There is a growing consensus that the approach for establishing corporate criminal liability under English law is unduly restrictive and old fashioned. The former Solicitor General, Oliver Heald QC MP, recently suggested that a new offence could be introduced to hold corporations liable for failing to prevent fraud committed by its employees. He is not alone in believing reform to this area of law is required. However extending corporate criminal liability to include a failure to prevent fraud may not be the best way to do it.
English courts apply the identification principle, which means that companies can only be prosecuted for offences like fraud if the dishonest conduct was committed by those who manage or control a company’s affairs – the company’s ‘directing mind and will’ to borrow the courts’ phrasing. Although this can be effective in dealing with offending in small companies, in the case of large corporations the evidential trail often dissipates well short of the boardroom. Consequently leading academics such as Professor Jim Gobert have criticised the identification doctrine because it “propounds a theory of corporate liability which works best in cases where it is needed least and works least in cases where it is needed most”. As the Serious Fraud Office will attest, imputing criminal liability against a large corporation has resulted in very few successful prosecutions.
Diagnosing what is wrong with English courts’ prevailing approach to company liability is far easier than treating one of the most contentious problems within corporate law
Of course there are other bases for establishing corporate criminal liability under English law beyond the identification doctrine. The Corporate Manslaughter Act establishes an offense for corporate manslaughter which directs the jury to consider the extent to which the offense was encouraged due to attitudes, policies, systems or accepted practices prevailing throughout a company. However the legislation specifies that the company will only be guilty of corporate manslaughter if a substantial element of the breach was due to the way the company was managed or organised by its senior management. In practice this means that the prosecutorial focus is still directed towards the directing mind and will of the company.
Another modification of the identification principle was achieved via Section 7 of the Bribery Act 2010, which establishes a strict liability offence for a company’s failure to prevent bribery. The offence is tempered by a defence if the company can establish that adequate procedures were in place to prevent the impugned conduct from occurring. The Director of the Serious Fraud Office, David Green QC, has advocated extending the offence to capture a company’s failure to prevent financial crime generally. These sentiments have been echoed by Shadow Attorney General Emily Thornberry and most recently Heald. But conflating a company’s failure to prevent bribery with a failure to prevent fraud overlooks important distinctions between the two offences.
While bribery will commonly enrich a company, fraud is often committed by individual employees at the expense of the company. The ACFE’s 2014 Report estimated that globally companies lose an average of 5 percent of their revenue to fraud with a median loss of £86,400 per case. A KPMG fraud survey from 2010 reported that sixty-five percent of the largest frauds were inside jobs. Last year UK Fraud Prevention Service CIFAS identified 638 cases of insider fraud that had been reported to the Staff Fraud Database at an average loss of £483,000 for each company. Such data confirms that the proposed offence for a company’s failure to prevent fraud could actually penalise the victim of the crime. This seems like a perverse outcome.
Those in favour of implementing the new offence may point to the impact that Section 7 of the Bribery Act had upon companies implementing robust anti-bribery compliance regimes. In practice, introducing a parallel offence for failing to prevent fraud could prompt an avalanche reports relating to relatively trivial instances of people caught with their hands in the till. Many in law enforcement might feel that, with swingeing budget cuts, they are already being placed under too much pressure without having to sifting through an outpouring of largely trifling reports. The risk is that genuine and serious examples of fraud will be lost within the deluge of low level and unnecessary reports.
Other countries have adopted diverging approaches to determining corporate liability. Jurisdictions such as Brazil do not recognise the criminal liability of corporations, whereas US courts make companies vicariously liable for crimes committed by employees. With such broad laws backed by daunting penalties, US companies usually plead guilty and participate in a non prosecution or deferred prosecution agreement rather than go to trial. Australia introduced corporate criminal laws similar to those that are now being proposed in the UK some twenty years ago. The Australian model is based on 'organisational liability' and stipulates that companies are criminally liable for failing to maintain a compliant corporate culture. Despite the Australian legislation potentially exposing companies to criminal liability even if none of the individual actors are guilty of a criminal offence due to the aggregated acts of corporate personnel, employee fraud remains prolific in Australia. KPMG reported that 75% of the major frauds in 2012 were committed by insiders, amounting to a total loss suffered by respondent organisations of over $370 million. It is therefore open to question whether the Australia approach has proved successful in reducing corporate fraud.
Diagnosing what is wrong with English courts’ prevailing approach to company liability is far easier than treating one of the most contentious problems within corporate law. At present, law enforcement can only go after the low hanging fruit leaving the juicier morsels to ripen high in the tree. Although the approach for establishing corporate criminal liability under English law may be unduly restrictive and old fashioned, criminalising a failure to prevent fraud is not the answer to concerns that large companies are slipping through the legal netting. It would be more appropriate to modernise corporate liability laws so that companies can be held responsible for misconduct by employees at a range of different levels without extending the law to include a failure to prevent fraud. This would avoid the perverse outcomes and practical difficulties that would ensue for companies and law enforcement officials alike if an offence for failing to prevent fraud was introduced.