Key Changes to Corporate Liability in the Economic Crime and Corporate Transparency Act 2023 – Expanded Identification Doctrine and New Failure to Prevent Fraud Offence

The Economic Crime and Corporate Transparency Act 2023 introduces several significant changes to criminal liability for organisations, although the ultimate impact of the Act on corporate crime remains to be seen.

After much wrangling and debate, the long-awaited Economic Crime and Corporate Transparency Act 2023 (the “Act”) received Royal Assent on 26 October 2023. The Act does not take immediate effect, as further Government guidance must be published before certain provisions come into force. The Act introduces a number of important changes to the economic crime regime, including grants of broader investigatory and prosecutorial powers to Companies House, the National Crime Agency (“NCA”) and the Serious Fraud Office (“SFO”).

The Act also introduces two important changes to corporate criminal liability: (1) expansion of the identification doctrine to cover “senior managers” (for economic crimes); and (2) a new offence of failure to prevent fraud which applies only to “large organisations.” Both updates follow long-standing criticisms of the UK’s corporate criminal regime and both are largely adopted from proposals made by the Law Commission in its 2022 publication Corporate Criminal Liability: An Options Paper (“options paper”). Whether these changes will make an appreciable difference in terms of preventing and prosecuting corporate crime or simply set up one more set of expensive compliance hurdles remains to be seen.

(1) Expansion of the Identification Principle

The Old Test – “directing mind and will”

The identification doctrine governs the mens rea requirement for corporate criminal liability. Historically, the UK applied the “directing mind and will” test, under which a company could only be held criminally liable if the commission of the offence could be attributed to a natural person who could be said to represent the company’s directing mind and will at the time the offence was committed.

This test has long been criticised, as it effectively limits corporate criminal liability to crimes committed directly by the highest-ranking executives. Particularly in the wake of a number of failed prosecutions, many commentators criticised the old identification doctrine as unfair and not fit for purpose. Under the “directing mind and will” test, prosecutions of large multinational companies with complex management structures were almost prohibitively difficult, as most company directors and senior managers were often too far removed from criminal conduct carried out on behalf of or within the organisation. Smaller companies with simpler structures were exposed to a greater risk of criminal liability because they were easier to prosecute under the existing doctrine, while larger organisations were able to shield themselves behind complex corporate structures, avoiding accountability.

The “directing mind and will” test is also notably narrower than the approach taken in several other jurisdictions. The US follows a respondeat superior model of corporate criminal liability under which companies can be held criminally liable for the activities of their employees and agents at any level where they act within the scope of their employment and their acts are, at least in part, motivated by an intent to benefit the corporation. Australian corporate criminal law allows corporations to be incur criminal liability for acts enabled or encouraged by the company’s “culture” as evidenced by its policies and procedures.

The New Test – “senior managers”

The Law Commission considered both of these approaches, but ultimately rejected them in favour of a more conservative expansion of the identification doctrine. Under the new test, reflected in section 196 the Act, criminal liability shall be attributed to an organisation if a “senior manager” acting within the actual or apparent scope of their authority commits a “relevant offence” listed in the Act.

The definition of senior manager is taken from the Corporate Manslaughter and Corporate Homicide Act 2007 (“the 2007 Act”) and includes individuals who play a significant role in either managing a corporate entity’s activities or making decisions about how such activities are managed. The Explanatory Notes to the 2007 Act suggest that “[t]his covers both those in the direct chain of management as well as those in, for example, strategic or regulatory compliance roles.” There is currently very limited case law defining a senior manager in the context of prosecutions under the 2007 Act. It will therefore remain for the courts to determine precisely who a senior manager is in this new context.

“Relevant Offences” limited to economic crime – for now

For the time being, the new “senior managers” test applies only to the list of economic crimes set out in schedule 12 to the Act. These include a wide range of offences most likely to be relevant to corporate wrongdoing, including money laundering offences, fraud, false accounting, tax evasion, bribery, and breaches of sanctions regulations. Inchoate forms of these offences including conspiracy to commit a listed offence and aiding, abetting, counselling, or procuring the commission of a listed offence are also defined as relevant offences. The schedule of relevant offences can be amended by the Secretary of State by regulation.

Although the expanded identification doctrine currently applies only to these specified economic crimes, the Government has noted in Factsheet on “identification principle for economic crime offences” that it is committed to introducing reform of the identification doctrine to all criminal offences in the Economic Crime Plan 2 and the Fraud Strategy. This was considered outside the scope of the Act at this stage and will take place once there is a suitable legislative vehicle.

How much will the expanded identification doctrine affect corporate prosecutions?

The expanded identification doctrine greatly increases the number of people whose actions can be attributed to a corporation for the purposes of criminal liability. The list of relevant offences is expansive, and most crimes for which a corporation is likely to be prosecuted have already been included. So, it might at first appear that this reform will lead to a substantial increase in the number of corporate prosecutions.

However, many of the existing hurdles to such prosecutions remain. The “senior managers” test still requires that a single person possess the necessary mens rea for a given criminal offence, which may fail to capture wrongdoing when it is caused or enabled by more complex corporate structures or policies involving multiple decision-makers. Some ambiguity remains regarding who is and is not a senior manager, which may further hinder the bringing of successful prosecutions in this context. The Government’s own Impact Assessment for “reform to the identification doctrine” indicates that a “minimal” zero-to-three new cases per year are expected to result from this change in the law.

(2) Failure to Prevent Fraud

Section 199 of the Act also introduces a new offence of failure to prevent fraud. The new offence complements the expanded identification doctrine by establishing an alternative route to criminal liability for organisations where the wrongdoing has not been ratified (or even known about) by anyone in senior management, but has been carried out for the benefit of the company, either directly or indirectly.

Elements of the failure to prevent fraud offence

An organisation will be guilty of an offence if a person “associated” with the organisation commits a fraud offence intended to benefit the organisation, directly or indirectly, or any person or subsidiary to whom the associated person provides services on behalf of the organisation. The organisation will not be guilty of the offence if the organisation itself was, or was intended to be, a victim of the fraud offence. It is not necessary to establish that any high-ranking individual within the company consented to or even knew of the offence in order for the organisation to incur criminal liability.

Extra-territorial reach

Like previously introduced failure to prevent offences, the new failure to prevent fraud offence has extra-territorial reach. The offence may apply even if the organisation and the associated person are based outside the UK if the associated person commits fraud under UK law or targets UK victims.

Reasonable prevention procedures defence

It will be a defence for the organisation to prove that, at the time the fraud was committed, the organisation had in place such prevention procedures as were reasonable in all the circumstances or that it was not reasonable to expect the organisation to have any prevention procedures in place. The Government has committed to publishing guidance providing organisations with more information about reasonable procedures before the new offence comes into force. This guidance is expected in early 2024.

Relevant fraud offences

The Government Factsheet on “failure to prevent fraud offence” makes clear that a wide range of misconduct will be considered fraud benefiting the company for purposes of this offence, including failing to disclose information, fraud by abuse of position, false statements by company directors, false accounting, and cheating the public revenue. It does not extend to conspiracies or attempts.

A last-minute carve-out for SMEs

The new offence will apply only to “large organisations” as defined in section 201 and 202 of the Act (adopting the standard definition set out in the Companies Act 2006). This was a last-minute addition, and the subject of much debate between the House of Commons and the House of Lords, as previous versions of the bill applied the new law to all organisations regardless of size. The Government pressed for an exemption for Small and Medium Enterprises (“SMEs”) on the basis that the new offence would impose a disproportionate regulatory burden on smaller organisations.

The past, present, and future of failure to prevent offences

The new offence is the latest in a series of failure to prevent offences introduced in the UK, starting with the failure to prevent bribery offence introduced by the Bribery Act 2010, followed by the failure to prevent the facilitation of tax evasion offence introduced by the Criminal Finances Act 2017.

According to the Government’s Impact Assessment for “introducing a failure to prevent fraud offence covering all large organisations,” the purpose of this new offence is to “build an anti-fraud culture within organisations, following the failure to prevent bribery offence in driving change in corporate culture.” The Impact Assessment notes the substantial cost implications of the new offence, with estimated “set-up costs” of £357.6 to £451.8 million, £439.1 million in year one, and ongoing costs of £59.5 million a year for years two to ten for affected organisations.

In its options paper, the Law Commission rejected the option of a generalised failure to prevent offence as this “would impose a large, generalised duty on organisations to identify risks of offending which could occur in an enormous variety of ways across the organisation, and to put in place procedures to prevent that offending from occurring. It could potentially place huge compliance burdens on companies.”

However, the Law Commission put forward three other categories of offence for which a failure to prevent model might be appropriate, as policy decisions by organisations may potentially make these types of conduct more likely: (1) failure to prevent human rights abuses, (2) failure to prevent ill-treatment or neglect, and (3) failure to prevent computer misuse. If the failure to prevent fraud offence is seen as successfully changing the culture and practices of organisations for the better, we may see a wider array of failure to prevent offences being considered in the future.

Conclusion

The new Act is the end result of years of discussion and debate regarding how to respond to economic crime in the UK and long-standing criticism of the UK’s corporate criminal liability regime as not fit for purpose. These new measures represent a dramatic change to the corporate criminal landscape and increase the likelihood of companies being successfully prosecuted in the UK. It will be well worth watching in the next few years whether these reforms genuinely lead to a dramatic change in the number and success of corporate prosecutions, or whether that goal remains elusive.

Vanessa Reid is a barrister at Mountford Chambers specialising in crime and regulatory law. She has significant experience advising and representing corporations and individuals responding to white collar criminal investigations and prosecutions across multiple jurisdictions.