Corporate liability: a leap forward

Recent events in Ukraine and growing concern, both in Government and among the general public, about illicit wealth in the UK have significantly increased the likelihood of a new offence of failure to prevent economic crime being introduced. If this much talked about development does happen, the offence poses big implications for businesses in all sectors.

The Economic Crime (Transparency and Enforcement) Act received Royal Assent in the early hours of 15 March 2022, following an unusually rapid passage through Parliament. This new Act does not contain provisions for a failure to prevent offence, focusing instead on the introduction of a new register requiring anonymous owners of UK property to reveal their identity; expanded sanctions liability; and amendments directed at easing the path for authorities to obtain unexplained wealth orders against suspected holders of illegitimate wealth.

The scale of economic crime

Pressure is mounting on the Government, however, to take more action to tackle fraud, corruption and money laundering in the UK, which suggests that the Act may be the precursor for a more substantive economic crime package later in 2022. In a sign of this growing pressure, on 26 January 2022 the House of Commons Treasury Committee published its latest Economic Crime report, which at paras 210 and 211 expressed “disappointment” that the Government had yet to reform its approach to corporate criminal liability. The committee’s report expressly referenced a call by the Fraud Advisory Panel, an influential anti-fraud charity, to introduce an offence of failure to prevent economic crime.

The proposal is nothing new, but in recent months there has been a noticeable shift in the surrounding discourse, driven by increased public concern about fraud and other economic crimes in the UK. High-profile UK companies such as Carillion and Patisserie Valerie have fallen in the wake of fraud allegations. The COVID-19 pandemic has created fresh opportunities for criminal activity, in particular the Bounce Back loan scheme that reportedly saw record levels of fraud in the order of £4.9 billion, further pushing concerns about economic crime into the headlines.

According to UK Finance (linked document at p 4), fraud has risen to the level of a national security threat, in part due to the pandemic. The first half of 2021 saw a 30% increase in fraud losses compared to the same period in 2020, despite the efforts of the banking and financial sector (linked document at p 2). Alongside all of this, the National Crime Agency continues to estimate that money laundering costs the UK more than £100 billion a year. Amid public concern, a proposal to make it easier to hold companies accountable for a wide range of economic crimes is developing significant traction.

Extended liability

If introduced, it would see companies registered or operating in the UK exposed to criminal prosecution if they did not have adequate procedures in place to safeguard against economic crime (linked document at para 4.4). Potentially, companies of all sizes with operations in the UK would be affected. The practical effect is that they would be required to carefully implement tailored procedures to combat fraud, money laundering and a whole range of other economic crimes. In a recent example prosecuted under the money laundering equivalent offence, NatWest was fined a record £265 million by the UK's financial watchdog for failing to prevent nearly £400 million of money laundering through its branches.

An offence of this breadth would mark a radical expansion of corporate criminal liability. Subject only to a handful of exceptions, currently for a company to be exposed to criminal liability in the UK those identified at the very top must themselves engage in the wrongdoing. The so-called “identification doctrine” can be difficult for a prosecuting authority to satisfy in practice, particularly where the company is large or decision-making may be layered. Sir David Green QC, the former Director of the Serious Fraud Office (“SFO”), once commented (linked document at para 2.63) in relation to the evidential hurdles posed by the identification doctrine that “the email trail has a strange habit of drying up at the middle management level”. In turn, this can make targeting smaller companies more attractive to prosecutors even though the larger companies may reap far more from wrongdoing and their conviction would send a far greater deterrent message. For some time, there have been calls for reform and for more to be done to tackle fraud and other forms of economic crime that happen on a company’s watch or from which it benefits. 

In recent months, the likelihood of the proposal coming to fruition has increased, despite taking what can best be described as a meandering path towards the statute book. Announced by David Cameron in 2016 at the London Corruption Summit, support for the proposal has ebbed and flowed. It is now more firmly in view. The new offence featured in the Government’s Economic Crime Plan 2019-2022, and in the last 12 months it has received a jolt. The Director of the SFO, Lisa Osofsky, has consolidated the authority’s support for it, describing it as being at the very top of its “wish list”. Last summer the Law Commission also commenced an arguably long overdue consultation on the reform of corporate criminal liability. One of the key issues for discussion (at p 71) is whether the UK should broaden the corporate “failure to prevent” model which already applies to bribery and tax evasion facilitation.

Legislative precedents

The proposal would be a broadening rather than something altogether new, because the first offence of this kind was introduced over a decade ago when the Bribery Act 2010 was passed. Section 7 of that Act establishes that a commercial organisation, including a partnership, will be guilty of a criminal offence of failing to prevent bribery where a person “associated” with it engages in bribery intending to benefit that organisation. The single defence is that the organisation had in place “adequate procedures” designed to prevent such conduct.

There is also a striking extraterritorial aspect. Any company or partnership incorporated or formed in the UK or which carries on business in the UK is captured. Further, it is irrelevant where the conduct amounting to bribery occurred or whether anyone at the company even knew about it. As for definitions, an “associated” person will capture far more than an employee. It is drafted widely to include agents, subsidiaries and any person at all who performs services for or on behalf of the organisation.

The corporate offence of failing to prevent tax evasion facilitation, which appears in ss 45 and 46 of the Criminal Finances Act 2017, is based on identical concepts. Additionally, just like its bribery equivalent, a company that is incorporated or does business in the UK can be exposed to criminal liability and face an unlimited fine, even if the criminal conduct carried out by the “associated” person never resulted in a criminal prosecution.

Overall, the failure to prevent model has the potential to ensnare a company of any size, but in practice there are very few prosecutions. Only one company so far has been prosecuted under the failure to prevent bribery provision. Skansen, which was convicted by a jury in 2018, was a small interiors business which by the time of the trial had ceased trading. None have yet been prosecuted under the equivalent tax provision, but it was reported that in late 2020 there were 14 live investigations (linked document at p 11).

Provisions with teeth

All this is not to say that the model is toothless. The value of offences of this kind instead lies in their deterrent effect and ability to catalyse cultural change in companies both big and small. Centring the offence around “adequate” or “reasonable” procedures compels a company to put in place tailored safeguards that are proportionate to the size and nature of its business. Use of a “boilerplate” policy is unlikely to suffice. Guidance has been published by the Government on what adequate procedures should entail. The emphasis is on implementing effective policies, controls and procedures that involve careful risk assessment mitigation, monitoring, compliance and training. What will be considered adequate will be different for every business.

The failure to prevent model holds a further attraction for prosecuting authorities. A failure to have proper procedures in place can lead to deferred prosecution agreements (“DPAs”). Since 2016, DPAs negotiated by the SFO and approved by the courts, have contributed over £1 billion to the public purse and resulted in significant profits for the taxpayer. Although the prosecution tally of trials for related offences may currently be dismal, the consequences of failing to prevent can be costly for business.

Any future offence of failure to prevent economic crime can be expected to contain the same key features as the bribery and tax evasion facilitation provisions. Inevitably, it will lead to more DPAs. For the SFO, which has recently been criticised for its prosecution record, a new offence of this kind would provide a significant boost. Aside from more DPAs standing to benefit the public purse further, it would clear the “identification doctrine” from the path of prosecutors and enable investigations to commence against companies in relation to a full range of economic crimes.

Furthermore, the proposed new offence is a broad one with the capacity to hold companies accountable not just for high-profile frauds, but any other conduct that would fall into the definition of economic crime. Money laundering, bribery and corruption, market abuse, false accounting and breach of financial sanctions would all arguably fit the bill.

 Where the line would be drawn remains to be seen. There are a host of other offences that can also lead to economic benefit, including some forms of cybercrime and environmental crimes. Precisely what should be properly characterised as an “economic crime” is an open question at this point, but there is a strong argument that the list should be kept short, mindful of the compliance burden that companies would face.

Size matters?

Tied to this, whether all companies in the UK should be exposed to such a broad offence, or just those with significant turnover or that are regulated, are matters that will need to be traversed in due course. An earlier iteration of the proposal appearing in the Financial Services Bill 2021, for example, applied only to FCA-regulated companies (linked document at p 6).

If the proposal does advance, the time that should be afforded to companies to develop and review their procedures and ensure they are fit for purpose will be a further crucial consideration. Given that “reasonable procedures” is the single defence, companies need to be afforded sufficient time to take advice and reflect on what needs to be improved.

There also looms a larger question about whether, if an offence of this breadth is introduced, the authorities will possess the resources needed to investigate companies properly in relation to such a range of economic crimes. Although prosecution of the “associated person” involved is not necessary, for a company to be exposed to criminal liability for failure to prevent, the authorities do first need good evidence that an economic crime has taken place. The authorities are proponents of the proposal at the moment, but whether they actually have the means to take advantage of it is another matter.

Be prepared

These issues can be expected to be discussed in due course if the proposal continues to attract support. In anticipation, commercial organisations of all sizes would be wise to consider now the procedures they have in place already to combat not just bribery and tax evasion as currently required, but also money laundering and fraud. In this regard it will be important to consider

• how the risk specifically affects your company, including not just how the company can fall victim to fraud but be used as a conduit for criminal activity;
• how is the risk to your company impacted by  the activities it undertakes and places in which it operates;
• that risk is not static and there will be need for continuing review;
• practical measures in place to mitigate risk; and
• whether those that act on behalf of the company, not just employees, have an awareness of the measures put in place and have been suitably trained.

Implementation of major changes is unlikely to be required at this juncture, but it will be important to start considering the safeguards that are in place and, where possible, fostering a culture of awareness around economic crime risk. Expanded corporate liability is on the table, and forewarned is forearmed.