Government confirms there will be a corporate criminal "failure to prevent" economic crime offence
Locations
UK government security minister Tom Tugendhat confirmed in Parliament on 25 January 2023 that the Government intends to include a corporate "failure to prevent" offence for fraud, false accounting and money laundering into the Economic Crime and Corporate Transparency Bill (the "Bill") that is currently being debated by the House of Commons.
Former justice secretary Robert Buckland had tabled an amendment to the Bill to introduce such an offence, which had received cross party support, but withdrew this following Mr Tugendhat's comments.
Although no further details have been provided as to exactly what this will look like, it is highly likely that it will be based on the "failure to prevent" bribery and facilitation of tax evasion offences in the Bribery Act 2010 (the "UKBA") and Criminal Finances Act 2017 (the "CFA"). Under those pieces of legislation a corporate entity is criminally liable if it prevents its associated persons (being widely defined as anyone who performs services on its behalf) from paying bribes or facilitating tax evasion. These are strict liability offences so it does not matter if the company was unaware of the actions of its associated persons. The only defence (for most companies) is that they had in place adequate procedures (under the UKBA) or reasonable prevention procedures (under the CFA). These are a set of policies and procedures tailored to the company's risks developed and put in place following a risk assessment.
The Government has been considering introducing a strict liability corporate "failure to prevent" economic crime offence for some time (the proposal having been first raised as long ago as 2013 - Criminal liability for businesses that fail to prevent fraud? | Fieldfisher). There was initially a Government consultation in 2017 regarding reforms to corporate liability for economic crime, the outcome of which (published in November 2020) was that the Government needed further evidence to consider the position more carefully. It then tasked the Law Commission with considering how the law on corporate criminal liability could be reformed (The Law Commission's Consultation on Corporate Criminal Liability – a second bite of the cherry or a measured approach to a thorny issue? | Fieldfisher). A consultation ran during summer 2021, with a number of potential options for reform set out by the Law Commission in June 2022. The options included (but were not limited to) a "failure to prevent" offence but until now the Government has been silent as to what reforms would be made. There has, however, been support for such an offence with both the Commons' "Fraud and the Justice System" and the Lords' "Fraud Act 2006 and Digital Fraud" committees separately recommending the introduction of such an offence in Autumn in 2022. There was also an abortive attempt to add such an offence to the Financial Services Bill in 2021 (Financial Services Bill: The "failure to prevent" offence raises its head again | Fieldfisher).
What this means for businesses
Although we do not yet know what the final form of the offence will look like, the impact of this new offence on all businesses could be significant. In the original amendment tabled by Mr Buckland, only the money laundering offence had a limited application, with the fraud and false accounting offences applying to all corporate entities incorporated or doing business in the UK. Given that neither the BA nor the CFA are limited only to certain categories of business it would seem likely that the new offences will also be given the widest possible reach.
A potential limitation to the offence, as set out by the Law Commission, would be to include a requirement for there to be an intention for the corporate entity to benefit from the conduct. This mirrors the offence under the UKBA but under the CFA there is no need for there to be any intention to benefit the business. Whilst unlikely to be allowed to pass without amendment, it is therefore not a given that for the purposes of the new offence the corporate would need to be an intended beneficiary for an offence to be committed, leading to the situation where it is criminally liable for actions it knew nothing about and did not stand to benefit from.
The prospect of a wide "failure to prevent" economic crime offence will be daunting to many businesses, particularly in light of the comments by stakeholders such as the director of the Serious Fraud Office, Lisa Osofsky, suggesting that it has the "potential to transform prosecution" of fraud. She has also referred to the introduction of the offence under the UKBA as a "game changer" in the SFO's ability to tackle bribery and corruption and there have been many high profile investigations under the UKBA since it came into force. Most recently, in November 2022, Glencore Energy UK Ltd was ordered to pay £280m after pleading guilty to seven counts of bribery following an SFO investigation. Whilst the offences involved also involved substantive bribery offences, it demonstrates the use to which the failure to prevent offence can play in acting as one of the 'hooks' by which companies are brought to the table by prosecutors. The "failure to prevent" offence under the UKBA has also featured in nine deferred prosecution agreements ("DPA") (which require the corporate to admit criminal conduct but allow a prosecution to be suspended). DPAs often include a significant financial penalty (such as the £497m paid by Rolls Royce), requirements to implement significant remedial measures to compliance programmes, being subjected to ongoing monitoring and self-reporting requirements, and to cooperate in any ongoing investigation related to the alleged offence, generally into individual suspects.
The simple reality is that, without the "failure to prevent" offence having been available to the SFO and its spectre looming over the companies in question, criminal investigations into the same misconduct may never have got off the ground, much less result in a successful enforcement action. Like it or not, the "failure to prevent" and DPA combination has also proven an effective way of the Government effectively outsourcing the cost and complexity of cross-border investigations to companies who are on the hook for criminal convictions if they fail to cooperate, resulting substantial net gains to the Treasury with minimal financial exposure or litigation risk. It is natural to assume, therefore, that there will be an increase in investigations and prosecutions once the new economic crime offence comes into force. Accordingly, businesses should be prepared.
What should businesses do now?
The introduction of a "failure to prevent" economic crime offence will be the most significant legislative change in corporate criminal law in recent history, organisations will therefore need to take a broader look at how to mitigate their risk of economic crime, and to ensure that they can demonstrate that they have adequate procedures in place to prevent it.
The SFO's guidance on "Evaluating a Compliance Programme" sets out that, in assessing potential corporate wrongdoing, it will consider the state of a compliance programme at the time an offence occurred, the current state of the compliance programme and how it can change going forward. Whilst it is understood that risk cannot always be eliminated in its entirety, a risk based approach needs to be adopted by businesses for a compliance programme to be workable in practice. As such, there needs to be a real focus on preventative measures.
If the proposed "failure to prevent" offences are modelled on the UKBA and/or the CFA, regulators will expect to see the same six principles informing the procedures in place within businesses, likely to be confirmed in the equivalent Ministry of Justice guidance to that which was published following the introduction of those offences. The key first step therefore would be to carry out a thorough risk assessment. Businesses will need to assess the nature and extent of their exposure to potential internal and external risks of economic crime on their behalf by persons associated with them. Regulators would look at how businesses have identified, assessed and defined their risk profile, in order to assess whether the procedures in place were adequate to prevent economic crime.
Once the risks have been identified, businesses should then evaluate whether their procedures are proportionate to the risks their businesses face and to the nature, scale and complexity of their activities. Businesses should also be able to demonstrate that their processes and procedures are practical, accessible and effectively implemented and that there is a shared commitment to compliance from management, stakeholders and intermediaries.
The expansion of the use of the "failure to prevent" offence will have far-reaching ramifications for businesses, as we see a continuing trend towards a significantly lower bar for prosecutors to meet in order to establish corporate criminal liability, the exertion of increasing pressure upon companies to self-report occurrences of economic crime, and an increasing onus on companies of all sizes to meet minimum standards of economic crime compliance. As such, it is more important than ever for businesses to evaluate their compliance programs and assess whether they are effective in practice.
If you need any advice regarding economic crime or any assistance in reviewing your compliance procedures and undertaking a risk assessment, please do not hesitate to contact the authors of this piece, Nicola Sewell and Farheen Ishtiaq-Stansfeld, or any member of the specialist Fieldfisher Fraud and Commercial Crime Team.