In an age of increasing examination of corporate environmental, social and governance (ESG) standards, the Law Commission’s recent – and much-anticipated – options for reforms to corporate criminal liability may well have had many senior executives feeling apprehensive about new governance obligations. However, the options presented to the UK Government appear moderate; striving to strike a balance between the need to reform arguably archaic rules with ensuring that disproportionate burdens are not placed on corporations, directors and senior managers.  

The Law Commission presented its ten potential reform options for corporate criminal liability to the UK Government on 10 June 2022, the first substantial review of the framework since 2017. The Government first tasked the commission to review the laws in November 2020 and the Law Commission published its consultation paper in June 2021. Following this the Law Commission held a three-month public consultation from July 2021, to which it received 45 responses. 

The report focuses on five areas for reform and highlights ten options. Some options remain similar to the 2017 proposals but there is also a shift towards a greater legal accountability for ESG issues. The Commission sought to strike a balance between improving the legal framework while not creating an onerous regime of more regulatory red tape for businesses.  

Fresh ideas were also outlined for three critical aspects of the regime – the “identification principle”, possible “failure to prevent” offences and recommended alternatives to increase public scrutiny on wrongdoings.  

Corporate criminal liability – Options 1, 2A and 2B 

The identification principle is the established doctrine used to prosecute a company in certain circumstances, where the element of intent must be proved.  

The principle was established in Tesco Supermarkets Ltd. v. Nattrass and requires the proof of a “directing mind and will”. In the case, a store manager had not removed adverts for certain discount washing machines, leading to some customers being ultimately overcharged for alternative products. Tesco was charged under the Trade Descriptions Act 1968 for false advertising, which it fought, claiming it had taken reasonable precautions and due diligence so the company could not be held accountable for the conduct of the manager.  

Tesco was successful, with the House of Lords ruling the manager was not part of Tesco’s “directing mind”. The judge, Lord Reid, set out the test that corporate liability can only be attached when an official is “acting as the company and his mind which directs his acts is the mind of the company” and “if it is a guilty mind then that guilt is the guilt of the company”. 

Despite being a well-established legal principle, the doctrine has some perceived flaws when it comes to application. For example, it is not easily applicable within a large corporate context. The threshold is much easier to surmount at an SME, for instance, where a small number of senior executives make most or all key decisions. This means that an SME may be more readily found to be criminally liable than a multi-billion-pound, multi-jurisdictional, multi-platform corporation.  

The Commission considered a selection of options, including (and rejecting) the US “respondeat superior” model (which attributes the criminal acts of any employee to the company, where the acts were committed in the course of employment and with an intention to benefit the company) and a model similar to Australian Commonwealth law of attributing some fault elements – such as intent – to companies by way of their policies and procedures, on the basis that they are indicative of the culture of the corporation.  

The major alternative proposal in the report,under Option 2, is akin to Canadian legislation which allows the acts and mental states of “senior managers” to be attributed to a company. Alongside this, it also considered the Australian model of attributing the acts of “high managerial agents” to the company for which those individuals work. It would specifically allow conduct to be attributed to a corporation if a member of its senior management engaged in, consented to, or connived in the offence. This could be drafted so that chief executive officers and chief financial officers are always considered part of an organisation’s senior management. 

Thus Option 2 may help specify the criteria of the “identification principle” insofar that the most senior executives at a company will always be held culpable irrespective of the size and scope of the business.  

The remaining option put forward by the Law Commission was to retain the identification principle for now. However, the Law Commission emphasised that should this be the preferred option, it would strengthen the arguments to implement new “failure to prevent” offences.  

“Failure to prevent” fraud – Option 3 

The second point of discussion for the Law Commission was how “failure to prevent” offences may apply in the wider criminal context, specifically to economic crimes, such as fraud.  

There are already such frameworks in place for offences such as bribery and facilitation of tax evasion, namely under the Bribery Act 2010 and Criminal Finances Act 2017 respectively. Here, the wider corporate entity can be found criminally liable for the wrongful behaviour of individuals, contractors or those in the supply chain, with the only defence being if the company can prove it had adequate procedures in place designed to prevent the said conduct.  

The Commission rejected the proposal to impose a generalised “failure to prevent economic crime” offence on the basis it would “impose a large, generalised duty on organisations to identify risks of offending which could occur in an enormous variety of ways across the organisation” which would “potentially place huge compliance burdens on companies”. Instead, Option 3 (failure to prevent specific offences) was preferable; namely introducing an offence of failure to prevent fraud by an employee or agent. This would apply when a company fails to implement appropriate measures to prevent their own employees or agents committing a fraud offence for the benefit of the company. 

A failure to prevent fraud offence will be relatively easy for legislature to draft by mirroring the existing bribery and facilitation of tax evasion models. In such a scenario, the company will need to ensure that it puts all the relevant structures in place – such as clear guidance, staff training, reporting lines, regulatory breach protocols and the like. Indeed, many companies could simply add a fraud component to the existing compliance structures as it could be argued these are all issues involving criminal wrongdoing, it is just whether the offence would be bribery, fraud or tax evasion.  

Additional “failure to prevent” offences – Options 4-6 

The report also considers a focused “failure to prevent” policy for human rights abuses, neglect and ill-treatment of vulnerable adults and computer misuse, which are under Options 4, 5 and 6.  

Human rights abuse, such as modern-day slavery, occurring in a company’s supply chain, operations or downstream value chain is an increasingly high profile issue for governments and companies alike. The EU, for example, has recently proposed a directive which would make due diligence on these issues mandatory. Option 4 floats the possibility of an alternative, based on the failure to prevent model. However, the Law Commission appears lukewarm on the proposal and casts significant doubt over the extra-territorial effect of any such mechanism. Without the power to hold UK companies accountable for human rights impacts in their overseas values chain, practical effect of the mechanism would be substantially curtailed. 

Alternative forms of redress – Options 7-10 

The final four options proposed by the Law Commission focus on holding entities to account with enhanced legal redress and public scrutiny.  

Option 8 outlines the introduction of a regime of administratively imposed monetary penalties. The concept is for companies to be subject to monetary fines from a regulatory authority for breaches of its obligations without the only cause for redress being potentially lengthy and costly criminal prosecution.   

The report suggests a regime of “general obligations to avoid fraud by associated persons for the corporation’s benefit, but subject to greater flexibility as to how to achieve this, similar to the current regimes concerning market abuse, anti-competitive practices, breach of financial sanctions, or money-laundering and terrorist financing.” 

This would be similar to the powers given to the Financial Conduct Authority and Prudential Regulatory Authority under the Financial Services and Markets Act 2000, with the report concluding that such a regime could “apply where a corporation has failed to take reasonable precautions to prevent an associated person from committing a crime, such as fraud, with intent to benefit the corporation.” 

In conjunction with administratively imposed monetary penalties, a Serious Crime Prevention Order (SCPO), as outlined in Part 1 of the Serious Crime Act 2007, is court action taken by the Crown Prosecution Service or the Serious Fraud Office that can put legal restriction on a company’s dealing, including commercial and financial aspects. 

The report acknowledges that SCPOs have been very rare, mainly because they are proactively used to prevent further crime rather than reactively used against already committed crime. Indeed, the Commission states that just one civil SCPO is believed to have been successfully obtained, back in 2013 against a drug-trafficker, so questions remain whether there would be huge appetite for them to pursue economic crimes.  

In terms of public scrutiny, Option 7 suggests making publicity orders available (requiring the corporate offender to publish details of its conviction) in all cases where a corporation is convicted of an offence while Option 10 would see the introduction of a reporting requirement requiring large corporations to report on anti-fraud procedures. 

Publicity orders can already be deployed in certain circumstance, including corporate manslaughter and intellectual property cases, but the commission suggested they could be extended to certain offences, specifically environmental, food safety and health and safety. The purpose is to deter regulatory non-compliance as it can impact the public reputation of a business – as would (potentially burdensome) anti-fraud reporting, which could be modelled onto Part 15 of the Companies Act 2006 that requires companies to produce an annual report to investors. 

Key take-away points  

The options put forward, and those considered but ultimately rejected, reflect the Law Commission’s desire to strike a balance between overcoming difficulties with the current law while stopping short of imposing onerous obligations on companies. In summary, companies should be aware: 

• Although the Law Commission has presented its options to the UK Government, there is no timeline for next steps; any changes will not be imminent;  
• Any change will be moderate; the identification principle attaching criminal liability to companies will either remain or be modestly changed;  
• There are likely to be new “failure to prevent” offences, particularly the failure to prevent fraud;  
• The Law Commission did not consider it prudent to put forward an option allowing principles and directors to be personally criminally liable on the basis of neglect; and 
• An administrative monetary penalty regime could be introduced, eliminating the necessity of criminal prosecution in minor cases. 

Aaron Stephens and Jules Quinn are partners at King & Spalding and Peter Hood is of counsel at the firm