On 10 June 2022, the UK Law Commission published the results of its review into the laws that govern corporate criminal liability in the UK and its proposals to reform them. There has been a long-held concern amongst enforcement authorities, and legal commentators, that current UK law makes it exceptionally difficult to hold global organisations with complex management structures liable for criminal offences. Serious Fraud Office Director Lisa Osofsky acknowledged as long ago as 2018 that the SFO finds itself hamstrung by the identification principle, which ‘made sense 100-odd years ago, when corporations were run by two, three or four people’.1
Under the existing identification principle, the prosecution must demonstrate that the ‘directing mind or will’ – typically the most senior manager(s) and/or director(s) of the entity – was personally engaged in the relevant criminal conduct. Recent case law has interpreted the concept of the ‘directing mind or will’ very narrowly and, as a result, has made it even more difficult for a company to be found liable for a criminal offence.2
Proposals for reform
In good news for companies under investigation, the Law Commission rejected a complete shift to the American system, which is more akin to the concept of vicarious liability whereby companies are held responsible for any criminal act committed by any employee acting in the course of their employment with an intention of benefitting the company.
Instead, the Law Commission’s options paper sets out 10 possibilities for how to reform the law in this area:
- Retain the existing rules where a prosecutor must demonstrate the directing mind or will of the company was involved in the criminal conduct.
- Create a new offence of failing to prevent certain identified fraud offences (e.g., fraud by false representation, false accounting, etc.) by an associated person, who also may be an employee of agent.
- Create a new offence of failing to prevent human rights abuses.
- Create a new offence of failing to prevent ill-treatment or neglect.
- Create a new offence of failing to prevent computer misuse.
- Make publicity orders available in all cases where a company is convicted of an offence.
- Introduce a regime of administratively imposed monetary penalties. Under this proposal, if someone associated with the company committed fraud which was intended to benefit the company, then the company would be liable for paying a fine unless it could show it took reasonable precautions to prevent the wrongdoing.
- Introduce new civil actions in the High Court based on the Serious Crime Prevention Orders. The new regime would contain powers to impose monetary penalties, as well as punitive and preventative measures, on a company found to have behaved in a way that was likely to facilitate fraud.
- Introduce a new reporting requirement that would require companies to report the anti-fraud procedures they have in place to prevent fraud by their staff.
- Allow the conduct to be attributed to a company if a member of the company’s senior management engaged in, consented to or connived in the offence. Two proposals were put forward for how to define senior management:
- Someone who plays a significant role in the making of decisions about how the whole or a substantial part of the organisation’s activities are to be managed or organised, or someone who actually manages or organises the whole or a substantial part of those activities.
- As above, but where the CEO and chief financial officer automatically would be classed as senior managers.
There are two aspects of the Law Commission’s report that are of particular note to stakeholders. Firstly, as is currently available to companies when facing prosecution today for certain offences (such as the offence of failing to prevent bribery under section 7 of the Bribery Act), companies would be able to avail themselves of the defence to ‘failing to prevent’ offences3 that they had ‘adequate procedures’ (or, possibly, ‘reasonable procedures in all the circumstances’) in place to prevent the conduct in question from being committed by an employee, agent or associated person. Precisely what those ‘adequate procedures’ should look like is a discrete question of fact and highly dependent upon the nature of the company itself.4
Secondly, the Law Commission also explored the possibility of widening the civil remedies available in relation to economic crime. Specifically, it considered implementing a regime of general obligations upon corporations with administrative or civil penalties overlaying this framework for those corporations that fail to demonstrate adequate compliance. The Law Commission considered that such a new civil regime may free up the resources of regulators to focus on serious economic crime without having to deal with more administrative breaches that might properly be considered merely ‘regulatory’ – and where the corporation in question did not act dishonestly or deliberately.
The Law Commission’s paper simply sets out options for the UK government to consider, and although it is unclear when exactly the law in this area will change, it looks increasingly likely that a change will happen. Given the scope of the proposals, it appears inevitable that there will be an increased focus on the strength of compliance systems and an increase to the scope of corporate criminal liability.5
There is now, therefore, an opportunity for companies to review their existing compliance systems and prepare themselves for the likely changes on the horizon prior to any formal legislation being passed. Given that prevention is often better than a cure, and the potentially increased focus on compliance we have identified, companies are advised to consider getting ahead of these changes, and start reviewing their existing policies and procedures now, in order to identify potential gaps and improve those systems. They also should consider adequately stress-testing these systems to weather any foreseeable crisis that may arise – from an accusation of fraud by a whistleblower to an investigation by an enforcement authority into human rights abuses.
- In her oral evidence before the House of Lords Select Committee on the Bribery Act 2010, 13 November 2018
- See, e.g., The Serious Fraud Office v. Barclays PLC and Barclays Bank PLC  EWHC 3055 (QB): In order to be considered the directing mind and will, and therefore to engage corporate liability, it was suggested an individual ‘must have full discretion to act independently of instructions of the Board with regard to the relevant function and should not be responsible to the Board or others for the manner in which he discharges his duties’.
- For example: Failing to prevent human rights abuses; failing to prevent ill-treatment or neglect; failing to prevent computer misuse.
- However, it should be noted that there is limited and high-level governmental guidance available.
- See the statement from Penney Lewis, a professor and Law Commissioner for criminal law, that ‘there is broad consensus that the law must go further’.