UK Law Commission options for reform of corporate criminal liability

‘Broad consensus’ on the need for reform 

Whilst the Law Commission states that its options for reform are not ‘recommendations’, there is a marked change in tone since it last reported on this topic in 2010, when it concluded that no reform was necessary.  Even in 2017 the UK Government said there was no new or significantly persuasive evidence submitted to support the case for a change to the law.

Fast forward to 2022 and the conclusion of Penny Lewis, the Professor for Criminal Law at the Law Commission, is that there is ‘broad consensus that the law must go further to ensure that corporations – especially large companies – can be convicted of serious criminal offences, such as fraud.’ How far the law will end up changing will be the subject of further debate, but the options paper takes us some distance towards potential destinations.  

Recognition that new laws on corporate criminal liability should not impose an onerous administrative burden on businesses

The Law Commission acknowledges that broad brush reforms would impose an onerous administrative burden on businesses.  The options, in the Law Commission’s view, are designed to ‘strike a balance’ between ensuring that the law works well to punish corporate entities when misconduct is committed on their behalf, whilst avoiding a new suite of burdensome administrative requirements.

Identification doctrine retained or modified, but not abandoned 

Currently, the general rule for attributing criminal liability to a company is the ‘identification principle’ as set out in Tesco v Nattrass. This requires that where a mental state is an element of an offence (such as dishonesty), only the mental state of those representing the “directing mind and will” of a company can be attributed to the company. This may be an individual, group of individuals or the board, depending on the authority bestowed by the company for the performance of the function in question.

In practice this means obtaining a criminal conviction of a company can be challenging, particularly for large and complex companies.  One of the key criticisms of the identification principle is that it is often easier to satisfy this test in small companies because it is much more likely that individuals with the requisite seniority will be involved in the misconduct.  By contrast, the corporate governance structures of large institutions often can mean that the autonomy required to be regarded as the “directing mind and will” for a particular transaction or series of events does not rest in an individual.  Instead, authority is often retained by the board or delegated to a group of individuals in a committee.  There are some notable statutory exceptions to the identification principle, including the “failure to prevent” offences concerning bribery and facilitation of tax evasion. There are also strict liability criminal offences in consumer protection, health and safety and environmental laws.

Although unsurprising, it will no doubt still be a relief to companies that the Law Commission opposes a move to US-style ‘vicarious liability’. Instead, it has proposed retaining the current identification principle or a modified version of it.  The modification proposed, deriving from the approach in Canada,  would broaden it from its current Tesco v Nattrass form to one which would allow the conduct of ‘senior management’ to be attributed to a company if they engaged in, consented to, or connived in the offence.  

‘Senior management’ would be any person who plays a significant role in (1) the making of decisions about how the whole or a substantial part of the organisation’s activities are to be managed or organised, or (2) the actual managing or organising of the whole or a substantial part of those activities. For the meaning of playing a ‘significant role’ in the making of decisions, the report refers to how the term is used in the Explanatory Notes to the Corporate Manslaughter and Corporate Homicide Act 2007, which states that it  “covers both those in the direct chain of management as well as those in, for example, strategic or regulatory compliance roles.”

The report suggests that this would include not only those who decide on broad strategy, but also those who take operational decisions covering the whole of a company or part of it.  It would include a senior manager if their responsibilities involve taking decisions relating to corporate strategy and policy in a particular area, such as health and safety, finance or legal affairs. It would not include someone whose role is limited to management of a discrete unit (like a store) which is not a substantial part of a company’s affairs.

The report contemplates that once it is shown that someone is a ‘senior manager’ who has engaged in, authorized or permitted the conduct, it would not be necessary for the prosecution to show that they were acting within the scope of their authority.

An optional extra to the modification would mandate that a chief executive officer and chief financial officer are always considered as members of the senior management. This is perhaps in response to the interpretation of the identification principle in a prominent 2020 ruling where the court found that the chief executive officer and chief financial officer of a bank were not the directing mind and will for the transaction in question as they did not have full independent authority with respect to the conduct in question.

These proposed modifications to the identification principle would mean that the conduct of a single director would generally be sufficient to fix a company with criminal liability, and in respect of senior managers outside the board, extend the law by making it clear that conduct, individually, could fix the company with criminal liability without having to show that there has been ‘total delegation’ by the board. This would be a significant expansion, which would make it easier for a company to be found liable for a criminal offence.  Any such modification to the identification principle would require legislation, meaning that it would then be on a statutory footing.

No general ‘failure to prevent economic crime’ offence

Ruled out is a broad brush ‘failure to prevent’ crime offence. Whilst there is a ‘stronger case’ for introducing failure to prevent offences for economic crimes as compared to other categories of crime, the Commission has ruled out a broad offence of failure to prevent economic crime. In our response to the consultation we had argued against this broad offence, and the Commission agreed that having such a generalised offence would impose a huge compliance burden on companies. In particular, and as we had flagged, the Commission noted the already comprehensive anti-money laundering and financial services regulatory regime which would overlap considerably with a failure to prevent economic crime offence.

Rather than a broad offence, the Commission favours an incremental approach on an offence-specific basis, starting with fraud. The Commission did not favour a new failure to prevent money laundering offence, recognising that there is already an extensive risk based regime in place under the UK Money Laundering Regulations 2017 which targets particular types of organisation whose activities are at particular risk of being used for money laundering.

A new ‘failure to prevent fraud’ offence 

One of the options for reform is a new ‘failure to prevent fraud’ offence, along the lines of the existing ‘failure to prevent’ offences relating to bribery and the facilitation of tax evasion. Importantly the new offence would only apply where an employee or agent has committed a fraud for the benefit of, or intending to benefit, the company or a person to whom the employee or agent provides services to on behalf of the corporation, ie a client/customer. There would be a ‘reasonable procedures’ defence, and new government guidance on what such prevention procedures should look like.  

The types of fraud that the Law Commission envisages being covered, at least initially, would be the 'core' fraud offences, including:

The caveat that the fraud must benefit, or be intended to benefit, the company or its clients/customers is to be welcomed. Companies are often the targets of fraud. We had pointed out in our response to the consultation that any new failure to prevent offence would be very difficult to justify if it was not limited in the same way as the s7 UK Bribery Act 2010 offence to economic crimes committed with the intention of obtaining or retaining business or an advantage in the conduct of business for that organisation. This would avoid punishing companies who have themselves been defrauded by employees, where there may nevertheless have been an indirect economic gain for the company.  

It is also good news that the Law Commission favours a ‘reasonable procedures’ defence rather than ‘adequate procedures’. There has been some concern that ‘adequate’ may be interpreted too strictly. It is hard to argue, retrospectively, that something is adequate even though it failed to stop misconduct occurring. The Commission regarded ‘reasonable’ as more clearly encapsulating what companies are required to do. The report also states  that in some cases it will be a defence for a company to say that it was reasonable not to have any procedures in place although that is unlikely to apply to a large company.  

There is no indication of whether the new offence would cover overseas conduct. As a general principle, the Law Commission was of the view that there should be no presumption of extraterritoriality regarding new failure to prevent offences such as this one. Such an offence should only cover conduct overseas where there is a ‘demonstrable need’ for extraterritoriality in relation to that specific offence.  

There is also nothing concrete regarding application to non-UK companies.  On questioning Penny Lewis at a launch event on Friday, the response was that the approach to which companies would be caught would need to be worked out.

And some other specific failure to prevent offences

In addition to fraud, the Commission states that three other specific ‘wrongs’ may also be appropriate for the failure to prevent model but that further work and consultation would be necessary:

General principles for shaping any future failure to prevent type offences

The Law Commission took the opportunity to lay down some general principles which in its view should be part of any future failure to prevent offences.  These are important points which we also identified in our submission as being key, and that we would hope would be picked up in any future reform:

 If any failure to prevent offences are introduced, we would expect to see further consultation.

Publicity options 

The Law Commission suggests the option of making publicity orders available (requiring the corporate offender to publish details of its conviction) in all cases where a corporation is convicted of an offence. We are not sure this would have much of a practical impact for large corporates who would already expect to see widespread coverage of criminal proceedings.

More consistency needed regarding personal liability of directors and senior managers for corporate offending

It is common for legislation creating criminal offences also to make provision for the liability of directors and other senior officers where the company is guilty of an offence. Typically, a director or senior officer is personally guilty of the substantive offence where they ‘consent to or connive in’ the company’s offending or, in some cases, where it is attributable to their neglect.

The Law Commission wants to tidy up the ‘inconsistent’ provisions on director/senior manager liability for this ‘consent, connivance and neglect’ type liability. It needs to be clearer, in the Commission’s view, that there should not be any personal liability on the basis of neglect if the corporate offence is one which requires proof of a particular mental state (such as dishonesty). Neglect-based personal liability should be restricted to corporate offences of strict liability or negligence. This would be welcome clarification.

Some civil options for fraud

The Law Commission puts forward some civil options for tackling fraud too, including:

What next?

As noted by the Law Commission, these are not recommendations but rather options for reform, as requested by the UK Government.  It is now up to the Government to decide what to do.  Any new offences or changes to the identification principle will likely involve another round of consultations and could take many more months if not years.  

As a reference point for a possible timeline, the Bribery Act 2010 came into force in July 2011, nearly two and a half years after the 2008 Law Commission report on bribery, which contained a draft Bribery Bill (ie draft legislation).  There is no draft legislation appended to the Law Commission's options paper so it is likely that further consultation would need to take place.

If the law changes, and the identification principle is broadened or we see a new failure to prevent fraud type offence, there would no doubt be a refocus on compliance policies and procedures to ‘shore up’ a company’s defences at that stage.

However, we expect most companies would not wait until then and would move to ensure they have proportionate and risk based corporate compliance programmes that could be reviewed and modified in line with new guidance on reasonable procedures.  

Understanding the evolving risk of corporate criminal exposure was one of nine key challenges in 2022 that we identified for in-house counsel in the Allen & Overy annual Cross-Border White Collar Crime and Investigations Review.