Holding corporates to account: are we there yet?

Neil Swift and Dan Hyde at Peters & Peters LLP believe that proposals for corporate criminal liability reform could send shockwaves through industry

 

Last month, five and a half years after the Government’s call for evidence, the Law Commission published its paper on potential reforms to corporate criminal liability laws. The Government must now decide whether to adopt any of the reforms endorsed, or indeed to proffer their own, and when they may appear on the legislative agenda.

 

Although economic crime has been a recent focus for the Government, it will likely be some time yet before any reforms are implemented. Nevertheless, if they are, many of those endorsed by the Commission would fundamentally shift how corporates are held liable for crime generally, especially economic crimes.

 

Of particular note are the potential changes to the “identification principle” and a new “failure to prevent fraud” offence. Both would greatly impact UK companies and non-UK companies that conduct any part of their business in the UK.

 

To some extent regulated firms will have a head-start on corporates in other sectors, given current obligations under financial services legislation, but the requirements under any new laws are likely to be more extensive than the measures currently in place.

 

In what ways do corporates commit offences?

The “identification principle” is one of the main ways that a corporate can be found guilty of a criminal offence.  Broadly, it means a person who represents the company’s “directing mind and will” must have engaged in the conduct and have the necessary mental state of the offence.

 

Often, but not always, this involves criminal conduct by one or more of the board of directors. This can be difficult for prosecutors to prove, especially in larger companies where day-to-day operations and top-level corporate strategy and decision-making can often be diffused across the organisation. It is mainly for this reason that enforcement authorities (and others) have criticised the current laws.

 

A key measure endorsed in the paper is to make the corporate criminally liable when a member of its “senior management” engages in, consents to, or connives in (i.e. tacitly permitted), a criminal offence.

 

“Senior management” is intended to be wider than “directing mind and will” and would include any person who plays a significant role in either making decisions about how the whole or a substantial part of the organisation’s activities are to be managed or organised; and/or the actual managing or organising of the whole or a substantial part of those activities. Both CEOs and CFOs would be prescribed roles that always fall within this definition.

 

The Commission also put forward a “failure to prevent fraud offence” that would hold a corporate liable to failing to prevent fraud by any of its “associated persons” (which would capture a broad range of third parties, including employees and agents).

 

Fraud is likely to be widely defined. The offence would have to be committed by the “associated person” either with a view to benefitting the corporate itself or a third party to whom services were being provided on behalf of the corporate.

 

As with the current offence of “failing to prevent the facilitation of tax evasion”, the corporate would have a defence if it could show it had in place such prevention procedures as were reasonable in the circumstances (the current offence of “failing to prevent bribery” requiring prevention procedures to be adequate, rather than reasonable).

 

Relatedly, the Commission also endorsed a concurrent regime that would, in the same circumstances, enable a regulator (on the lower civil standard) to impose penalties broadly without recourse to the courts, as well as an obligation on larger corporates to issue annual public statements on its fraud prevention procedures, akin to those that currently exist on modern slavery and human trafficking.

 

What does this mean for firms?

Although changes to the “identification principle” would affect corporate criminal liability generally, firms would in practice likely focus their efforts on managing the risks of senior management engaging in economic crimes.

 

In this regard, risk-sensitive preventative measures such as recruitment due diligence and background checks, training, and greater encouragement of timely and widespread reporting of suspicions and concerns, would likely be heavily relied upon, and more effective than monitoring for red flags that may be precursors to actual misconduct.

 

To a large extent, roles that fall within the ambit of “senior management” would be readily identifiable and, as a starting point, could include those in FCA Senior Management Functions. However, firms would need to avoid drawing the circle too narrowly since those in scope will ultimately be determined by the Courts.

 

For many firms, a “failure to prevent fraud” offence and concurrent civil penalty regime would also likely require an expansive and expensive compliance reform project. The relevant fraud offences can be committed by a wide group of people across a firm (likely much wider than those who could pay a bribe on behalf of an organisation) in a vast array of circumstances. It could, for example, include anyone who interacts with customers or suppliers, and anyone who deals with records or documents relevant for accounting.

 

Firms may be able to leverage existing fraud risk assessments and controls to some degree (such as those connected with FCA PRIN 3, SYSC 3.2 and SYSC 6.3, and the Financial Crime Guide). However, these are unlikely by themselves to be appropriately focused (e.g. on insider fraud rather than fraud by unrelated third parties), detailed or broad enough to enable a firm to avail itself of the defence.

 

Although prevention procedures would only need to be “reasonable in the circumstances”, a careful analysis of the Government-issued accompanying guidance will be required.

 

What next?

The potential reforms are still at an early stage; much could change and there remains a real possibility that they may not take place at all.

 

However, any changes to the “identification principle” would be a substantial shift in risk profiling for firms and an even greater focus on pre-emptive measures such as senior manager recruitment due-diligence, training and reporting of suspicions and concerns would be required.

 

A “failure to prevent fraud” offence and civil regime would also require a significant compliance reform project, albeit one that would be quite familiar on the third time around.

 

---

 

Neil Swift is a Partner and Dan Hyde is an Associate at Peters & Peters LLP

 

Main image courtesy of iStockPhoto.com