Corporate Criminal Liability – Perspectives from the US, UK and France

by Bryan Cave

Summary: Shakespeare’s observation that the “past is prologue” certainly applies to corporate criminal liability in the UK and France, as these jurisdictions embrace with gusto corporate prosecutions akin to those pursued in the US for decades. This article, the first in a series about corporate compliance from BCLP’s Global Investigations team, considers the current position on corporate criminal liability in the US, UK and France.

US:  A long-established doctrine

In the US, the principle underlying corporate criminal liability is respondeat superior.  In essence, an organisation is responsible for all its employees’ actions done in the course and scope of their employment and, at least in part, for the benefit of the corporate.  Although some American states have different rules, in federal jurisprudence it is not necessary that the employee have a certain level of corporate responsibility, such as being able to speak for the corporate, being part of a control group or being a directing mind.  It has long been US law that a corporate can be criminally liable based on any of its employees’ actions, despite not having a soul to damn nor body to kick, as the saying goes.  And the same applies to partnerships, closely-held companies with a small group of controlling shareholders and limited liability companies.

Such corporate criminal liability is broad enough that the corporate may be criminally responsible even where the employee acts contrary to corporate policy.  As long as the employee criminally acts within the course and scope of employment, even specific counter instructions will not necessarily insulate the corporate.  Even a corporate with a comprehensive compliance program may be held criminally liable for criminal acts of its employees under US law.  Given the above, US government prosecutors find it easy to assign criminal liability to the corporate.  And, correspondingly, US corporates are therefore much more likely to work out a deal with prosecutors to avoid going to trial.  We will consider the scope of such deferred and non-prosecution agreements in the US, as well as in the UK and France, in our next article in this series.

In addition to respondeat superior liability, US law makes it easier to prosecute corporates due to the “collective knowledge” doctrine.  Under this doctrine, the government does not have to demonstrate that a single individual had the knowledge to satisfy the intent element of a crime.  Instead, the government may aggregate the knowledge of many different employees of the corporate to form the corporate’s knowledge of the violation.  This potentially expands US corporate criminal liability to cases where no single employee could be held criminally liable.

UK:  Erosion of the “identification principle”

The US made corporates criminally responsible in this broad way more than 100 years ago.  Similarly, it has long been the case in the UK that criminal liability for corporates could arise where criminal acts of senior employees (normally through the board of directors) could be criminally attributed to the company.  The imposition of criminal liability on an organisation has never sat easily with the concept of mens rea under English criminal law.  Vicarious liability does exist in a criminal context, but only in certain quasi-regulatory areas including health and safety and environmental issues.  However, aside from vicarious liability, for most criminal offences that require a mental state, prosecutors have been able to hold the company liable only on the basis of the “identification principle”.  This requires a prosecutor to prove criminal responsibility of the most senior officers who represent the “directing mind and will” of the entire organisation, and whose mental state may be attributed to (or identified with) the company.  This has long been a bugbear of prosecutors who face evidential challenges when pursuing large corporates with opaque reporting lines and decentralised decision making.  These difficulties partly explain the low levels of corporate prosecutions historically in the UK.

In recent years, the UK government decided that the identification principle was outdated and required reform.  The first significant erosion of the identification principle for economic crimes came with the enactment of the 2010 Bribery Act.  In particular, section 7 created a new corporate offence of “failing to prevent bribery” if any person associated with the corporate (such as an employee, no matter how junior, or an agent) paid a bribe to attract or retain business.  The only defence for the corporate was if it had adequate anti-bribery procedures in place.  Buoyed by the success of the Bribery Act, the UK government brought a new “failure to prevent” offence onto the statute book in 2017, relating to the criminal facilitation of the evasion of UK and foreign taxes.  Again, strict liability is triggered by the acts of an associated person who criminally facilitates the tax evasion.  Again the only defence for the corporate lies in its compliance programme, with it having to prove that it had “reasonable” prevention procedures.

The UK government has recently consulted on proposals to introduce further corporate offences of failing to prevent fraud and other economic crimes.  The EU General Data Protection Regulation and accompanying UK legislation will also introduce (from June 2018) new criminal offences for corporates that do not rely on the identification principle.  Prosecutions in this area are likely to be pursued in instances of cybercrime and manipulation / misuse of personal data.  In addition, the extraterritorial reach of many of these new laws strengthens the prosecutor’s hand.  UK prosecutors already have started targeting corporates as defendants, as opposed to victims.

France:  Liability for actions on the corporate’s account

Although the French courts have historically proved themselves to be full of imagination, holding animals on trial during the Middle Ages, France’s assignment of criminal liability to corporates is more recent than in the US.  It was first introduced in French law in 1992 in Article 121-2 of French criminal code and generalized by the “Perben 2” law of 9 March 2004 (effective 31 December 2005).  This change in liability is not simply theoretical; French prosecutors have taken full advantage of it.  In 2000, French criminal records show only 200 criminal convictions of companies; in 2015, they show 5000 such convictions.  Criminal corporate liability in France is a reality.

When corporate criminal liability was first introduced in 1992, it was governed by the “specialty principle”: companies could be held criminally liable for specific offences only if it was specifically provided for in the law.  Since 31 December 2005, however, a corporate can by liable for any criminal offence.  However, corporates can only be held liable for offences committed “by their organs or representative”.  Therefore, prosecutors need to specify the individual who acted on behalf of the company, as the French cour de cassation most recently reaffirmed on 17 October 2017 (n°16 87.249).

The offences that can lead to prosecution of companies must have been committed “on their account”.  An action is deemed to be on the account of the company if it is “aimed at ensuring the organization, the functioning or the goals of the company”.  Individuals whose actions led to the prosecution of the companies can also be prosecuted for the same offences.  These provisions apply to foreign companies doing business in France, provided they have legal personality under French law, as in the recent CJIP signed on October 30, 2017 which concerned a Swiss-based subsidiary of a major financial institution that agreed to pay €300 million to French authorities, as described in the accompanying article.  In cases of tax fraud, French lawmakers are discussing the possibility of increasing fines for corporates to ten-times the amount of the proceeds of crime stemming from the relevant offence.

The UK and France have followed the course of the US in ensuring that it is easier to prosecute corporate criminal liability than ever before. These laws enable government prosecutors in all three countries to vigorously pursue corporates for crimes committed by their employees, officers and agents.  The accompanying article in this series, also published today, considers the new enforcement powers available to prosecutors in the US, UK and France to demand (and indeed receive) large settlements from corporates to accompany their increased powers to hold corporates criminally liable.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bryan Cave | Attorney Advertising

Written by:

Bryan Cave

Bryan Cave on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.