An Expansion of UK Corporate Criminal Liability?

Background

Over the past decade, there has been a distinct trend in the UK to move towards the expansion of corporate criminal liability. Generally, under English law, a company will only be liable for a criminal offence where the criminal conduct of a sufficiently senior individual or group of individuals can be attributed to the company (known as the “identification principle”). More recently, however, the scope of corporate criminal liability has expanded with the introduction of two ground-breaking laws:

• The UK Bribery Act 2010, which introduced a corporate offence of failure to prevent bribery; and

• The UK Criminal Finances Act 2017, which introduced a corporate offence of failure to prevent the facilitation of tax evasion.

Under these laws, a company can be liable for failing to prevent misconduct by any person associated with the company (subject to a defence of having in place “adequate procedures” to prevent the misconduct). The aim is to create systemic change in how companies go about doing business, including a more active approach to preventing wrongdoing. There have been persistent calls from a range of stakeholders, including law enforcement and NGOs, for the “failure to prevent” model to be extended to other areas of financial crime.

The continued expansion of UK corporate criminal liability:

The Need for Reform

The identification principle has long been criticised by UK law enforcement, civil society, and international anti-corruption organizations as an ineffective way to hold companies accountable. It is against this backdrop that the UK government asked the UK Law Commission to consider the need for reform in this area. 

Review by the UK’s Law Commission

The Law Commission is an independent body in the UK that keeps the laws of England and Wales under review and recommends reform when needed. While the UK government is not obliged to follow the Law Commission’s recommendations, they are nevertheless persuasive and have in the past resulted in significant new legislation.

The Law Commission identified six principal conceptual complaints about the identification principle:

1. It is too narrow – it limits the class of people who could constitute a directing mind and will.

2. It does not reflect the reality of decision-making in complex organisations – in the modern era, many companies delegate corporate functions and knowledge is diffused among employees below the level of being sufficiently senior to constitute a directing mind and will.

3. It makes it too difficult to convict companies for offences committed for their benefit.

4. It is unfair between small and large companies – smaller companies, which likely have shorter and more direct reporting lines between staff, are disproportionately criminalised.

5. It does not always bring certainty – while it does provide a degree of certainty, it may not give greater certainty than alternative approaches.

6. It does not incentivise good corporate governance and may disincentivise it – far from creating incentives to ensure compliance, the principle “rewards companies whose boards do not pay close attention”.

On 9 June 2021, the Law Commission opened a consultation into the UK’s approach to corporate criminal liability, in which they sought views from the public on whether, and how, the law relating to corporate criminal liability could be improved in order to more appropriately capture and punish criminal offences committed by corporations and their directors or senior management. The consultation closed on 31 August 2021 and a paper, setting out 10 possible options for the UK government to consider, was published on 10 June 2022 (the Options Paper). While the Law Commission stopped short of making any recommendations, it did nonetheless conclude that there is “broad consensus” on the need for reform in the area.

What Options Did the Law Commission Consider?

The Options Paper considered a number of legislative proposals, including:

1. No change – retention of the identification principle as it currently stands.

2. An amendment to the identification principle whereby corporate liability could be attributed where a member of senior management “engaged in, consented to, or connived in” the offence. Chief executives and chief financial officers would be considered members of senior management.

3. Introduction of four specific offences of “failure to prevent”: (i) fraud by an associated person who commits the offence with the intent of benefiting the company; (ii) human rights abuses; (iii) ill-treatment or neglect of vulnerable persons; and (iv) computer misuse.[1]

What Can We Take from the Proposals?

Before the Options Paper was published, there had been concern that the Law Commission might support a move to the US-style “vicarious liability” (under which companies can be held liable for crimes committed by their agents or employees in the scope of their employment). This would have represented a wholesale change in approach to corporate criminal liability, which ultimately was not proposed as an option. The Law Commission had also indicated its support in the past for a broad “failure to prevent economic crime” offence, although this proposal was ultimately rejected in the Options Paper as being too broad – a stance that has drawn much criticism from anti-corruption campaigners. The Law Commission instead commented that a “failure to prevent” offence should “at least initially” be limited to “failure to prevent fraud”. Given the fact that no definition of “financial crime” could be agreed upon, coupled with concerns that such an approach could over-criminalise conduct, this is perhaps the most practical route forward. 

The proposed four “failure to prevent” offences provide useful insight into where the Law Commission sees the future of corporate criminal liability. The offence of failure to prevent fraud presents a compromise between two competing priorities: the desire in many circles to see corporate liability for financial crime expanded, and the need, recognised by the Law Commission, to ensure that compliance does not become overly burdensome and result in unintended consequences for businesses. 

The three remaining proposed offences – failing to prevent human rights abuses, ill-treatment or neglect, and computer misuse – present a different picture, reflecting the changing environment that companies are operating in and acknowledging that they are now expected to take note of and actively deal with environmental, social, and governance (ESG) issues. They present complex issues, and the Law Commission has made clear that if proposals in relation to these offences are taken forward, further work and consultation would be necessary on the scope of the offences.

What Should Companies Be Thinking About?

While the UK government is not compelled to reform the law, we anticipate the proposals set out in the Options Paper will be given serious consideration, although it is not clear when any reforms are likely to come into effect. That being said, former UK Justice Secretary Robert Buckland has indicated that the UK government is considering introducing a “failure to prevent fraud” offence into the Economic Crime and Transparency Bill that is currently making its way through parliament, as discussed in Chapter Eight.

We consider it prudent for companies to look ahead and start considering the boundaries of their current compliance program and what information is, or is not, currently being collected and analysed. In particular, companies should pay attention to policies touching on ESG issues and supply chain accountability issues that, if the failure to prevent offences relating to prevention of human rights abuses, ill-treatment or neglect, and computer misuse are enacted, are likely to come under scrutiny. 

[1] The Computer Misuse Act 1990 created three substantive computer misuse offences: (i) unauthorised access to computer material; (ii) unauthorised access with intent to commit or facilitate commission of further offences; and (iii) unauthorised acts with intent to impair, or with recklessness as to impairing the operation of a computer.