Australian corporates and their boards should reconsider their management structures, policies and oversight regimes following law reform recently proposed by the Australian Law Reform Commission (ALRC), under which senior managers may be subject to civil penalty for failing to stop crimes committed by corporations.
The proposals arise from a sweeping review of corporate criminal responsibility commissioned by Attorney-General Christian Porter. The discussion paper is open for public comment until 31 January 2020, and a final report to government is expected in April 2020.
The ALRC says that the regulatory regime is too complicated and too many contraventions have been criminalised, including trivialities like failing to notify the regulator of a change in office hours.
The proposed primary form of corporate regulation would be civil rather than criminal, and there would be three categories of unlawful conduct. Criminal offences would be reserved for contraventions deserving of ‘denunciation and condemnation’ where a mere civil penalty would not be a sufficient deterrent, like fraud or market manipulation. Less serious misdeeds, like making a false or misleading representation, would be the subject of civil court proceedings. Finally, penalty notices could be issued for minor offences that don’t justify a prosecution.
The proposal requires a comprehensive review of thousands of Commonwealth offence provisions, to ensure they are appropriately categorised, and a redrafting of substantive provisions of the Criminal Code.
For matters that would normally be handled on a civil basis, an escalation process is suggested so repeat offenders could be exposed to criminal prosecution. This proposal will require some further development, as it is presently simplistically expressed by reference to multiple breaches of the same statutory prohibition. We can envisage a situation where a company breaches the same prohibitions by reason of very different conduct – for example, where there are multiple instances of misleading conduct or financial services licence breaches in relation to different campaigns or products. A greater commonality of facts (beyond simply breaching the same provision) should be required if a civil breach is to become criminal.
While the number of criminal offences will be reduced, companies may in fact be exposed to greater liability because civil contraventions are judged against a lower standard of proof and the court process is more straightforward.
Companies may also find themselves more often responsible for the actions of their staff. Under the proposal, a corporation would be imbued with the conduct and state of mind of any individual or corporation that performs services on behalf of the company, such as employees, agents and contractors. It will no longer be necessary to show that the company authorised or permitted the conduct, though for criminal offences it could escape liability if it exercised due diligence to prevent the offending. There would be no ‘due diligence’ safe harbour for civil prosecutions.
The ALRC has rejected the ‘failure to prevent’ or ‘adequate procedures’ defence found in the Criminal Law Amendment (Combatting Corporate Crime) Bill 2017 (Cth), which would provide a revised framework for dealing with foreign bribery. This Bill has lapsed but is expected to be shortly reintroduced. The ALRC also identifies principled objections against the Deferred Prosecution Agreement regime proposed in that Bill, including that they enable corporations to use their bargaining power with prosecutors to circumvent the opprobrium and practical consequences of a conviction, and can undermine deterrence by achieving a “cheaper” outcome. The ALRC seeks comments on whether that regime should be introduced.
These changes to companies’ liability are unlikely to cause much grief in the boardroom. There is no suggestion of increasing the obligations on directors, who are already heavily regulated.
But senior managers are in the firing line. The ALRC says that it is too easy for the ‘C-suite’, heads of department and general managers to ‘strategically generate a fog of diffused accountability’ and push down liability to middle-managers. Further, whereas directors do not have responsibility for day-to-day operations, senior managers have ‘the capacity to direct and control’ the parts of the business for which they are responsible. On that basis, according to the ALRC, they should be held accountable for the misconduct that occurs on their watch.
It proposes that a manager who could have influenced the unlawful conduct should be subject to a civil penalty unless they took reasonable steps to prevent it. Also, where they partake in the offending through intention, knowledge or recklessness, they will be criminally liable subject to a ‘reasonable measures’ defence.
Reasonable measures to prevent offending would be the subject of regulatory guidance (rather than legislation), and might include regular compliance monitoring, conducting training for employees, and taking action upon any breach of legislation or policy. There will need to be definitional certainty as to who is a ‘senior manager’ (and the ALRC invites submissions on that question). There is a risk in making the class too wide such that, yet again, junior staff become the target and those higher up avoid scrutiny.
This also emphasises the cultural importance of a senior role. The ALRC says senior staff should ‘utilise their position of influence in the corporation appropriately to ensure corporate compliance’. If they do so, the defence is available. However, it may make some roles harder to fill, and encourage staff to leave when they cannot be effective change agents.
And so, while corporations may find themselves under greater regulatory scrutiny, including for the actions of their staff, it is the senior staff themselves who may be subject to increased exposure under the proposed reforms.
There would have to be practical differences between the content of the ‘due diligence’ corporate defence, and the individual’s ‘reasonable measures’ defence. It would not be reasonable to impose responsibility for enterprise-wide compliance training on a senior manager, but the expectation would presumably be that the senior manager ensures their direct reports attend training, and sets the right tone from the top.
There may also be greater consequences for corporations. New penalties under consideration include orders which could require internal disciplinary action, entail organisation reform or, at the most extreme, prohibit the organisation engaging in certain commercial activities or require it to cease existence. This type of relief – also existential in nature – should be reserved for very serious breaches which reflect systemic failures.
As the consideration of these proposals progresses, Australian corporates and their boards should reconsider their management structures, policies and oversight regimes in order to comply with the expanded conception of corporate responsibility that may in the not too distant future become law. The governance changes they would require reflect best practice.