John Binns, partner at BCL Solicitors LLP, details the issues surrounding corporate criminal liability.
Two things, at least, are clear from the Law Commission’s latest discussion paper on corporate criminal liability. The first is that there is a high degree of consensus (from those whose opinions seem to matter, namely investigators, prosecutors, pressure groups, and the Commission itself) that there is something wrong with the current law. The second is that there is no consensus at all on precisely what is wrong, and what to do about it.
Nearly 50 years on from the case still referred to for the general principle of corporate liability, Tesco Supermarkets Ltd v Nattrass [1971] UKHL 1, its facts still provide a neat illustration of the issue: when a poorly supervised shop assistant switched the prices on a discounted washing powder, and the manager left the discount sign up, the court held that Tesco itself was not criminally liable, because neither assistant nor manager was a "directing mind and will" of the company.
Exceptions to that general principle have been growing since then. A New Zealand case, Meridian Global Funds Management Asia Ltd v Securities Commission [1995] UKPC 5, has often been cited as the basis for interpreting various statutes so that companies can be guilty of breaching them if the alternative would defeat their purpose. Various offences of strict liability, for instance in health and safety, have been used to convict companies and to impose large fines on them.
"Failure To Prevent" And DPA
A handful of statutes have made more sophisticated inroads into the principle. Most famously, companies can now be liable under the Corporate Manslaughter and Corporate Homicide Act 2007, where the way in which their activities are organised causes a death and amounts to a gross breach of their duty of care. Secondly, the Bribery Act 2010, where an associated person pays a bribe and they cannot prove that they had adequate procedures to prevent it.
The last few years have seen an evident appetite from the government to extend both the liability of companies and the means of bringing them to justice, though not without controversy. In 2010, the Law Commission recommended that future statutes should be clearer about how companies should be liable and encouraged courts to use Meridian meanwhile to interpret laws more strictly against companies. Under the Crime and Courts Act 2013, Deferred Prosecution Agreements (DPAs) have enabled large penalties against companies for offences, including many under the Bribery Act, although convictions of individuals said to have been involved have been notably absent.
What is on the table now?
The new discussion paper is the next step in a process that started with a call for evidence in 2017, since when the ground has shifted still further, first with new corporate offences of failing to prevent the facilitation of tax evasion (adapted from the Bribery Act template) under the Criminal Finances Act 2017 (CFA), and then with the judgement in SFO v Barclays [2018] EWHC 3055 (QB), [2020] 1 Cr App R 28, which reaffirmed the Tesco principle. Responding to the call for evidence, after a long delay, in 2020, the government tasked the Law Commission with laying out some options.
With all this background in mind, it is perhaps not surprising that much of the discussion paper is devoted to the legal detail of the Tesco principle and its exceptions, to comparators in civil law and other jurisdictions (such as the US, where, broadly speaking, companies are criminally liable for most things their employees do on their behalf). One recurring theme is that the Commission would have preferred the courts to use Meridian to expand the exceptions and see Barclays (in which they declined to apply it to an allegation of fraud) as a backward step; another is whether there is scope to expand the Bribery Act/CFA model. But there must be a risk that in focussing on these aspects, it has thereby missed the chance to engage the public on a major issue for society: for what conduct do we want to hold companies guilty of crime?
A question of justice
At a basic level, this is an issue about where we place the costs and risks of dealing with criminal conduct, particularly financial crime. Following the US example would surely raise compliance overheads for companies, and increase the number of incidents where shareholders, employees, and others suffer from the financial and reputational hit of a criminal allegation – even where, as is often the case, no crime in fact occurred. This is surely a decision not for the courts (notwithstanding Meridian) but for Parliament, where the economic impact of making a major change (such as enacting a new Bribery Act/CFA-type offence of failing to prevent fraud) would doubtless be the subject of fierce debate on these grounds.
An even trickier issue, which the discussion paper gives only peripheral attention to, is the impact that criminal proceedings against a company have on individual suspects. The DPAs we have seen so far – including one, aptly, against Tesco – starkly illustrate the risk that companies, prosecutors, and courts will gladly incriminate legally innocent individuals. The injustice against those who are factually innocent will only be undone in part if, and when, they are eventually acquitted (as, in fact, happened to the executives in Barclays). Before making a change that knowingly exacerbates that problem, we should at least ask whether there are safeguards that can begin to address it.
Systemic failures
If there is a compromise to be found, it may lie in another theme that runs through the discussion paper, but that may merit more attention – the distinction between crimes where an individual is at fault (which may be attributed, by one means or another, to a company) and crimes a company can commit by systemic failures, omissions, and breaches of duty (like corporate homicide).
In the context of money laundering, for example, while it would be rare to find a "directing mind" of a company that had knowingly dealt with criminal property, it is (sadly) much more common for banks and other regulated businesses to face fines for not having the proper systems they are obliged to have, to prevent that conduct. In the same way that we are now used to companies having responsibilities under health and safety and environmental law, perhaps the discussion we should be having is what responsibilities they should have (either in general or in particular sectors) in the context of financial crime, from which would follow a set of offences when those responsibilities were breached.
One key advantage of that approach is that we do not start from zero, with an ever-growing sector of businesses that already do a great deal to prevent money laundering, and a more general corporate culture that has adapted, thanks to the Bribery Act and (to a lesser extent) the CFA, to develop crime prevention systems. While it would increase compliance costs and risks, it would not overturn the Tesco principle, and it may not be quite the revolutionary change that investigators and prosecutors want. But it may point the way towards corporate structures being seen not as a perennial problem in tackling financial crime, but as an important part of the solution.