In this article, Compliance Matters takes a rare but necessary step into the changing world of corporate liability - a world of which all compliance officers ought to be aware - in the UK. HM Government is thinking of extending the ‘failure to prevent’ offence to fraud and money laundering and any compliance director who wants to frighten his fellow board members into acquiescence will, at some stage, find these facts useful.

Limited exceptions aside, it was as late as the 1940s when British courts found a way to hold corporates criminally liable. Previously, the generally accepted position was that a corporation was not indictable but the particular members of it were. So notorious was the irresponsibility of corporations that Lord Thurlow, the Lord Chancellor late in the 18th century, was credited with asking: “Did you ever expect a corporation to have a conscience when it has no soul to be damned, and no body to be kicked?”

The directing mind and will

The difficulty is that most criminal offences require a ‘guilty mind,’ but where is the mind of a corporation? The civil law of tort found the solution, as set out by Viscount Haldane LC in the House of Lords case of Lennard’s Carrying Co Ltd [1915]: “A corporation is an abstraction. It has no mind of its own any more than it has a body of its own; its active and directing will must consequently be sought in the person of somebody who for some purposes may be called an agent, but who is really the directing mind and will of the corporation, the very ego and centre of the personality of the corporation. That person may be under the direction of the shareholders in general meeting; that person may be the board of directors itself, or it may be, and in some companies it is so, that that person has an authority co-ordinate with the board of directors given to him under the articles of association, and is appointed by the general meeting of the company, and can only be removed by the general meeting of the company.”

In the criminal context, the directing mind (or identification) principle, as it came to be known, requires the prosecution first to establish that an individual who was a ‘directing mind’ of the company committed the offence by proving each element of the offence against them, although not necessarily actually successfully prosecuting them. Their guilt is then attributed to the company without the need to prove anything further against the company.

In the UK, corporations can be held criminally liable other than through the identification principle. However, this is principally in respect of statutory offences where there is no requirement to prove any mental element or mens rea such as criminal intent or dishonesty. Many such ‘strict liability’ offences are regulatory in nature rather than truly criminal and include such offences as the selling of lottery tickets to people under 16 years of age. Similarly, although it contains more serious offences, the Health and Safety at Work etc. Act 1974 requires every employer to ensure, as far as is reasonably practicable, that employees and others who may be affected by his undertaking are not exposed to risks to their health and safety. Most (and the most serious) criminal offences, however, must be established by the identification principle.

The identification principle as a shield

One particularly contentious issue for the courts to resolve was which persons could be identified as the directing mind of the company. The House of Lords finally drew the line in Tesco Supermarkets Ltd v Nattrass [1972], which remains the leading case, restricting it to the most senior officers who actually control the corporation’s operation. In the words of Lord Reid, this would normally be “the board of directors, the managing director and perhaps other superior officers of a company [who] carry out the functions of management and speak and act as the company.” In Tesco, for example, this did not include a branch manager.

A common criticism is that the narrow definition of ‘directing mind’ has shielded corporates from criminal liability. Particularly in large organisations, it is relatively rare that a directing mind will be party to criminal conduct. This accounts for the collapse of the prosecution of P&O European Ferries for common-law corporate manslaughter regarding the sinking of the Herald of Free Enterprise in May 1987, when 193 people died, notwithstanding the findings of the Wreck Commissioner Mr Justice Sheen that: “All concerned in management, from the members of the Board of Directors down to the junior superintendents, were guilty of fault in that all must be regarded as sharing responsibility for the failure of management. From top to bottom the body corporate was infected with the disease of sloppiness.” The subsequent prosecution failed because it could not establish that any directing mind was personally guilty of gross negligence manslaughter (which guilt could then be attributed to the company).

In the following decades, the identification principle ‘shielded’ corporates from all manner of mens rea offences - not just manslaughter but, for example, bribery and other financial crimes. That British Aerospace (later BAE Systems) avoided criminal sanction until 2010, despite being the subject of substantive allegations since 1985, in fact suggested something beyond the limitations of the identification principle: it was an age in which the British Government could strike a suspect deal and lobby against subsequent investigations, rather than announce legislative proposals to crack down on offending corporations.

The decline of the identification principle

But the times were a-changing. The Herald of Free Enterprise disaster and Southall rail crash ten years later eventually led to the introduction of a statutory offence of corporate manslaughter in the Corporate Manslaughter and Corporate Homicide Act 2007. This removed the necessity to identify and establish the guilt of a directing mind, and instead concentrates on the way in which the organisation’s activities are managed or organised. Its radical intent was neutered by a requirement that a substantial element of the relevant management failure must be attributable to ‘senior management’, but it was nevertheless significant: the identification principle was no longer sacrosanct.

Late in 2006, the US Government protested against the Serious Fraud Office’s decision to drop the BAE Systems investigation into the Al Yamamah arms deal with Saudi Arabia (after HM Government told the SFO's director that his investigation might damage "national security"). The US and others raised the issue at a meeting of the anti-bribery working group of the Organisation for Economic Cooperation and Development and the US Department of Justice (DoJ) progressed its own investigation. Expediently, the SFO launched new investigations into BAE Systems concerning conduct in countries other than Saudi Arabia and co-ordinated its efforts with the Americans. The investigations resulted in BAE Systems reaching a joint settlement in 2010 with the US DoJ and the SFO under which it agreed to pay US$400 million and £30 million respectively, with the US settlement relating in part to the Al Yamamah contract.

Failure to prevent crime

More significantly still, having experienced pressure from the Americans, HM Government asked the Law Commission to resurrect a previously shelved review of the UK's bribery and corruption laws. Some prosecutors were looking enviously at the United States, where corporations are held vicariously liable for the acts of agents and employees when acting within the bounds of their employment (interpreted widely) and when those acts are intended, at least in part, to benefit those corporations. Although it rejected the 'vicarious liability' approach, the Law Commission’s review led to a radical innovation: the ‘failure to prevent’ offence.

Section 7 Bribery Act 2010 circumvents the identification principle by making a commercial organisation criminally liable for bribery-related offences committed by persons who perform services on its behalf, if those persons intended to give that corporation an advantage in business. It matters not if the organisation (through the actions of any one of its employees) was aware of the bribery-related offence, or whether it managed to gain any commercial advantage. It is enough that an associated person bribes another, intending to gain some business advantage for the organisation. Although the organisation has a complete defence to the section 7 offence if it can prove that was following “adequate procedures” designed to prevent associated persons from committing bribery, such an approach places the burden firmly on that organisation.

Deferred prosecution agreements

In February 2014, the UK introduced deferred prosecution agreements. Under a DPA, a prosecutor lays but does not immediately proceed with criminal charges against an organisation, pending successful compliance with onerous conditions including a punitive financial penalty and measures to prevent future offending. Prosecutors can use DPAs for a wide range of offences including fraud, bribery and money laundering. Inspired by the US system of ‘plea agreements,’ a significant cause of their introduction in the UK was prosecutorial frustration with the identification principle, as the Ministry of Justice expressed in the consultative paper in which it promoted DPAs: “In modern corporations, where responsibility for decision-making is distributed quite widely, it is very difficult to prove criminal liability, which depends on establishing that the ‘directing mind and will’ of an organisation was at fault. The consequence of all of this has been too few organisations held to account for their crimes, and too many victims waiting in vain for restitution.”

The DPA regime attempts to overcome these difficulties by requiring organisations that want to sign DPAs to report their own misdeeds to the prosecutors early and unreservedly, thereby providing the investigators with the best possible opportunity of obtaining the evidence that they need. Prosecuting authorities hope that every ethical company will jump at the chance of signing a DPA, or at least be compelled by the self-interest of avoiding criminal conviction – which, in addition to the inevitable reputational damage, could lead to devastating commercial consequences (e.g. debarment from public procurement contracts) – and the promise of a shorter and more predictable conclusion than a lengthy investigation and prosecution. Nevertheless, every organisations is still likely to weigh up the risk of being prosecuted successfully before jumping. The section 7 offence of failing to prevent bribery might be viewed as a game-changer for conduct that falls into its ambit, but offences involving dishonesty including fraud, bribery and money laundering, remain extremely difficult for organisations to commit. The DPA that the SFO signed with Tesco Stores Ltd in April 2017 for false accounting shows this. Tesco agreed to pay a £129 million fine and £3 million in investigatory costs only for the ‘directing minds’ to be found not guilty when the SFO prosecuted them.

Tax law to the rescue

Perhaps this problem will clear up. In April 2017, the second ‘failure to prevent’ offence became law in the UK – failure to prevent the facilitation of tax evasion – and HM Government is thinking of extending the offence further to other financial crimes, including money laundering and various offences in the Fraud Act 2006. Modelled on the section 7 bribery offence, the tax offence (along with the new offences that the Government is proposing to create) criminalises organisations for not preventing the offending of ‘associated persons,’ subject to a defence of 'adequate procedures.' Organisations should anticipate a parallel outcome to that found in health and safety law: when things go wrong, the court will presume that the firm's procedures are inadequate. This is likely to make it extremely hard for firms to defend themselves against 'failure to prevent' offences.

Penalties have also increased dramatically. Effective from October 2014, the Definitive Guideline for Fraud, Bribery and Money Laundering Offences includes a section on corporate offenders which provides that fines for bribery (as well as fraud and money laundering) offences will normally be determined by reference to and can be a multiple of the benefit obtained, retained or sought as a result of the offending. The greater the culpability, the higher the multiple (for the most serious offending, the starting point for the multiplier is 300% with a range of 250% to 400%). The guideline provides that, in the absence of sufficient evidence of the benefit that was likely to be obtained, 10-20% of the relevant revenue (for instance between 10-20% of the worldwide revenue derived from the product or business area to which the offence relates for the period of offending) may be an appropriate measure. The guidelines provide that “Whether the fine will have the effect of putting the offender out of business will be relevant; in some bad cases this may be an acceptable consequence”.

In 2014, the Sentencing Council published a definitive guideline for environmental offences and, effective in 2016, parallel guidelines for corporate manslaughter and offences that relate to health and safety. Significantly, unlike previous guidelines, they asked judges to observe turnover-linked sentencing bands when imposing fines, notwithstanding widespread concerns about the unfairness of such an approach. In the guidelines for corporate manslaughter and offences concerning health and safety, the bands for large organisations (defined as ones that turn over £50 million or more per annum) which commit the most serious offences range from £2.6 million to £10 million for offences that concern health and safety and from £4.8 million to £20 million for corporate manslaughter. For very large corporate defendants (which turn over far more than £50 million per annum) the guidelines say that it may be necessary to move outside the bands that they are suggesting.

Thames Water - a test case

The Court of Appeal in R v Thames Water [2015], dealing with the guidelines for environmental offences but with implications for the parallel guidelines for corporate manslaughter and health and safety offences, said that for very large organisations courts should not even start with the ranges of fines suggested by the guidelines; and, in respect of environmental offences, deliberate crimes causing the most serious harm could result in fines of up to 100% of the organisations' pre-tax net profits for the year, even if those fines come to more than £100 million. The court noted that fines of such magnitude are imposed on firms in the financial services sector for breking regulations; and, if deliberate crimes result in major pollution, the imposition of such fines are a necessary and proper consequence of the importance to be attached to environmental protection.

As noted in Thames Water, the financial services ‘regulatory regime’ imposes substantial corporate financial sanctions that are frequently higher than those imposed by the criminal courts. For example, the Financial Conduct Authority fined UBS & Deutsche Bank £160 million and £227 million respectively for manipulating LIBOR (the London Interbank Offered Rate) and it fined Barclays Bank £284.4 million for manipulating the currency exchange market (FOREX). It fined Standard Chartered Bank £102.2 million in relation to shortcomings in the bank’s AML controls that related to "customer due diligence" (an ugly term that the Basel Committee for Banking Supervision coined in 2000/1 to describe "know your customer" controls) and "ongoing monitoring" (the universal term for the frequent monitoring of transactions for AML purposes).

Enter the Americans

These ‘regulatory’ fines largely penalise corporate conduct with which the UK cannot deal with in the criminal courts, but which the US frequently can and does. In relation to LIBOR, UBS signed a plea agreement with the DoJ as a result of which it paid US$500 million in fines (it subsequently pled guilty to further offences and paid an additional $203 million in relation to FOREX misconduct). Similarly, while six former employees of Barclays Bank were charged in the UK for LIBOR-fixing, Barclays Bank could not be prosecuted in the UK but settled with the DoJ by paying a fine of $452.3 million. Ten former bankers at Deutsche and Barclays were charged in the UK for fixing EURIBOR, the Euro Interbank Offered Rate. Deutsche Bank could not be prosecuted in the UK but reached a settlement with the DoJ and paid fines of $775 million.

In short, US pressure has transformed the UK’s approach to corporate criminal liability. Corporates are now being criminalised not just for what they do, but for what they fail to prevent others from doing, and the number of such offences is going to multiply. What is more, the fines that prosecutors and judges impose are highly punitive; for very large organisations criminal fines can be expected to reach tens and hundreds of millions. This is the age of corporate responsibility and if any corporation does not act ‘responsibly,’ the courts and regulators will soon have the powers to administer a severe kicking indeed.

* Tom McNeill can be reached on +44 (0)20 7430 2277 or at tmcneill@bcl.com