It’s certainly true that the UK criminal authorities have been crying out for a shot in the arm in the form of legislative reform, but will changing the law really help the Serious Fraud Office ("SFO") achieve more corporate convictions? We look here at the reforms and what they mean for UK companies. This is third in the series of our articles looking at the impact of the Economic Crime and Corporate Transparency Act.
Earlier this year, we foreshadowed the significant proposed reforms to the so-called “identification doctrine” for economic crime offences here. These changes have now been introduced by the Economic Crime and Corporate Transparency Act 2023 ("the Act"), which received Royal Assent last month, in addition to a new failure to prevent fraud offence – see our separate Engage article on this development and the timing for its commencement.
The key changes
The test for attributing criminal liability to companies which has operated in the UK for the last 50 years was established under common law by the House of Lords in 1971, and required that an offence must be committed by the “directing mind and will” of a company to trigger attribution of liability to the corporate itself. In essence that meant that a prosecutor had to prove that individuals at the very top of a corporate’s management and governance structures had the requisite mens rea – the mental state element of the criminal offence – to pin criminal liability to the corporate itself.
This has meant that corporate prosecutions for mens rea offences have been rare.
As long ago as 2014, the then Director of the SFO, Sir David Green, called for a more expansive “failure to prevent” regime based on the Bribery Act but covering all economic crime.
In 2020, Green's successor Lisa Osofsky called for new laws to make it easier to obtain corporate convictions in the wake of the failure of the prosecution in the Barclays Qatar case. In that case, the SFO alleged that senior Barclays executives committed a fraud during the 2008 financial crisis. The court, applying the common law position noted above, determined that those senior executives, which included the CEO and CFO, did not represent the "directing mind and will" of Barclays. Instead, the decisions at the centre of the alleged fraud were vested in the Board, the Board Finance Committee, or the Group Credit Committee. It was in the wake of this decision that Osofsky noted that the "narrow application of the 'controlling mind' test, [makes] it very difficult to hold companies with complex governance structures to account for their fraudulent conduct3".
In summer 2022, the Law Commission published its Options Paper on Corporate Criminal Liability; the culmination of a project that started in November 2020. The Options Paper considered ten options for reform which included the retention of the “identification doctrine” and the introduction of a trio of corporate failure to prevent offences (encompassing failure to prevent fraud, failure to prevent human rights abuses and the failure to prevent ill-treatment or neglect).
The UK's most senior prosecutors were crying out for help to hold corporates to account or, as some cynics may say, help to incentivise more self-reporting and more Deferred Prosecution Agreements.
Ultimately, the prosecutors’ cries for help were heard. As of 26 December 2023, the law will attribute criminal liability to a company where a senior manager, i.e., a person who plays a significant role in the making of decisions about the whole or a substantial part of the activities of the organisation, commits an economic crime offence4 when acting within the actual or apparent scope of their authority.
For the time being, this reform only applies to economic crimes, which include fraud, bribery (both active and passive) and money laundering. Further, statutory offences covering tax, theft, fraudulent trading, terrorist financing, and the common law offences of cheating the public revenue and conspiracy to defraud are also captured. Attempts or conspiracies to commit a listed offence also fall into scope. As we noted in our previous Engage article, the offences created by the Modern Slavery Act are a notable omission5; these do not currently fall into scope.
However, hot on the heels of this reform, a new Criminal Justice Bill commenced its passage through Parliament on 14 November. If this becomes law as drafted, it will allow for liability to be attributed to a company on the basis of any criminal offence committed by one of its senior managers while acting within the scope of their actual or apparent authority (and so this would cover modern slavery offences).
The Act applies to both UK and non-UK incorporated companies.
However, where the misconduct forming part of the relevant economic crime offence takes place entirely outside the United Kingdom, the company will only be guilty of the relevant offence if it would be guilty of that offence in the location where the misconduct took place (i.e., where the local jurisdiction has a parallel criminal offence capturing the misconduct6). This could transpire to be an important caveat (and even a narrowing of the test) not least because the principal offences of the Bribery Act, for example, otherwise give rise to liability for companies incorporated in the UK no matter where in the world the offence took place.
What does this mean in practice?
Imagine a UK headquartered business with international operations. It is a responsible corporate and has robust compliance policies and procedures in place.
Its Middle East/North Africa operations are headed by a local manager in Cairo; sales in the region are significant.
The local manager is responsible for the day-to-day running of the Middle East desk. He doesn’t sit on the Board of the UK business; he isn’t a member of the C-Suite, but he has managerial responsibility and is employed by the UK entity.
The Middle East desk often comes to the attention of local authorities, whose officers often visit the local manager and his staff. They threaten to revoke local operational licences for no good reason. The local manager uses the petty cash allowance, meant for taxis, food, and other trivial business expenses, to make weekly facilitation payments to local law enforcement. The operational licence remains untroubled.
At today's date, the UK business could have a potential exposure to a failure to prevent bribery7 allegation. But its anti-bribery and corruption processes are strong, and it is confident that whilst the local manager is its Associated Person, as defined by the Bribery Act, it has procedures in place that are adequate to prevent bribery. Accordingly, it has an available defence.
However, from 26 December, when considering the criminal liability of the UK business, in addition to the above, a prosecutor would ask whether the local manager played a significant role in the making of decisions about the whole or a substantial part of the activities of the business when acting within the actual or apparent scope of their authority.
If the answer is in the affirmative, the company would be at risk of prosecution for the underlying, substantive offence of bribery of another person8 if a parallel active bribery offence exists in Egypt. Whether or not the company had adequate procedures will not act as a statutory defence in this case (although it could impact sentencing).
The implications of this change are far-reaching.
What should companies do to prepare?
Whether a senior manager is considered to bind the company for the purposes of criminal liability will turn on much more than simply their job title; it will involve a material factual inquiry into their roles and responsibilities in real terms (rather than as contractually documented) in addition to looking at their agreed roles and responsibilities. We predict that the definition of senior manager will bring with it significant litigation before the position is settled.
However, the first essential step for all corporates will be to map those individuals potentially accountable under this reform and build this into bribery/fraud/financial crime risk assessments.
Given the wide definition9 of a senior manager under the Act, this mapping exercise will likely be dependent on sector, the operations of particular business units and possibly even on a transactional basis.
Secondly, and importantly for UK organisations with an international presence, understanding local law exposure for economic crime is essential.
Thereafter, companies should consider their risk mitigation strategies in respect of their pool of senior managers. This may be in the form of training, supervision and oversight and approval processes for key decisions. Other considerations may include a review of internal HR processes to limit the possibility of junior employees inadvertently falling into the scope of the definition of senior manager through lack of supervision or an overstretch of delegated responsibilities.