Law commission

Corporate Criminal Liability: A Response to the Law Commission Working Paper – Part Three: No More “Prevention Failure”? – Criminal law

To print this article, all you need to do is be registered or log in to

Model Corruption Law

The story so far

The Law Commission devotes surprisingly little of its working paper to what most would expect to be the government’s next step – one or more new “failure to prevent” offenses, based on the model created in the Bribery Act. 2010, and followed in the Criminal Finances Act 2017 (the CFA). The offense of paying a bribe, often committed in order to obtain a contract or other advantage for the benefit of a company, was and is well suited to this model, in which the organization becomes liable by an “associated person”, unless he can show that he had “adequate procedures” in place to prevent this from happening. The main effect of its creation has not been convictions but Deferred Prosecution Agreements (DPAs) under the Crimes and Courts Act 2013 between the Serious Fraud Office (SFO) and businesses, invariably unaccompanied convictions of “associated persons”. Tax evasion facilitation offenses (domestic or foreign) are perhaps less well suited to this model, and we have not yet had time to see if and how companies will be held accountable for the facts of ” associated persons” under the CFA, or how they might use the defense (subtly different from that of the Bribery Act) that they had “reasonable procedures” or that it was reasonable for them not to have them. When examining these offenses in more detail, several points should be kept in mind.

“Economic crime”

First, it is undoubtedly difficult to conceptualize, let alone examine the merits of a “failure to prevent” offense in general terms, even if reduced to a subset of “economic crime”, or to the (reasonably long) list of offenses in the 2013 Act for which DPAs are available. Businesses (and other organizations subject to these offences) may find it difficult to assess their risk for such a wide range of offenses likely to be committed by ‘associated persons’, and guidance will necessarily be complicated. The fact that different companies start from different points is also a complicating factor: while some may “strengthen” procedures to prevent (say) false accounting, falsification, fraud, market abuse, money laundering , price fixing, sanctions evasion, tax evasion and others, besides those they already have, others will be presented with a very steep learning curve indeed. The challenge, both in terms of formulating the offense and winning the case in Parliament, would no doubt be difficult, and the government might prefer to proceed in stages.

“Associated Persons”

Second, for offenses that are generally committed through the acts (rather than omissions) of individuals, with an element of “fault” (such as dishonesty or intent to mislead), the requirement that an individual has committed this act, and of having been at fault, remains important. Bribery and facilitating tax evasion are examples of this type of offence, as is fraud (perhaps the most obvious single candidate for the next “failure to prevent” offence).

The existence of the DPA system has helped to confuse the question of whether an offense has actually been committed and whether it is easy or difficult to prove it, by allowing companies and prosecutors to agree among themselves on the fact that a particular individual has committed an offense offense (most often bribery). As we’ve seen with literally every DPA made so far, this deal could well be ruinous for the person(s) involved, even if it’s not backed up by a single individual conviction.

Money laundering (etc.)

Third, some of the offenses contemplated for this treatment arguably fall into a different category, in that they are generally committed not by act but by omission, and with little or no element of “fault”. Under the Proceeds of Crime Act 2002 (POCA), for example, money laundering offenses can be committed by dealing with, or even simply possessing, property which represents the proceeds of criminal conduct. , while only having the suspicion that it is. , and failing to obtain a defense by making a report to (and, usually, seeking the consent of) the National Crime Agency. In practice, companies will often take a ‘security first’ approach to this issue, and easily choose to make reports based on (for example) suspicions held by their compliance or legal staff, rather than ‘directing spirit and will’.

Separate offenses under POCA of failing to report another person’s money laundering can only be committed by persons working in the regulated industry or by a money laundering reporting agent, that a company in this sector is required to appoint under the Money Laundering Regulations (MLR). As with offenses under the Sanctions Regulations (usually committed in a commercial context) and the Terrorism Act 2000, their ‘fault’ element is the objective of having reasonable grounds/causes to know or suspect (which, of course, can be held by companies as well as individuals).

Companies in the regulated industry also have various other obligations under MLRs and reporting obligations under Sanctions Regulations and the Terrorism Act, all with criminal penalties for breach. The distance between these existing corporate responsibilities and a hypothetical corporate offense of “failure to prevent” money laundering or sanctioned offenses is relatively short, though not simple.

What might a corporate money laundering offense look like? Thanks to the UK’s derogation from the latest EU money laundering directive, which requires such an offense to be created by member states, we were under no obligation to find out. But in the context of existing laws under POCA and MLRs, it certainly doesn’t make sense to look to the Bribery Act as a model, rather than build on what already exists. Notably, a company’s (in effect) obligation to report money laundering should also encompass (in theory at least) any economic crime where a benefit has been obtained by a company (subject only to the equivalent of an offense of due diligence).

It has also long been established that a money laundering offense can be proven without details of the predicate offense (including who committed it), and that a money laundering failure to report could also be established without having to identify a particular launderer, so some of the problems of having to identify “associated persons” would disappear. For similar reasons, creating corporate sanctions evasion or terrorist financing offenses based on the Bribery Act model would make very little sense.

Tax evasion

Fourth, the tax evasion situation is also complicated – and has been made even more so by the existence of corporate offenses under the FCA. Is a new offense of failing to prevent corporate tax evasion needed, in addition to the existing offenses of failing to facilitate tax evasion?

Perhaps the best place to start is to ask who tax evasion is aimed at: a corporate offense would surely capture tax evasion owed by the business, while CFA offenses seem to target tax evasion of its customers or customers (as facilitated by those associated with it). ). There are other ways to approach this problem, which would not depend on the identification of individuals – such as a presumption of fault by a company when its taxes are not properly paid (subject to a defense of due diligence) .

Non-prosecution provisions

Fifth, to the extent that finding more “failure to warn” offenses is associated (as has been the case with bribery) with the ability to enter into data protection agreements with companies , it should be noted that many economic crimes committed in a corporate context can already be combated without the need for criminal convictions.

It would seem illogical to create new risks for businesses in the regulated industry facing ATDs for breaching RBAs, for example, or for businesses generally facing ATDs for breaching financial sanctions, tax evasion or market abuse, as they already face the risk of civil sanctions from their supervisors (in the case of MLRs), the Office for Financial Sanctions Implementation (in the case of financial sanctions), the HMRC (for non-payment of tax – noting that penalties can be imposed for willful, reckless or even negligent behaviour), or the Financial Conduct Authority (for civil market abuse offences).

To the extent that there is a perceived need for tougher civil penalties against companies (regulated or otherwise) for their behavior that is not currently criminal, there may be ways to achieve this, without following the model of the Bribery Act (i.e. having to identify the criminal behavior of “associated persons” and then hold companies accountable for that behavior).

The risks of expanding “prevention failure”

Any new offense of “non-prevention”, in a similar but (probably) lesser way to any modification of the principle of identification, would have a cost for companies. The risk to individuals should also not be ignored, particularly when companies face commercial pressure to reach DPAs with prosecutors, as many have already done with the SFO, who unfairly implicate individuals, in a process that gives them no right to be heard. Ten years into the implementation of the Bribery Act, with multiple DPAs and no convictions of individuals, the evidence is stark that this is a pervasive problem. Any creation of a new offense following the same model obviously risks exacerbating it.

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.