Written with the assistance of Danielle Reece-Greenhalgh.
The past two weeks have witnessed some important developments relating to corporate criminal liability. On 30 November, the courts approved the first deferred prosecution agreement (DPA) in relation to the corporate offence of failing to prevent bribery under the Bribery Act 2010. On 9 December, the SFO brought the first charges against a corporate for the same offence. On 11 December, the DPP announced her decision not to prosecute News Group Newspapers for phone hacking and perverting the course of justice; her press release emphasised, quite deliberately, the limited ways in which English law holds a corporate to be criminally liable for the actions of individuals.
In the midst of these developments, on 9 December, HM Revenue and Customs (“HMRC”) published the responses to its consultation paper on the proposed new corporate offence of failing to prevent the facilitation of tax evasion; the HMRC paper published, for the first time, the draft legislation for the offence. If enacted in its current form, the offence would render a company criminally liable if persons associated with the company facilitate tax evasion. The offence is one of strict liability; it is irrelevant that the company might have known nothing about the underlying crime. However, it is a defence if the company had in place reasonable procedures designed to prevent persons from facilitating tax evasion. The offence thus encourages companies to take steps to seek to prevent anyone committing criminal acts relating to tax whilst representing the company during the course of business, for example when providing services to a client.
The offence is the latest development in an ongoing legislative agenda aimed at refashioning the basis of corporate criminal liability. In the past decade, successive Governments have proposed, or enacted, offences which move away from the traditional “identification” model of liability to a model which focuses on organisational failings or faults. As a result, companies are increasingly exposed to prosecution not because of what they or their senior management do, but on account of their failure to prevent others from committing crimes. This article explores this phenomenon, compares the relevant offences, and looks ahead to how this trend is likely to develop.
The identification principle
English criminal law has long recognised that companies can be criminally liable for strict liability offences (e.g. breaches of trade sanctions). However, in relation to offences requiring mens rea, a company’s criminal liability is normally determined according to the identification principle. This holds that a company can only be liable for the criminal acts or omissions of individuals if they can be identified as the company’s directing mind and will, i.e. directors and officers who carry out management functions. This explains why, historically, it has proved difficult to prosecute large companies for offences requiring mens rea, particularly if the companies operated through opaque decision-making structures.
It is this difficulty that the DPP identified (and thus seemed to blame) in her press release explaining why she was not authorising any criminal charges against News Group Newspapers: “The company will only be liable if it can be proved that the individual involved is sufficiently senior, usually close to or at board level, to be the ‘controlling mind and will’ of the company. Unlike other countries, the principles of vicarious liability or poor corporate governance, which are matters that are easier to prove, play no part in establishing corporate criminal liability. The present state of the law means it is especially difficult to establish criminal liability against companies with complex or diffuse management structures. In this case, as in any corporate liability case, we have looked closely at the overall structure of the company involved, and the level of management and decision-making powers of those involved, in order to come to a decision.”
In the sphere of economic crime, the first inroad into the identification principle was section 7 of the Bribery Act 2010. This created a novel offence, applicable to commercial organisations, of failing to prevent bribery committed by associated persons. If an employee or agent of the company commits a substantive bribery offence, the company itself is criminally liable unless it can demonstrate that it has adequate procedures in place designed to prevent the bribery. The offence is one of strict liability, and thus enables prosecutors to circumvent the identification principle.
The proposed offence of failing to prevent the facilitation of tax evasion is modelled on the section 7 bribery offence: they are both strict liability offences; they are both committed where a person “associated” with the company commits the relevant predicate offences; and they both apply extraterritorially (subject to a dual criminality provision in relation to the tax offence). Whilst the offences appear similar, there are two important differences.
First, the bribery offence applies to companies that are either incorporated in the UK or that carry on their business in the UK. A company could be prosecuted for the tax offence, however, even if it has no business in the UK, provided that an associated person has committed the relevant facilitation offence under UK law. This difference appears designed to complement HMRC’s newly enhanced powers of international cooperation and information sharing in tackling offshore tax evasion. Secondly, whereas a company is guilty of the section 7 offence as long as there is a single predicate offence of bribery committed by an associated person, a company would only be guilty of failing to prevent the facilitation of tax evasion if two predicate offences are committed. A tax crime would have to be committed by a taxpayer, and a person associated with the company would also have to commit an offence of facilitating the taxpayer’s crime. Thus the corporate offence can only be committed where two persons are involved in the underlying tax fraud. If no prosecution has been brought against these two people, HMRC would, in order to convict the company, have to prove to the criminal standard that both of these persons were guilty of the respective offences. This is unlike the position in a prosecution for money laundering, for example, where the prosecution does not have to prove to the criminal standard the commission of the predicate offence.
Understandably, the SFO has been keen to expand the “failure to prevent” model of corporate criminal liability to other economic crimes. The Conservative Party’s 2015 election manifesto pledged that this would happen. However, on 28 September, the Government suddenly, and with little fanfare, placed this initiative on hold, announcing that: “there have been no prosecutions under the model Bribery Act offence and there is little evidence of corporate economic wrongdoing going unpunished.” The wording of this announcement was curious to say the least. Many criminal lawyers (including David Green QC) would argue that corporate economic wrongdoing was going unpunished precisely because the existing law, namely the identification principle, made prosecutions so difficult. What, then, explains the Government’s U-turn?
It is true that, when the announcement was made, there had been no prosecutions of companies for the section 7 offence, and the Government may have wanted to assess whether such prosecutions were viable, and how the judiciary would interpret the offence. But the Government’s announcement was also most likely a case of pre-election rhetoric hitting the rocks of electoral reality. In a period of economic growth, it would make little political sense to introduce wide-ranging criminal sanctions that could undermine continued prosperity and upset the business community. Equally important, there was arguably no catalyst for change – a case which reveals the limitations of the existing law, or which stimulates the concern of the British public or the international community – which would make an expansion of the section 7 offence into the field of economic crime a politically expedient move.
In relation to the proposed tax evasion offence, there has been for many years a groundswell of public opinion denigrating the tax avoidance (and evasion) strategies of big businesses and the offshore advisory industry, culminating in the furore surrounding the complicity of HSBC’s Swiss subsidiary in assisting UK nationals in hiding their taxable wealth overseas. Likewise, the section 7 offence was introduced after sustained criticism of the UK’s light-touch approach to combating corruption, primarily from the OECD. In contrast, there has been no similar clamour for criminalising the failure by companies to prevent offences such as fraud, false accounting or money laundering. The Government may therefore have decided to take the path of least resistance, and do nothing.
That has left the law on corporate liability for economic crime in a somewhat unsatisfactory state, with some offences seemingly prioritised over others. This state of affairs is unlikely to persist. In the past two weeks, and after months of fevered speculation, the power of the section 7 offence has become plain for all to see. On 30 November, the SFO secured its first DPA in relation to Standard Bank Plc, which admitted to its failure to prevent bribery committed by employees of its associate bank in Tanzania. Within two weeks, the SFO announced that it had charged the Sweett Group Plc with a section 7 offence arising from its failure to prevent bribery committed by an associated company and its agents (the Sweett Group Plc had already publicly admitted the offence). The fact that significant banks and companies are now falling on their swords – and the size of the fines due to be collected as a result – is likely to bolster the political and economic case for an expanded section 7 offence.
Corporate manslaughter and care offences
The “failure to prevent” model of liability in the bribery and tax contexts has its roots in the Corporate Manslaughter and Corporate Homicide Act 2007. Under section 1 of this Act, a company commits an offence of corporate manslaughter if the way in which it manages or organises its activities both causes a death and amounts to a gross breach of a relevant duty of care owed by the company to the deceased. Whilst the offence attributes liability to a company based on its organisational failings or faults, it is not as radical as the “failure to prevent” offences. Whereas these offences are strict liability (in that the company can commit the offences without their senior management knowing that the associated persons are paying bribes or facilitating tax evasion), the corporate manslaughter offence requires the “substantial” involvement of “senior management”, and defines “senior management” as “those persons who play significant roles” in the company. In other words, the liability of the company is triggered by the acts or omissions of specified individuals, who are defined far more narrowly than “associated persons” in the “failure to prevent” offences. The offence of corporate manslaughter thus represents an uneasy middle ground between the old identification principle and the new failure to prevent model of corporate criminal liability. Partly because the corporate manslaughter offence has not freed itself completely from the identification principle, it has not been used to prosecute any large companies (unlike the types of entity now entering into DPAs or being charged under section 7 of the Bribery Act 2010).
The corporate manslaughter offence was reformulated earlier this year when a new care provider offence was introduced by the Criminal Justice and Courts Act 2015. Under section 21 of this Act, a care provider commits an offence if a person is ill-treated or neglected whilst under the care of the care provider and the care provider’s activities are managed or organised in a way which amounts to a gross breach of a relevant duty of care owed by the care provider to the victim. However, and in distinction to the corporate manslaughter offence, there is no requirement for “senior management” to be substantially involved in the commission of the offence. The offence is therefore slightly more radical than its corporate manslaughter embryo. Whilst not a “failure to prevent” offence of strict liability, it abandons the identification principle to a greater degree than corporate manslaughter does. The focus is on the seriousness of the organisational failings of the care provider, without any specific requirement to prove the complicity of the care provider’s directing mind.
Another important difference between the “failure to prevent” offences and the corporate manslaughter offence is their jurisdictional reach. As noted above, failing to prevent bribery or the facilitation of tax evasion are extraterritorial offences (indeed the conduct constituting the underlying bribery in the Standard Bank case was committed entirely outside the UK). Under UK law, a UK national can be prosecuted in the UK for murder or manslaughter committed abroad. In contrast, a UK company cannot be prosecuted in the UK for corporate manslaughter committed abroad. This seems anachronistic in an era of multinational business. It is arguably irrational and unethical for a UK company to escape liability for deaths which, had they occurred in the UK, could be prosecuted here, simply because the country in which the deaths occurred is unable to bring criminal proceedings due to, say, corruption or a poorly functioning rule of law.
The limited jurisdictional reach of the corporate manslaughter offence makes it tempting to think that the next leap forward in corporate criminal liability may relate to human rights abuses committed overseas. The key trigger for legislative change on this issue came with the 2013 collapse of the Rana Plaza building in Bangladesh. This building housed an estimated 5000 workers in five factories, producing garments for international brands such as Benetton, Monsoon, Primark and Walmart. On the day before this disaster, warnings were given that the building was structurally unsound after large cracks appeared in the walls. These warnings went ignored by the factory owners who were working to production and manufacturing deadlines for their corporate buyers. It was reported that any workers who showed reluctance in entering the building were threatened and even beaten by factory owners into returning to work.
Thus some of the biggest corporate names in the clothing industry were implicated, albeit indirectly, in the deaths of 1,137 people. But none of those companies were criminally liable under English law. That a company based in the UK could be held criminally liable for failing to prevent bribery committed by an agent during the course of business, but not for human rights abuses committed by that agent, is arguably unconscionable. Indeed, the United Nations Guiding Principles of Business and Human Rights has said that States should abide by their legal “Duty to Protect” by taking “appropriate steps to prevent, investigate, punish and redress such abuse through effective policies, legislation, regulations and adjudication” against third parties, including corporate bodies. However, the UN’s Guiding Principles are ultimately just guidelines, and do not represent a legal mechanism by which corporate liability (civil or criminal) can be established.
In the UK, an Action Plan was presented in September 2013 in order to implement the UN’s Guiding Principles. Nowhere in that document was there a reference to establishing a criminal offence, the focus apparently being on a more holistic and diplomatic approach to UK business and investment overseas. Whilst this document provides a useful indication of how businesses practising abroad should operate in order to safeguard human rights, it does not come close to addressing the impunity which was the target of the UN’s Guiding Principles.
Two years later, the UK’s approach is still to be consolidated in the form of consultation or further guidance, but movements within the international community may force the UK to expedite an announcement of its intention. A recent session of the Human Rights Council put this issue on the agenda, presenting a report from the Working Group on Human Rights and Transnational Corporations to work on further embedding the Guiding Principles into the international framework. The UK government chose to make a public statement (published 23 June 2015) during that session, welcoming the work of the OHCHR in this area and particularly the “focus on accountability and remedy.”
Shortly thereafter, the Modern Slavery Act 2015 was enacted. This Act created a series of offences, including human trafficking, that could be committed by companies through the application of the identification principle. But it did not introduce any “organisational failing” offence aimed specifically at companies – either on a failure to prevent or through a gross breach of a duty of care basis. The most radical innovation in terms of corporate accountability was section 54 of the Act, which requires companies to prepare an annual report on slavery and human trafficking, and the steps which it is taking to ensure that such exploitation is not happening in any sectors of the business. Failure to do so, however, carries civil rather than criminal sanctions, and the requirement is only imposed on companies with a significant turnover.
Legislating for failing to prevent corporate human rights breaches will be no easy feat, and progress is likely to be slow. Challenges in defining what constitute human rights, in identifying jurisdictional applicability and in establishing the benchmark of responsibility by which corporate bodies will need to measure their international practices may prove to be an insurmountable hurdle.
The past decade has witnessed a number of offences enacted, or proposed, which have either abandoned or eroded the identification principle. The thresholds for establishing the criminal liability of the company for these offences are different, but they share the presumption that a company should be prosecuted if its organisational faults or failings are such that others associated with the company have committed crimes.
In the field of economic crime, the frequency with which “failure to prevent” offences are investigated is likely to be based primarily (albeit not exclusively) on self-reporting by companies keen to avoid or defer prosecution. For some companies, self-reporting to the authorities at an early stage will be second nature if they are FCA regulated or they have experience of the US enforcement environment. For other companies, the idea of self-reporting a crime which senior management knew nothing about at the relevant time, and which may have occurred thousands of miles from the UK, may well seem deeply unattractive, with little certainty of outcome.
But as the SFO brings further charges, or proposes new DPAs, for the offence of failing to prevent bribery, the impetus will inevitably return for expanding the “failure to prevent” and “gross breach of duty” models into new types of corporate crime. Other prosecutors will look with envy at what the SFO is achieving. HMRC seems determined to introduce the offence of failing to prevent the facilitation of tax evasion. The DPP has signalled her frustration with the straightjacket of the identification principle. The landscape of corporate criminal enforcement looks set to become even harsher.
New Fraud Prevention Offense May Not Make Much Difference
February 21 2024
Human rights risk to UK EU Mutual assistance post Brexit
January 31 2024
Anna Rothwell writes for Solicitors Journal on the misuse of INTERPOL and UN cybercrime policies
January 18 2024