February 2011 and May 2012 respectively, were both small companies with hands-on directors and no complex layers of management. Lion Steel Ltd, convicted in July 2012, was a larger company with over 100 employees but was still a far cry from the size and complexity of business that is envisaged by the 2007 Act. Moreover, since Lion Steel pleaded guilty to the corporate manslaughter charge, there has not yet been an opportunity to explore at trial some of the less certain aspects of the 2007 Act, such as how far up the corporate ladder a person has to be before they constitute ‘senior management’.

It is also important to bear in mind that the 2007 Act criminalises conduct that amounts to negligence, and that offences involving dishonesty require a different approach. One alternative to the current law, which would avoid having to grapple in each case with the often difficult concept of a ‘directing mind’, would be to introduce a separate ‘failure to prevent’ offence aimed at corporations, coupled with a due diligence defence. This is the approach that has been adopted in the Bribery Act 2010.

That said, it is questionable whether the dearth of significant corporate prosecutions to date can be attributed wholly to the difficulties associated with identifying a directing mind. The prosecution of Balfour Beatty for gross negligence manslaughter following the 2000 Hatfield train crash, for example, failed not on these grounds but because gross negligence could not be established on the facts (note that the Hatfield prosecution pre-dated the Corporate Manslaughter and Corporate Homicide Act 2007). Likewise, in 2008 the Serious Fraud Office was forced to abandon its prosecution of several pharmaceutical companies for an alleged price-fixing cartel, not because it could not identify the directing minds but because the House of Lords ruled that price-fixing was not a criminal offence in the absence of aggravating conduct (the alleged unlawful conduct prosecution pre-dated the criminal cartel offence under s188 of the Enterprise Act 2002).

In the US, a company can be liable for the actions of its agents, including its employees, whenever those agents act within the scope of their employment and at least in part to benefit the company. The US courts have interpreted ‘scope of employment’ broadly, such that it rarely serves to limit a company’s exposure (NY Cent & Hudson RR v US (1909)). 
Indeed, a company can be liable even where it has not given authority, provided a third party believed that the agent in question was acting with authority. Significantly, a company can be held criminally liable for the actions of its employees regardless of their seniority in the organisation. This lower threshold for liability, together with greater financial resources and a more aggressive prosecution policy, means that the US authorities have a greater appetite for significant corporate prosecutions than their counterparts in the UK. A recent example is British pharmaceutical company GlaxoSmithKline, which in July 2012 pleaded guilty to criminal charges in the US and paid $3bn in criminal and civil fines to settle allegations of healthcare fraud spanning more than 10 years.

But is US-style corporate criminal liability desirable or necessary? Corporations are essentially nothing more than abstract entities made up of human beings, and crimes committed by them are ultimately crimes committed by individuals. If the responsible individuals can be prosecuted and potentially punished with custodial sentences, then is anything further to be gained by attaching criminal responsibility to the corporate shell? If what is required is a suitable form of restitution for the victims of corporate crime, surely this can be achieved just as effectively through some form of non-criminal liability involving aggravated damages, perhaps alongside a requirement for shareholders to pay back dividends gained as a result of the unlawful conduct (as Mabey & Johnson was ordered to do earlier this year, after pleading guilty in 2009 to corruption offences and breaches of UN sanctions). That said, a realistic prospect of criminal prosecution would be a powerful incentive for companies to invest significantly in effective systems and controls designed to prevent abuse by individual employees, which would in turn minimise the risk of damaging criminal activity. In that respect, lowering the bar for establishing corporate criminal liability may be just the right catalyst for a positive shift in corporate culture.


  1. ‘Consultation on a new enforcement tool to deal with economic crime committed by commercial organisations: Deferred prosecution agreements’, May 2012 (Ministry of Justice Consultation Paper CP9/2012).
  2. A company cannot be prosecuted for any criminal offence which is not punishable with a fine (for example, murder) or which is incapable of being committed by an official of the company in the scope of their employment (for example, rape).
  3. Consultation Note No 195, ‘Criminal Liability in Regulatory Contexts: An Overview’, August 2010.
  4. As above.