Thoughts on the new Economic Crime and Corporate Transparency Act - A New Era for Corporate Criminal Liability in the UK

The long-awaited Economic Crime and Corporate Transparency Act received Royal Assent on 26 October. This represents a significant turning point for the law on corporate criminal liability in the UK, and has been welcomed by prosecutors such as the Serious Fraud Office. The Act will strengthen the powers of law enforcement agencies, improve transparency over UK companies, make it easier to prosecute corporates for certain financial crimes, and introduce a new failure to prevent fraud offence.

The Economic Crime and Corporate Transparency Act 2023 (the "Act") has introduced new "world-leading" powers for authorities to tackle economic crime and has overhauled the corporate criminal liability regime in the UK. 

This Act supplements the Economic Crime (Transparency and Enforcement) Act 2022 which was fast-tracked through Parliament as a result of the Russian invasion of Ukraine, and continues the theme of addressing perceived weaknesses in the UK's ability to tackle economic crime. 

Law enforcement and prosecutorial agencies in the UK have long been calling for these much-needed reforms. Nick Ephgrave, the director of the Serious Fraud Office (the "SFO"), stated that the Act is "the most significant boost to the [SFO]'s ability to investigate and prosecute serious economic crime in over 10 years".

The Act covers a number of areas, including changes to Companies House, which improve transparency over UK entities and deliver a more reliable companies register so that bad actors cannot use opaque corporate structures to move and hide money. The National Crime Agency has gained greater powers to compel businesses to hand over information regarding suspected money laundering and terrorist financing, and the SFO's powers to compel individuals and companies to provide pre-investigation information have been expanded in an effort to speed up investigations. Under the previous legislation, the SFO was only able to use these pre-investigation powers in relation to overseas bribery and corruption cases where it had "reasonable grounds to suspect" that such a crime had been committed.¹ Section 211 of the Act has expanded these powers to all potential SFO cases at the pre-investigative stage, including fraud, domestic bribery, and corruption. 

Most significantly, however, the Act also introduces two fundamental changes to the UK's corporate criminal liability regime with respect to economic crime – the expansion of the identification principle, and the introduction of a failure to prevent ("FTP") fraud offence. The impetus for these reforms lies in the historic difficulties that prosecutors have encountered when seeking to prosecute corporate entities due to the much-maligned "identification principle", as well as the rising levels of economic crime, and particularly fraud, in the UK.

These reforms are discussed further below.

Expansion of the Identification Principle

The attribution of criminal liability to corporates has been a longstanding challenge for prosecutors. Under the "directing mind and will" test, a corporate could only be held criminally liable if the commission of an offence could be attributed to a natural person who could be said to represent its "directing mind and will" at the time the offence was committed. In practical terms, this represented a very narrow group of individuals and was a difficult threshold to attain, particularly in the context of large corporates with complex and diffuse management structures. The test has long been criticised by authorities, such as the SFO, as being outdated and no longer fit for purpose. 

The Act has replaced the archaic "directing mind and will" test with a new "senior manager" test taken from the Corporate Manslaughter and Corporate Homicide Act 2007. This significantly expands the group of individuals through which liability can be attributed to a company, making it easier for prosecutors to successfully pursue corporates. 

Under the Act, criminal liability can be attributed to an organisation if a "senior manager" acting within the actual or apparent scope of their authority commits a "relevant offence" listed in the Act. "Senior managers" are defined as individuals who play a significant role in either managing a corporate's activities or making decisions about how these are to be managed. A "relevant offence" covers a broad range of offences, including substantive money laundering offences and the ancillary money laundering-related offences of "failing to disclose" and "tipping off", fraud, false accounting, tax evasion, bribery, and breaches of sanctions regulations.

Law enforcement agencies have, for obvious reasons, welcomed the reform as it will remove a corporate's ability to hide wrongdoing behind complex management structures in an attempt to evade liability. Whilst much of the commentary to date has focused on the impact that this reform will have on prosecutions of corporates for bribery, corruption, and fraud, it will also be interesting to see the extent to which prosecutors utilise the reform to prosecute other offences within its scope. Criminal prosecutions of corporates for sanctions breaches, for example, have been all but non-existent. Whilst it is expected that civil enforcement action by the Office of Financial Sanctions Implementation ("OFSI") will remain the primary means by which those who violate UK sanctions will be targeted, it remains to be seen, particularly in light of the heightened focus on sanctions compliance following Russia's actions in Ukraine, whether serious corporate offenders may find themselves in prosecutors' crosshairs, now that the bar for corporate liability has been lowered.

Interestingly, comments by the SFO's Chief Capability Officer, Michelle Crotty, at the Cambridge Symposium on Economic Crime suggest that prosecutions in respect of fraud offences using this reformed identification principle may even be preferred to prosecutions under the new FTP fraud offence (discussed below), noting that the former "has the potential to transform the prosecution of large and complex multinational enterprises" and that the FTP fraud offence would be used "for cases where the identification doctrine does not apply" – what exactly Ms. Crotty meant by this is not entirely clear, but it would presumably include situations where the fraud has not been committed by a "senior manager".² Whilst these comments would suggest a significant uptick in prosecutions may be on the horizon, the Government's Impact Assessment expects only "minimal" new cases of between zero and three per year to be brought as a result of the reform.³

Whilst the new legislation does not directly impose additional burdens on "senior managers", they will inevitably come under greater scrutiny as organisations seek to mitigate the risks of corporate liability resulting from their actions. Although this is unlikely on its own to drastically reduce the appetite of individuals for these senior roles, it forms part of a broader trend, as seen under the Senior Managers Regime and the Online Safety Act 2023, of increasing the compliance burden on such persons. The lack of clarity around the precise meaning of "senior managers", and the potential that such clarification may not come for some time (certainly if the lack of judicial clarification of the term under the Corporate Manslaughter and Corporate Homicide Act 2007, is anything to go by) adds to the burden that organisations and senior managers are faced with in attempting to comply with this new regime without clear parameters as to its practical application.

A New Failure to Prevent Fraud Offence

According to the Government, fraud accounts for more than 40% of all crime in England & Wales.⁴ The Government has made clear in its second Economic Crime Plan that tackling it is a priority, and the new FTP fraud offence is a key part of its strategy. 

The FTP model was first introduced via the UK Bribery Act 2010 (with respect to bribery), followed by the UK Criminal Finances Act 2017 (with respect to the facilitation of tax evasion). The SFO has since been calling for an expansion of the FTP model to other economic crimes. Last year, the Law Commission included the expansion of the FTP model to fraud in its proposed reforms to the corporate criminal liability regime. The Act finally introduces such an offence, however, in contrast to pre-existing FTP offences, it is limited to "large organisations" only. 

To qualify as "large", an organisation must meet two of the following threshold conditions, adopted from the Companies Act 2006,⁵ in the financial year preceding the year of the offence: (i) more than 250 employees; (ii) more than £36 million turnover; and/or (iii) assets of more than £18 million. Broadly, a large organisation will now be guilty of an offence if an "associate" (i.e., an employee, agent, subsidiary undertaking, or a person who otherwise performs services for or on its behalf) commits a fraud offence intending to benefit (whether directly or indirectly) the organisation or any person to whom, or to whose subsidiary undertaking, the associate provides services on behalf of the organisation. An organisation will not be guilty of an offence, however, if it was itself the victim (or intended victim) of the fraud offence. 

The scope of this new FTP fraud offence has been a much-debated point of contention between the House of Commons and House of Lords. Lord Garnier argued that the criminal law should be applied consistently to all organisations regardless of their size, but the Government stood firm on exempting SMEs on the basis that such an offence would impose disproportionate regulatory burdens on these entities. The impact of such an exemption, and whether it reduces the overall success of the new offence, remains to be seen.

Organisations will benefit from a compliance defence to the FTP fraud offence if they can prove that, at the time the fraud offence was committed, they had in place "prevention procedures" (as was reasonable in all the circumstances to expect the organisation to have in place) designed to prevent an associate from committing such an offence, or that it was not reasonable in all the circumstances to expect them to have any prevention procedures in place. This is similar to the "adequate" and "reasonable" procedures defences in relation to the FTP bribery and FTP failure to prevent the facilitation of tax evasion offences, respectively. 

The Government is required to publish guidance on what these "prevention procedures" should look like (which is expected in early 2024) and organisations within the scope of the FTP fraud offence will need to conduct risk assessments and examine their current fraud detection and prevention measures against such guidance once it has been published. 

It is likely that the guidance will be similar in certain respects to the guidance that has already been published in respect of the FTP bribery and FTP facilitation of tax evasion offences, focusing on proportionate policies and procedures, a top-level commitment, risk assessments, due diligence, communications, and monitoring and review. Whilst the existing policies and procedures that organisations already have in place for the other FTP offences should therefore mean that compliance teams will not need to start from scratch when devising procedures to prevent fraud, ensuring that this framework is sufficiently tailored to the prevention of fraud is still likely to represent a significant compliance burden for organisations, not least because fraud is more difficult to define, given the range of different fraud offences.

Whilst the need to put these procedures in place is primarily a concern for "large organisations", smaller organisations that fall outside the scope of the FTP fraud offence, and particularly those that act as counterparties to large organisations, should also consider whether they need to uplift their policies and procedures in a similar manner. Over time, it is likely that the FTP fraud offence and the standards that it imposes with respect to preventative measures, will be viewed as standard "good practice" (as "adequate procedures" are under the Bribery Act 2010) and large commercial organisations are therefore likely to require that counterparties they deal with, and particularly those that could act as their "associates" for the purpose of the FTP fraud offence, can demonstrate that they also have in place procedures to prevent fraud.

Impact on Enforcement in Practice?

Considering the historic usage of the existing FTP offences (there have been only a small number of prosecutions under the FTP bribery offence and none under the FTP facilitation of tax evasion offences), the main benefit from the introduction of the FTP fraud offence is expected to be deterrence, as opposed to a significant increase in prosecutions. Discussing the potential impact of the new offence, Lord Garnier, who has been a key advocate for the reforms, has stated that the low number of prosecutions for FTP offences is of little importance as the intention behind the reforms is, in his view, to "​​​​​​​create an atmosphere where people mitigate in advance the dangers of those criminal offences being committed".⁶

To the extent that enforcement action is taken, it is likely that the trend of using Deferred Prosecution Agreements – which have been used nine times for the FTP bribery offence since their introduction in 2014 – will continue and will be preferred by prosecutors, other than in the most serious cases. 

There will, however, no doubt be an expectation that now that the SFO and other enforcement agencies have secured the reforms they have long called for, successful enforcement action against corporates will see a significant increase. Whether or not that is the case remains to be seen. What is certain, however, is that corporates now face a sizable task in ensuring that they are prepared for and have the necessary policies and procedures in place to ensure compliance with the new regime. 

Thanks to Isabella Bertolini, Trainee Solicitor, who assisted with this alert.

_{1 Section 2A, Criminal Justice Act 1987.
2 SFO Chief Capability Officer delivers keynote speech at 2023 Cambridge Symposium - Serious Fraud Office.
3 Impact assessment: Reform to the identification doctrine (publishing.service.gov.uk).
4 House of Commons Justice Committee, Fraud and the Justice System, Fourth Report of Session 2022-23 (parliament.uk).
5 Section 465, Companies Act 2006.
6 Simmons and Simmons Podcast series: Forthcoming changes to corporate criminal law https://www.simmons-simmons.com/en/publications/clnedzjm4005iu6x4bacn4ryg/podcast-series-forthcoming-changes-to-corporate-criminal-law.} 

_{White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.}

_{This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.}

_{© 2023 White & Case LLP}