Locations
This article was first published by Fraud Intelligence.
The Economic Crime and Corporate Transparency Act 2023 (the "2023 Act") has introduced a number of changes, including reforms to Companies House and the introduction of the new Failure to Prevent Fraud offence. Arguably, however, the most radical change is the long-awaited reform to the so-called Identification Doctrine. So, what does this mean for the future of corporate criminal liability?
The Identification Doctrine
Since the early 1970s, absent a specific statutory corporate offence or one imposing strict liability, corporate criminal liability has been determined according to the Identification Doctrine. This is the common law rule on how criminal liability is attributed to a company or partnership via the conduct of certain senior individuals.
According to the Identification Doctrine, where a criminal offence requires proof of a specific mental state, or ‘mens rea’ (such as intent or dishonesty), a company could only be found guilty if an individual who represented the company’s ‘directing mind and will’ possessed the requisite state of mind. In practice, this means that a company can only be convicted of a criminal offence if the commission of the offence can be attributed to someone who, at the material time, was the “directing mind and will of the company or an “embodiment of the company's.
While the test is, objectively, straightforward, as companies grew into more complicated structures, the common law doctrine proved a blunt instrument. Time and again it exhibited shortcomings in achieving its aim of attributing corporate criminal liability. One of the most high-profile examples is SFO v Barclays which held that even the CEO and CFO were not considered to be the directing mind and will for the purposes of attributing criminal liability to Barclays itself. The court's narrow interpretation of the doctrine required the prosecution to establish that the senior individuals had "complete discretion" or "entire autonomy" over the deal including its final signing off.
Statutory Reform to the Rule of Attribution
After decades of pressure from prosecutors, with wholesale reform requested by successive SFO directors, section 196 of the 2023 Act offers a meaningful attempt to address these shortcomings. Coming into effect on 26 December 2023, an organisation of any size will be criminally liable when part or all of a specified economic crime is committed in the UK by a senior manager of that company or partnership. Although currently limited to certain economic crimes, including fraud, bribery and tax offences, the government intend to expand it to all crimes in the upcoming Criminal Justice Bill.
Borrowed from the definition in the Corporate Manslaughter and Corporate Homicide Act 2007 (the "2007 Act"), a senior manager is a person who plays a significant role in:
- the making of decisions about the whole or a substantial part of the activities of the organisation; or
- the actual managing or organising of the whole or a substantial part of those activities.
The explanatory notes to the 2007 Act set out that it covers both individuals in the direct chain of management and those in strategic or compliance roles.
As such, if the senior manager is guilty of criminality, the business will also be guilty.
A company convicted of an offence will be subject to an unlimited fine and subject to mandatory disbarment under the Procurement Act 2023.
Extra-territorial Application
The 2023 Act applies to domestic and non-UK incorporated companies alike. As provided for in section 196(3) of the 2023 Act, where the act or omission takes place outside the UK, the company will only be guilty of the relevant offence if it would be guilty of that offence in the location where the misconduct took place
What will the change mean in practice?
Prosecutors are, unsurprisingly, heralding the changes as a sea-change moment in the fight against economic crime. They are not wrong. The 2023 Act's focus on fraud drastically increases the types of offences a company can be held liable for and the reformed Identification Doctrine opens the door for a much wider body of employee whose actions can be attributed to a company. Corporates in both regulated and non-regulated sectors are therefore well advised to sit up and take notice of this significant lowering of the threshold for corporate liability.
That said, it will not be smooth sailing for prosecutors and the SFO have already conceded that they expect there to be contested proceedings to ascertain who comprises a 'senior manager' or what represents a substantial part of an organisation. There is a recognition that, although not new, the senior manager definition borrowed from the 2007 Act is untested. To date, there have been no corporate enforcement proceedings under its provisions.
At first blush, the introduction of the concept of senior manager will broaden corporate attribution, given the wider category of individuals to fall within it. However, in practice, prosecutors will still be tasked with first identifying the alleged criminality and then attributing it to sufficiently senior employees, acting within the scope of their authority. In complex, multi-national companies, this will be a difficult exercise.
Further, the reference to 'substantial part' may also cause difficulties for prosecutors. As there is currently no accompanying guidance on this, it remains to be seen whether 'substantial' takes on its ordinary, quantitative meaning, or be applied more widely. Arguments around delegated responsibilities and ascertaining whether someone was acting within the actual or apparent scope of their authority are also likely to be happy hunting ground for defence counsel.
A potentially unintended consequence of the reforms is the increased exposure for small and medium sized enterprises ("SMEs"). The new failure to prevent fraud offence is restricted in its application to large organisations only. While those in the House of Commons were seemingly concerned about placing further compliance burdens on SMEs to justify their exclusion, the changes to the Identification Doctrine apply to all companies regardless of their size.
There is no defence of 'adequate procedures' available to SMEs. Importantly, they also cannot seek to avail of a deferred prosecution agreement ("DPA") either. For example, if a large company uncovers fraudulent behaviour within the organisation and the statutory defence is not available to them, the option of a DPA remains open to them. However, SMEs are excluded from the scope of the failure to prevent fraud offence so do not have this route open to them. Given the unavailability of a non-trial resolution, it may be that SMEs will feel the brunt of this new change.
Praemonitus, Praemunitus. Forewarned is Forearmed
The good news for corporates of all sizes is that steps can be taken now to mitigate their risk. The new identification doctrine is part of a package of measures in the 2023 Act ultimately aimed at improving corporate culture. Keeping this principle as the guiding star when conducting economic crime risk audits will put you on the front foot should any issues subsequently be discovered within the business.
With the new doctrine coming into effect imminently, the time to act is now to identify any areas of vulnerability. Risk assessments targeting economic crime, particularly fraud, ought to be refreshed as a priority across the corporate footprint. In conjunction with external counsel, steps should be taken now to identify who in the business can be considered a senior manager. This exercise will go beyond mere work titles and involve an assessment of their actual role within the business, alongside assessing the economic crime risk falling within the scope of their authority. Consideration can then be given to how best to manage these risks, from training through to targeted audits.
Please contact the Fieldfisher Fraud, Commercial Crime & Investigations Team to discuss any questions arising from this article.