Two steps forward, no steps back - Corporate criminal liability reform

11 min read

Now that UK Parliament is back in session following the summer recess, there is renewed political momentum behind the Economic Crime and Corporate Transparency Bill. The Bill includes reform of criminal liability for corporates. It would: (1) create a new offence of failure to prevent fraud; and (2) expand the ‘identification principle’ - so that economic offences committed by a wider range of individuals can result in criminal liability for corporates. When passed into law, which is expected soon, these proposals will create a powerful package that will make it easier for corporates to be prosecuted in the UK for economic crimes.


The reforms have been presented as part of the UK Government’s fight against the UK’s fraud epidemic. While they are significant in the corporate crime context, they are unlikely to have an impact on the online payment scams, identity theft, spoof calls and false invoice scams that are defrauding individuals and which are the subject of most of the Government’s anti-fraud rhetoric.

Rather, the reforms are born out of the difficulty in imputing criminal liability to corporates for economic crimes carried out by individuals connected to the corporate’s business. Currently, the main way that a corporate can be found guilty of a criminal offence, is where the offence is committed by an individual who represents the corporate’s “directing mind and will” (the ‘identification principle’).  However, the principle has long been criticised for setting too high a bar for establishing corporate criminal liability, particularly for large and complex corporates where decision-making power does not rest with single senior executives.  This led to the Law Commission’s June 2022 Paper which set out several options for potential reform – including the two proposals now included in the Bill.

Failure to prevent fraud

The first proposal - the new failure to prevent fraud offence, will join what is now a series of UK strict liability offences in this mould, alongside the failure to prevent bribery and the facilitation of tax evasion offences. These offences don’t impose primary liability but give prosecutors a route to holding a corporate criminally responsible for primary offences committed by its employees, agents and other service providers.

The new offence means corporates will be criminally liable if an ‘associated person’ commits fraud for the corporate’s benefit or the benefit of a person or entity to whom the corporate provides services. Employees, agents and subsidiaries are presumed to be ‘associated persons’, but anyone else who performs services for or on behalf of the corporate can also be an associated person. Importantly, fraud for the associated person’s benefit only will not be caught and the organisation will have a defence if it can prove that it had reasonable prevention procedures in place at the relevant time.

The new offence captures many fraud and false accounting offences, which are listed in a schedule to the Bill.  Aiding, abetting, counselling, or procuring the commission of one of these frauds is also in scope. The Secretary of State will have the power to add other economic crimes to the list of offences by secondary legislation - without full legislative scrutiny.

Territorial scope

Under the Government’s proposal, an organisation can only be guilty of failure to prevent fraud if the UK courts have jurisdiction over the underlying fraud offence, for example, if the fraud caused harm suffered in the UK.  This contrasts with the position under the existing failure to prevent offences (for bribery and the facilitation of tax evasion) which can bite on corporates even where all elements of the underlying offence took place overseas.  

Large organisation criteria

As currently drafted, the offence only applies to ‘large’ corporate groups or partnerships, which meet two out of the following three criteria: (1) more than 250 employees; (2) more than £36 million annual turnover; and (3) more than £18 million in total net assets. The Secretary of State would have the power to amend this criteria or scrap it altogether.

This aspect of the offence has been subject to robust debate. The House of Lords voted narrowly in favour of removing this criteria in June, but the House of Commons rejected this amendment on 4th September – meaning the ‘large organisation’ criteria is still in play.

Failure to prevent money laundering

A second material amendment to the Bill was also voted through by the House of Lords in June, but then rejected by the House of Commons on 4th September – this was to include an additional offence of failure to prevent money laundering.

The Government has consistently opposed this expansion on the basis that it overlaps with existing money laundering regulations, which already impose anti-money laundering (AML) compliance requirements on regulated businesses.

Compliance procedures

The Government is required to publish guidance on the ‘reasonable procedures’ defence before the new offence comes into force.  However, the new offence covers a broad range of conduct, and fraudulent conduct is, by its nature, significantly more difficult to define (and therefore design procedures to prevent) than bribery or tax evasion.  As such, it remains to be seen how successful the guidance will be in providing meaningful assistance to corporates when they are designing their anti-fraud compliance procedures.  Even when the guidance is issued, it is likely that there will still be significant scope for uncertainty about what procedures organisations will need to have in place to avail themselves of the statutory defence.

Expansion of the identification principle

The second part of the Government’s package of reforms seeks to expand the identification doctrine for economic crimes, by extending the common law ‘directing mind and will’ model to expressly include ‘senior managers’. The Home Office have described this as the biggest proposed reform to the identification principle for more than 50 years.

If the draft legislation passes into law, an organisation will be convicted where a senior manager “acting within the actual or apparent scope of their authority” commits an economic crime. The organisation will be prosecuted as if it were the senior manager itself. The list of economic crimes this applies to is comprehensive and includes, amongst many others, bribery, money laundering, terrorist financing, sanctions breaches, fraud, and false accounting offences. It will also apply where a senior manager attempts, conspires, aids, abets, counsels, or procures the commission of a specified offence.

Who is a senior manager?

A senior manager is defined as any individual who plays a significant role in (a) decision-making about how the whole or a substantial part of the organisation’s activities are managed or organised, or (b) the actual managing or organising of the whole or a substantial part of those activities.  This is a different definition to the more prescriptive test for senior manager under the FCA’s senior managers regime.  The definition here is more fluid and focuses on the practical reality of who wields power within the organisation.

The definition mirrors that in the Corporate Manslaughter and Corporate Homicide Act 2007 and will cover those in the direct chain of management and in strategic or regulatory compliance roles. This would likely include those in operations and legal and finance divisions.

There is nothing in the draft legislation to suggest the Government will issue guidance on this definition, for example, what constitutes a sufficiently ‘significant role’ or ‘substantial part’ of the organisation’s activities.  There is inherent flexibility with these terms and, in the absence of any guidance or judicial decisions, prosecutors may bring cases that push at the boundaries of the statutory provisions, perhaps seeking corporate settlements by way of deferred prosecution agreements or guilty pleas rather than testing these concepts in contested trials.

Interaction with Deferred Prosecution Agreements

The list of economic crimes covered by the proposed reform of the identification principle largely dovetails with the list of crimes for which corporate prosecutions can be dealt with via Deferred Prosecution Agreements (DPAs).  Under a DPA, corporates can avoid a trial and conviction by admitting facts, paying a fine and implementing changes to address the alleged wrongdoing.  But there is no right to a DPA – the ability to offer a DPA falls within the prosecutor’s discretion, and each DPA must be approved by a judge.  Prosecutorial policy is that corporates need to fully cooperate with an investigation to be eligible for a DPA.

Corporates who are exposed to potential criminal liability under the expanded identification principle may be incentivised to co-operate with investigations by law enforcement if relevant misconduct is identified, to maximise the chances of a DPA.  The potential risks of debarment (where a company is excluded from public contracts) can be significantly higher for corporates that are convicted of primary offences, compared to conviction for a ‘failure to prevent’ offence, which may also push corporates to seek DPAs.

Impact of the reforms

The new failure to prevent fraud offence will require a shift in focus - from organisations as the victims of fraud (inbound fraud), to increased responsibility for fraud committed by employees and other associated persons for an organisation’s benefit (outbound fraud).  Organisations caught by the new offence will be well advised to prepare by assessing their fraud risk, reviewing their compliance programmes, and identifying opportunities to enhance procedures and improve corporate culture. 

Lessons can be learned from the regulated sector, who have been required to have adequate systems and controls in place to prevent financial crime, including fraud and money laundering, for some time.  The regulated sector has increased its ability over the last decade to mitigate novel financial misconduct risks – learning lessons from the LIBOR and FX scandals, which dominated the regulatory enforcement landscape for several years, and resulted in large regulatory fines and extensive remediation programmes. Under the new failure to prevent fraud offence, the same fact pattern would give rise to the additional risk of corporate criminal prosecutions, not just regulatory action against the corporates and, in the case of LIBOR, prosecution of individuals. In addition, many corporates have had the opportunity to learn from their implementation of anti-bribery and corruption programmes and prevention of facilitation of tax evasion programmes, in response to the previous failure to prevent offences.

Reform of the identification principle is also likely to have significant and wide-ranging consequences. Broadening the range of individuals who could give rise to criminal liability for corporates should make it easier to successfully prosecute corporates for a wide range of economic crimes. This has been a key objective of successive Directors of the Serious Fraud Office.  

It is also likely to have a considerable impact on strategic decisions taken by corporates as to whether and the extent to which they self-report and cooperate with authorities. However, there are questions around whether this will result in many additional prosecutions. The Government’s Impact Assessment suggests that this reform will give rise to less than three additional court cases per year. This is likely due to the Government’s belief that the deterrent effect of the reform will reduce economic crime, and that corporate prosecutions will likely be dealt with via DPAs.

As ever, a key factor in how effective the reforms will be, is whether UK prosecutors are provided with the necessary resources to investigate alleged crimes and, in any event, whether they are able to do so effectively.

Interaction of the two new offences

The two new offences will operate in parallel. Prosecutors will make a choice to pursue: (a) primary liability under the expanded identification doctrine; (b) a failure to prevent offence (for bribery, tax evasion, and fraud); or (c) both, depending on the fact-pattern of the case.  If a failure to prevent offence is in play, prosecutors do not have to show the involvement of a senior manager, however the corporate may be able to rely on a ‘reasonable procedures’ defence (or an ‘adequate procedures’ defence in the case of failure to prevent bribery). On the other hand, if a prosecution for an economic crime under the expanded identification principle is pursued, the prosecutor will have to prove the involvement of a ‘senior manager’, and it will not be a defence for the corporate to show that it had reasonable prevention procedures in place.

Next Steps

The Government intends to implement the expanded identification principle two months after Royal Assent. Corporates can take steps to prepare for this now, by identifying who their ‘senior managers’ are and whether those individuals need additional compliance and economic crime training.

The new failure to prevent fraud offence will only come into force after guidance is issued on the reasonable procedures defence.  The difficult task of drafting guidance is still ahead and could take several months, particularly if it is subject to public consultation, as was the case with the guidance under the Bribery Act 2010.  Organisations and industry bodies should consider now whether and how they want to feed into any public consultation to ensure their voice is heard on what reasonable procedures should look like in this space.