On 26 October 2023, the Economic Crime and Corporate Transparency Act (the “Act”) received Royal Assent.

Among other measures to further tackle economic crime¹ it has introduced a failure to prevent fraud offence and amended the so-called ‘identification doctrine’ thereby expanding the basis upon which a company can be held liable for offences of its employees (other than failure to prevent offences).

The Act represents the latest in a series of significant legislative developments in the economic crime space, with the new offence and the reform of the identification doctrine introduced relatively late in the Bill’s legislative journey through Parliament.

Are these reforms to the corporate criminal liability regime – introduced after years of prevarication and delay – ultimately too limited to have any real impact, as many have argued? And how does the amendment to the identification principle play into the analysis?

Failure to prevent fraud – key elements

The ‘failure to prevent’ offence introduces an offence of a failure to prevent fraud (namely a fraud offence listed in Schedule 11, which includes almost all of the offences listed in Schedule 17 of the Crime and Courts Act 2013,² or aiding, abetting, counselling or procuring the commission of a listed offence) for large organisations where an associated person commits fraud intending to benefit, directly or indirectly, the organisation, or any person to whom, or to whose subsidiary, the associate provides services on behalf of the organisation. It is a defence for the relevant body to prove that, at the time the fraud offence was committed, the body had in place such prevention procedures as it was reasonable in all the circumstances to expect the body to have in place, or it was not reasonable in all the circumstances to expect the body to have any prevention procedures in place.

Guidance on reasonable procedures

The offence will come into effect (likely within a year of the Act receiving Royal Assent³) following the publication of guidance on the procedures organisations can put in place to prevent fraud. This is expected by Spring 2024.

Large organisations

Large organisations are defined in the Act and must fulfil two or more of the three conditions in the financial year that precedes the year of the fraud offence. Those conditions – taken from the Companies Act 2006⁴ -- are that the turnover of the organisation must be more than £36 million, the balance sheet must total more than £18 million or the number of employees must exceed 250. The Act contains a power for the Secretary of State to amend the offence so as to bring small and medium sized enterprises within its scope. It is worth noting that Labour supported the amendments proposed by Lord Garnier to expand the offence to small and medium sized enterprises,⁵ and so it may be that a change in Government could bring about a rather more rapid change to the ambit of the offence, than might otherwise be the case.

Deterrence and Cultural change

The impact assessment states that the main benefit of the legislation is deterrence; a significant increase in prosecutions is not expected. This is partly because the fraud has to benefit the organisation (and so excludes the many cases where the organisation will be the victim of fraud by, e.g. the employee) but partly because limiting the applicability of the legislation to large organisations also affects its impact (as well as, logically, its deterrent effect). For, although large organisations employ approximately 45% of the workforce, they account for less than 1 per cent of companies.⁶

And what of cultural change? The impact assessment acknowledges that the legislation “aims to reduce the incidence of corporate criminality through behavioural and cultural changes” and therefore that “[t]he exclusion of small and medium-business will reduce the possible benefits and the potential for cultural change”, albeit there may be some “spill-over benefits” if small and medium-businesses decide to adopt some of the practices targeted at large organisations.⁷

Producing behavioural and cultural change clearly has its place as a meaningful legislative aim. The introduction of the failure to prevent bribery offence was indisputably a game-changer in that regard, leading to companies conducting an overhaul of their internal systems and controls relating to corruption and bribery in an effort to implement “adequate procedures” to prevent bribery – a defence under the Bribery Act. But the offence of failure to prevent bribery applies to all commercial organisations, whatever their size; the corollary is that some of the prosecutions or deferred prosecution agreements that have been brought under that legislation have been brought against organisations which would have fallen outside the definition of large organisation under this Act.⁸

And so why, contrary to how the failure to prevent bribery and failure to prevent facilitation of tax evasion have been formulated, has the Act been limited to apply only to large organisations?

The reason the Government gave for the exemption of small and medium enterprises was to avoid the “chilling impact”⁹ of the legislation on smaller organisations, by reducing their compliance burden and keeping “the total regulatory burden in check”.¹⁰ Yet, as many noted during the Act’s passage through Parliament, similar arguments and fears were raised during debates that led to the Bribery Act, which were not borne out.

As Baroness Bowles of Berkhamsted said, during the course of the Act’s passage through Parliament, “limiting this to large businesses may be a way of ticking a minimising-the-burden box but it also ticks the unfairness box and the limiting-of-effectiveness box.” Lord Garnier colourfully put it this way: “A burglar of five foot four should be prosecuted just as vigorously as a burglar of six foot six. There is no carve-out for small people committing crimes and there should be no carve-out for small businesses that fail to prevent crimes.”¹¹ He also rightly pointed to the discretion that prosecuting authorities have when deciding whether prosecution is in the public interest – which would include “the small size of the company and the mitigating steps that it took to do its best to avoid an associated person committing a criminal offence.” Additionally, the reasonable procedures defence (which includes that it was not reasonable in all the circumstances to expect the body to have any prevention procedures in place) gives another avenue to avoid any disproportionate impact that the legislation may have had on small and medium sized businesses. Indeed, the guidance published following the introduction of the failure to prevent the facilitation of tax evasion makes specific reference to the fact that “[t]he size of the organisation will be an important factor” in determining whether procedures are reasonable.¹²

Nonetheless the Government was steadfast in its refusal to support the lowering of the threshold principally on the basis that the objective of the new offence “is to ensure that there is accountability where fraud occurs in large organisations” and because of the cost burden that would otherwise be borne by small and medium sized companies. Notwithstanding that position, the Government noted that it had “future-proofed” the Act by including a delegated power to allow the Government to raise, lower or remove the threshold altogether. The Government has committed to keep this under review and to amend the scope of the offence if evidence suggests that it warranted.

However, the Serious Fraud Office (the "SFO") believes that, combined with the reform of the identification doctrine (discussed below) this new fraud offence “will significantly widen our net for catching corporate fraud.”¹³

Reform of the identification doctrine

The ‘identification doctrine’ -- as set out over 50 years ago in the case of Tesco Supermarkets v Nattrass¹⁴ -- has been the “default rule of attribution”¹⁵ of criminal liability to corporates in English law since the 1800s. Under this doctrine, a corporate body will usually only be liable for criminal conduct by one or more natural persons representing its “directing mind and will.” The approach has long been criticised as too narrow to assess the criminal liability of larger, complex organisations where decision-making is diffuse; and in view of recent caselaw, as the Law Commission noted, “the basis of liability under the identification doctrine is even more difficult for prosecutors to reach than was thought to be the case before, since it requires proof not only that a person in the requisite class had the requisite mental state, but also that they had de facto authority in relation to the conduct in question.”

The Act introduces what the SFO has described as “a vital change”¹⁶ to the identification doctrine for economic crimes, as recommended by the Law Commission.¹⁷ Instead of the prosecution having to identify the ‘directing mind and will’ of a company, notoriously challenging in larger organisations, under the new Act the prosecution has to identify a “senior manager […] acting within the actual or apparent scope of their authority” who has committed a relevant offence (namely an offence listed in Schedule 12 to the Act). Senior manager means an individual “who plays a significant role in (a) the making of decisions about how the whole or a substantial part of the activities of the body corporate […] are to be managed or organised, or (b) the actual managing or organising of the whole or a substantial part of those activities.”¹⁸ The SFO has stated that it believes that “this has the potential to transform the prosecution of large and complex multinational enterprises.”¹⁹

Whilst there will doubtless be litigation over the ambit of this definition, it is clear that a prosecution of a corporate for an offence (other than a failure to prevent offence) will be easier by enabling the acts and state of mind of a wider group of individuals in the management structure of a company to be attributed to the corporate. For that reason, it may also lead to an increase in deferred prosecution agreements.

Conclusion

The new offence of failure to prevent fraud is not expected to result in many prosecutions but given that prosecuting agencies have called for this reform, they will be keen to demonstrate that the change is effective and has teeth; it is likely therefore that we will see some prosecutions (or some deferred prosecutions). With that in mind, there are steps that organisations, within the scope of the new offence, can take in advance of the statutory guidance being published. They should consider what financial crime policies and procedures they already have in place, consider the fraud risks to which their business may be subject and what fraud prevention measures are already in place to deal with those, and whether those may need to be adapted or modified to form part of their reasonable prevention procedures.

By contrast, the widening of the principles by which a corporate may be held criminally liable (similarly against the backdrop of the clamours by prosecutors for reform in this area) is likely to result in more criminal investigations and prosecutions against corporates for substantive fraud-related offences. Whilst having reasonable procedures in place is not a defence in these circumstances, plainly having reasonable fraud prevention procedures in place is likely to reduce the possibility of fraud being perpetrated by senior managers within an organisation.

Footnotes

1. Including significant reforms to Companies House and limited partnerships, powers to seize and recover suspected criminal cryptoassets, an expansion of the types of cases in which businesses can deal with clients’ property without first having to submit a defence against money laundering (DAML) SAR, and an expansion of the SFO’s pre-investigation powers.
2. Namely those offences in relation to which deferred prosecution agreements may be entered into.
3. See para 24 of the Impact Assessment: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1149596/Impact_Assessment_for_Failure_to_Prevent_Fraud__Home_Office_.pdf
4. Companies Act 2006, section 465
5. See e.g. https://votes.parliament.uk/votes/lords/division/3033
6. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1149596/Impact_Assessment_for_Failure_to_Prevent_Fraud__Home_Office_.pdf
7. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1149596/Impact_Assessment_for_Failure_to_Prevent_Fraud__Home_Office_.pdf
8. For example, Sweett Group, which, in 2015, pleaded guilty to failure to prevent bribery; or Sarclad, which entered into a deferred prosecution agreement in 2016 for offences of bribery and failure to prevent bribery.
9. https://hansard.parliament.uk/lords/2023-04-27/debates/EB1B0703-6CF6-4BBC-9399-D62E1C2D17B4/EconomicCrimeAndCorporateTransparency#contribution-438AD26F-D50B-4688-A3E6-398727FF6458
10. Ibid.
11. https://hansard.parliament.uk/lords/2023-04-27/debates/EB1B0703-6CF6-4BBC-9399-D62E1C2D17B4/EconomicCrimeAndCorporateTransparency#contribution-65D4EE98-7DAF-46EC-B1C8-DE8E596092F3
12. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/672231/Tackling-tax-evasion-corporate-offences.pdf at p.21
13. https://www.sfo.gov.uk/2023/09/04/sfo-chief-capability-officer-delivers-keynote-speech-at-2023-cambridge-symposium/
14. Tesco Supermarkets Ltd v Nattrass [1972] AC 153
15. Law Commission, para 3.87(1) https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2022/06/Corporate-Criminal-Liability-Options-Paper_LC.pdf
16. https://www.sfo.gov.uk/2023/09/04/sfo-chief-capability-officer-delivers-keynote-speech-at-2023-cambridge-symposium/
17. https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2022/06/Corporate-Criminal-Liability-Options-Paper_LC.pdf at para 4.78
18. Section 196 Economic Crime and Corporate Transparency Act 2023
19. https://www.sfo.gov.uk/2023/09/04/sfo-chief-capability-officer-delivers-keynote-speech-at-2023-cambridge-symposium/