Today, the Law Commission published its long-awaited paper on the potential reform options for the laws in England and Wales on corporate criminal liability. The Commission’s approach represents a constructive balance, exploring options for ensuring that companies can be held responsible for wrongdoing while seeking to avoid imposing unreasonable economic, regulatory or legal burdens. 

Although some legal commentators have already lamented that this paper has missed certain opportunities for reform, it is important to understand that its purpose is not to make firm recommendations to the Government, but to facilitate consideration of the various options available. A significant volume of thinking, consulting and, no doubt, lobbying will still be to come in the process before any of the options in the paper are implemented.

CONTEXT

The existing law on when a corporate entity can be found liable for a criminal offence is fragmented and, save for a few limited exceptions such as certain health and safety offences, corporate manslaughter, and the failure to prevent bribery and failure to prevent the facilitation of tax evasion offences, it can be difficult for enforcement authorities to secure a conviction against a company. This difficulty largely arises due to the “identification principle”, which is the general rule of attribution of criminal liability to corporates that requires a person who represents the company’s “directing mind and will” to have engaged in the conduct and have the necessary mental state of the offence. Often, but not always, this entails criminal conduct by one or more of the board of directors. This can be difficult to prove, particularly for larger companies where day-to-day operations and top-level corporate strategy and decision-making can often be diffusive across the organisation.

This aspect of the law has been frequently criticised by enforcement authorities. For example, in a speech in 2018, the former Joint Head of Bribery and Corruption at the Serious Fraud Office, Ms Camilla de Silva, called the identification principle “…an inadequate model for attribution…” that “encourages bad corporate culture”, does not allow for a “fair playing field” between large corporates and small to medium sized corporates and “creates a two-tier approach to economic crime which is unprincipled” due to different levels of risk imposed in practice by the principle on smaller and larger businesses.

HIGHTLIGHTS: CERTAIN KEY REFORM OPTIONS CONSIDERED

The paper explores various potential avenues for reform, endorses some options for the Government’s consideration and discounts others. Some of the headline reform options outlined in the paper include:

A rejection of the US approach of “respondeat superior” and the Australian Commonwealth approach of “corporate culture” failings

The paper considers the form of vicarious criminal liability typically used in the US by which almost any acts of an employee can be laid at door of the company. Vicarious liability makes corporate liability too easy to establish, giving too much discretion to prosecutors and creating deep uncertainty for companies. On this basis, it was reasonable for the Law Commission to reject this approach – particularly given the consultation’s mandate to explore options for reform that would “avoid disproportionate burdens upon business”.

The Commission similarly rejects the position adopted in parts of the Australian Commonwealth Criminal Code in which some fault elements can be attributed to a company where its “corporate culture, policies and/or procedures” encouraged or permitted the commission of a relevant offence by its employees. These laws have been subject to a fair degree of criticism in Australia due to, among other things, the lack of clarity of the concept of “corporate culture”, and the fact that these provisions have not resulted in successful prosecutions.

Retaining but extending the “identification principle”

The paper proposes that the identification principle is retained, but that it could be extended to define more precisely the category of senior people whose acts or omissions can be attributed to the company.

In this regard, it suggests that conduct could be attributed to a company if a member of “senior management” engaged in, consented to, or connived in the offence. “Senior management” would be defined in the same way as for corporate manslaughter, namely any person who (a) plays a significant role in the making of decisions about how the whole or a substantial part of the organisation’s activities are to be managed or organised; or (b) plays a significant role in the actual managing or organising of the whole or a substantial part of those activities; and in particular, a company’s Chief Executive Officer and Chief Financial Officer could always be considered members of senior management (contrary to the position taken by the courts in the Barclays prosecution).

These options, if adopted by the Government, would make it far easier for prosecutors to identify a blameworthy individual. They would also provide much greater clarity to the company as to whose acts it is criminally responsible for. Nevertheless, issues around “significant” and “substantial” in the context of who would fall within the definition of “senior management” would mean that some uncertainty would persist (although this could potentially be clarified by the courts in due course). However, these have not proved problematic as yet in corporate manslaughter prosecutions.

Potential expansion of the “failure to prevent” offences

Principles to adopt for any future “failure to prevent” offences

The Commission puts forward several principles that it says should be adopted for any new “failure to prevent” offences adopted in the future. Two that are particularly notable are:

– That the usual “adequate/reasonable procedures” defence already familiar in the context of bribery and facilitation of tax evasion should expressly state that a company can argue that it was not reasonable to have such procedures in place at all. While this does not significantly expand the existing regime in which the adequacy or reasonableness of the procedures is determined by the assessed risk posed to the company, in practice this will likely provide welcome reassurance; and

– That there should not be a presumption that any new “failure to prevent offence” would extend to conduct carried out by associated persons overseas, but rather extraterritoriality should be considered in light of the nature of the offence concerned.

A lukewarm endorsement of a “failure to prevent economic crime” offence.

Some of the loudest voices during the consultation, including the SFO, were calling for a “failure to prevent economic crime” offence on the basis that the identification principle made it too difficult to find someone senior enough to be the “directing mind and will” of the company through which corporate liability could be attributed. It is particularly welcome that the Commission has recognised in its paper that a “failure to prevent” offence is no substitute for proving substantive offences against companies found to be actively complicit in serious offending. 

We agree with the Commission that it is important to bear in mind that the “identification principle” and “failure to prevent” offences are not alternatives: “We do not consider that ‘failure to prevent’ offences should be introduced simply because it is in practice difficult to prove substantive offences against corporations which are alleged to be actually complicit in offending.”

The Commission recognises that the attribution of corporate criminal liability through the “identification principle” and the “failure to prevent” model serve different functions. The former is focused upon holding corporates to account for provable wrongdoing, while the latter has an important role to play in deterring the misconduct in the first place.

Despite this, it is noteworthy that the Commission states that if the identification principle is not reformed, then the case for widening the failure to prevent offence is “inevitably” stronger.

Support for a “failure to prevent fraud” offence

Against this background, the paper proposes a new offence of “failure to prevent fraud” which would apply to the acts of “associated persons” of a company (a familiar concept, as it is shared by the failure to prevent bribery and the facilitation of tax evasion offences), which includes employees and agents. This offence would arise in circumstances where the company itself, or the person to whom the associated person was providing services on behalf of the company, benefitted from the fraud. There would be a presumption against extraterritorial jurisdiction. These proposals address two common criticisms of such an offence – that it would be so wide and ill-defined as to capture fraud against the company itself; and that companies may become liable for the actions of individuals (for example, those working in highly independent, well resourced and established overseas subsidiaries) over which in reality they had no control.

As with the equivalent bribery offence, there will be a defence of having reasonable prevention procedures in place or, importantly, that no such procedures were reasonably required. This is a sensible balance as companies should, in our view, only be criminalised where there is a good reason to expect them to have put in place reasonable prevention procedures.

Endorsement for extending the “failure to prevent” model to other areas

The paper also suggests potential options including the expansion of the “failure to prevent” model to other types of offences, including a “failure to prevent human rights abuses”. The Commission notes that in deciding whether to take this option forward, a key issue for consideration would be whether the case for extraterritoriality had been made out. While this is an interesting proposal, substantially more thought and analysis will be required in order to ensure that such a mechanism works as intended. This would include defining precisely what abuses must be prevented, for whose acts the company is responsible (i.e. whether it is only responsible for the acts of the company itself or also those of persons within the company’s supply chain), whether it matters whether the company benefitted from the abuse and, most importantly, whether this new offence would help to deter abuses in practice in the first place. 

The paper also proposes potential offences of failure to prevent computer misuse (which it suggests should be considered as part of the Home Office’s current review of the Computer Misuse Act 1990), and failure to prevent ill-treatment or neglect (replacing the existing ‘care provider’ offence in the Criminal Justice and Courts Act 2015). It suggests that the latter would not include a requirement to demonstrate that the conduct was intended to benefit the corporate body, whether directly or indirectly.

A presumption against extraterritoriality for new “failure to prevent” offences

The paper concludes that there should not be any default expectation that any future failure to prevent offences should have extraterritorial effect, and that such an offence should only be extended to cover conduct overseas when there is a demonstrable need for extraterritoriality.

This presumption against extraterritoriality for any new failure to prevent offences reflects a more restrictive approach, which diverges somewhat from existing failure to prevent offences for bribery and facilitation of tax evasion, both of which allow companies to be held liable for acts committed outside the UK. The Government may nonetheless opt to extend the territorial scope of any new failure to prevent offences (should they be introduced), depending on the precise offence(s) at which they are targeted.

Potential changes to the liability of directors and senior managers

The paper also observes that at present, when a corporation is convicted in relation to certain offences, its directors, managers and other officers may also be convicted under existing instruments. In the Commission’s view, these provisions, and aspects of their application, are often inconsistent, with the result that directors can be personally convicted of offences requiring a particular mental element even where they did not have that mental element, and the actual commission of the offence was done by another person. 

The Commission concludes that directors should not be personally criminally liable on the basis of neglect if the offence requires proof of a particular mental state; rather, in its view director’s liability on the basis of neglect should be limited to offences of strict liability or negligence. In addition, where a ‘consent, connivance or neglect’ provision is part of existing statute requiring proof of fault greater than negligence, CPS guidance or a general legislative measure could be introduced to ensure that directors can only be prosecuted for an offence requiring that mental element if they consented to or connived in its commission. The Commission’s concerns in this area are compelling and important. Going forward, we would welcome further discussion and action to address these issues by exploring both potential solutions proposed in more detail, as this form of inconsistency raises the risk burden for directors on a basis that is difficult to justify by potentially carrying severe consequences for individuals who lacked the requisite mental state usually required in relation to the relevant offences.

New civil penalties

An area of disappointment is the proposal for new civil penalties for “corporations which conduct themselves in a way likely to facilitate fraud”. It is not at all clear how this would overlap with a “failure to prevent” offence or the existing DPA regime, which permits a corporate to avoid a criminal conviction if it complies with certain conditions. More importantly, it is hard to see how the solution to toothless law enforcement is to decriminalise and provide a “get out of jail” card to companies for the very conduct that we should be trying to penalise and deter.

CONCLUSION

Going forward, it will be interesting to see whether, and which, of the options put forward in the paper are picked up and developed with a view to putting them into practice. While it is widely understood that we are overdue for reforms in this area, as demonstrated by the Law Commission’s thorough analysis, it will be critical for such reforms to be carefully considered before coming into effect to ensure that they will be effective and proportionate in practice.