Chapter Seven:
Legislative Developments

Reform of the Identification Principle

Background

Over the past decade in the United Kingdom, there have been persistent calls for reform and expansion of corporate criminal liability. Under English law, a company will generally be liable for criminal offences only where the criminal conduct of a sufficiently senior individual or group of individuals, acting as the “directing mind and will” of the organisation, can be attributed to the company (known as the identification principle). The identification principle has long been criticised for its limitations in holding companies accountable due to the challenges of meeting this high evidential threshold.

The government has acknowledged the difficulties associated with the identification principle and has, to this end, introduced, via the Economic Crime and Corporate Transparency Act, a provision that puts the identification principle on a statutory footing and expands its scope to create corporate liability in circumstances where a “senior manager” commits a relevant offence while acting within the actual or apparent scope of their authority.

The Act’s definition of a “senior manager” is an individual who plays a significant role in either the “making of decisions about how the whole or a substantial part of the activities of the organisation is managed or organised,” or in the “actual managing or organisation of the whole or substantial part of those activities”. While this definition broadens the scope of the identification principle, it is currently not clear who will be considered a “senior manager” or what a “substantial part” of the activities of the organisation means in practice. These issues are likely to be subject to debate in future litigation.

In the first instance, the widened principle will apply only to economic crimes such as fraud, bribery, money laundering, and offences of the Proceeds of Crime Act 2002. However, the government has indicated that the principle will be extended to all criminal offences in the future.

A New Offence – Failure to Prevent Fraud

Background

Continuing the theme of reform of corporate criminal liability, last year the UK Law Commission reviewed the identification principle and considered a number of possible legislative reforms to address the issues discussed above. One proposal was to extend the “failure to prevent” model already implemented in respect of bribery[1] and tax evasion[2] offences to other financial crimes. Under these laws, a company can be liable for failing to prevent misconduct by any person associated with the company. Consequently, the government in 2023 used the Act to introduce a much-anticipated and long-awaited new corporate offence of “failure to prevent fraud”.

The government’s press release[3] accompanying the new failure to prevent fraud offence explains that the intention is to “make it easier to prosecute a large organisation if an employee commits fraud for the organisation’s benefit.” It will do so by removing the “requirement to prove that company bosses ordered or knew about a fraud committed by an employee”.

What Is The New “Failure to Prevent Fraud” Offence, and Who Will Be Affected?

The failure to prevent fraud offence attributes liability to a company if a person “associated” with that company commits a substantive fraud offence intending to benefit the company or any person to whom, or to whose subsidiary, the associate provides services on behalf of the company.

A person is to be regarded as associated with a company if they are an employee, agent, or subsidiary of the company or they otherwise perform services for or on behalf of the company.

The new offence will apply to all “large” corporate bodies and partnerships in all sectors incorporated or formed anywhere in the world.

An organisation is “large” if it meets two of the following criteria:

• More than 250 employees,

• More than £36 million turnover,

• More than £18 million in total assets.

This is the first of the “failure to prevent” offences to be restricted in this way. Both the existing corporate offences of failure to prevent bribery and failure to prevent the facilitation of tax evasion apply to all organisations, regardless of their size. The government’s stated aim in limiting the scope of the offence is to ensure that the compliance burden on businesses is proportionate.

What Substantive Offences Are Captured?

Under the new law, companies will be liable for fraud offences that are most likely to be committed in a corporate context (provided that those offences are committed by an associated person with the requisite intent, as explained above). The underlying offences include, for example, fraud by false representation under the Fraud Act 2006, false accounting under the Theft Act 1968, and fraudulent trading under the Companies Act 2006.[4] Attempts during the legislative process to expand the scope of the new offence to include failure to prevent money laundering were rejected by the government.

Jurisdiction

The new offence does not expressly state its jurisdictional scope. However, the government has said that while the offence will apply to companies and partnerships based overseas, it will only apply where companies’ employees or associated persons commit fraud under UK law or fraud that targets UK victims. This suggests that the jurisdictional scope of the corporate offence is dependent on that of the underlying substantive fraud offence, which typically requires an element of the fraud to have taken place in the United Kingdom or for the fraud to have been carried out by a UK registered company or UK individual (anywhere in the world). Accordingly, the jurisdictional scope of the new offence is much narrower than, for example, the scope of failure to prevent bribery, which applies to all organisations incorporated or carrying on business in the United Kingdom, regardless of where in the world the misconduct takes place.

Is There a Defence?

A defence is available if an organisation can show that it had “reasonable” fraud prevention procedures in place or that it was not reasonable in all the circumstances to expect the organisation to have any prevention procedures in place. This follows in the footsteps of the defence to the failure to prevent tax evasion offence, but stands in contrast to the defence to failure to prevent bribery, which requires that “adequate” procedures be in place in all circumstances.

In addition, when a company’s associate commits fraud intended to benefit a person to whom, or to whose subsidiary, the associate provides services on behalf of the company, the company would not be liable if it was itself a victim of the fraud offence (or was intended to be).

Penalty

As with the offences of failure to prevent bribery and failure to prevent the facilitation of tax evasion, a company convicted of failing to prevent fraud faces an unlimited fine.

Recovery of Cryptoassets

Background

In addition to these reforms, the Act introduces new amendments to the Proceeds of Crime Act 2002 to make it easier for the United Kingdom’s law enforcement agencies, such as the SFO and the National Crime Agency, to recover cryptoassets that are or represent the proceeds of crime.[5] As cryptoassets are increasingly used to conceal the proceeds of crimes such as fraud, the government has brought in new powers to expand the circumstances in which cryptoassets can be recovered by the authorities. Reforms will be brought in to both the criminal confiscation and civil forfeiture regimes.

Criminal Confiscation Reforms

The United Kingdom’s criminal confiscation regime allows a confiscation order to be made against defendants to deprive them of the proceeds of their criminal conduct following conviction. Broadly, reforms to the criminal confiscation regime comprise the following:

• Removal of the requirement for a person to have been arrested before seizure powers can be used, so that assets can be more easily confiscated at a later date,

• Specific amendments to search, seize, and detention powers to allow officers to recover cryptoassets in a way broadly similar to the recovery of tangible property,

• Provision of powers to the magistrates’ court to authorise the sale of any cryptoasset in the same way that they authorise with assets such as cash, and

• Provision for the destruction of cryptoassets in exceptional circumstances.

Civil Forfeiture Reforms

The United Kingdom’s civil forfeiture regime allows the forfeiture of assets where it is “more likely than not” that they are derived from criminal conduct. Currently, only five agencies can recover cryptoassets using civil powers in the High Court. Reforms to the civil forfeiture regime are therefore focused on making it easier for cryptoassets to be recovered in the magistrates’ court by more agencies. Broadly, the new powers will do the following:

• Enable law enforcement agencies to take control of and recover cryptoassets discovered when executing a search warrant,

• Enable law enforcement agencies to recover cryptoassets direct from cryptoasset exchange providers and custodian wallet providers,

• Enable detained cryptoassets, or those which have been frozen in a wallet, to be converted to cash pending the outcome of a final forfeiture hearing,

• Provide for the destruction of cryptoassets in exceptional circumstances, and

• Provide for detained or frozen cryptoassets and related items to be released to victims at any stage of proceedings.

Extension of the SFO’s Pre-Investigation Powers

The SFO currently has powers under section 2 of the Criminal Justice Act 1987 to compel individuals or companies to provide information following the opening of an investigation. The provision was amended in 2008 to extend this power, under section 2A of the CJA, to cases of international bribery and corruption at a pre-investigation stage. The government has now proposed expanding the scope of the section 2A powers to all SFO cases.[6] According to the government, the extended powers will allow the SFO to promptly determine whether a crime has taken place, ensure that the early stages of an investigation progress more quickly, ensure that proceeds of crime are identified more quickly, and more effectively sift out cases that do not meet the criteria for an investigation to be opened at the intelligence stage.

How Should Companies Prepare?

Although there were a number of legislative developments in 2023, companies are most likely to be impacted by the reform of the identification principle and the new offence of failure to prevent fraud. These provisions were approved by Parliament in October 2023; while the updated identification principle took effect from 26 December 2023, the new offence will need to be brought into force by Statutory Instrument. We expect to see it take effect towards the end of 2024.

Companies (in particular those that will qualify as “large” under the test described above) should use this time to be proactive, taking stock of their existing systems and controls to prevent financial misconduct and testing their effectiveness in anticipation of the new legislation. While most organisations will be able to leverage existing compliance procedures, these will need to be carefully reviewed and revised where necessary to take into account the additional risks presented. Companies will also need to ensure that their legal and compliance functions understand the structure of the anti-fraud procedures and that employees are fully trained on any new requirements. Crucially, new procedures and controls must be properly explained and implemented across the whole organisation, driven by a clear “tone from the top” set by senior management.