A number of recent events in the corporate space has brought the issue of corporate criminal liability to the fore once again. In this edition’s in-depth read, Craig Weston, barrister at Irwin Mitchell, explains why now is the time to address the issues of bribery and economic crime in your company. 

Recent months have seen a gear change in the prosecution of corporates, with four deferred prosecution agreements (DPAs) concluded in the past 18 months, compared to only four successful prosecutions of corporates by the Serious Fraud Office (SFO) between 2000 and 2014.

The DPAs the SFO has recently concluded with Rolls Royce and Tesco Stores Ltd have thrown a torch on corporate cultures and behaviours, and demonstrated that UK prosecutors are getting serious about investigating and sanctioning corporates for serious corporate bad behaviour.

Further, the government has just enacted a corporate failure to prevent the facilitation of tax evasion offences (more of which later). When one also considers that the government has also just consulted on a proposal to reform corporate criminal liability (CCL) and extend it to cover other ‘economic crimes’, it is clear that in-house counsel who often operate at the coalface of the risks associated with CCL will be required in the not too distant future to play a central and pivotal role in helping companies to mitigate the risks of committing a broader range of corporate criminal offences. 

Companies that fail to take the issue seriously may be subject to reputational damage, see a negative impact on the value of the business, and even face prosecution and risk being debarred from public procurement exercises. Now more than ever, companies are at greater risk of becoming involved in criminal investigations due to the rise of investigative journalism, whistleblowing and an increase in the number and activities of organisations such as Transparency International and CORE that seek to hold corporate bodies to public account.

This article examines what the current law is and where it is likely to end up. I also look at what in-house counsel can and should be doing to mitigate the risks associated with CCL.

Where are we now?

Under the law as it currently stands, there are a number of ways in which a company can be at risk of facing criminal liability.

1. Under the doctrine of the ‘controlling mind test’

This is where the acts and state of mind of those representing the directing mind of a company (usually ‘the board of directors, the managing director and perhaps other superior officers of the company who carry out functions of management and speak and act as the company’) are imputed to the company itself, and as such the company is deemed to have committed those offences.   

One of only a handful of examples of the identification principle being used by the SFO to bring a successful prosecution is Severn Trent Water in July 2008, for providing false leakage data to its regulator OFWAT. It faced a fine of £2m and £220,000 costs.

2. Vicarious liability under various strict liability offences in individual statutes

These offences usually occur in health and safety and environmental investigations and normally where there is no mental element to the offence. For example, all traffic offences carry strict liability unless they expressly require fault. If an offence of strict liability is committed by an employee of a company in the course of their employment, the company may also be criminally liable.

3. Specific corporate offences 

For example:

a. corporate manslaughter, under the Corporate Manslaughter and Corporate Homicide Act 2007

b. failure to prevent bribery and corruption – section 7 of the Bribery Act 2010 (BA 2010). This piece of legislation created a stand-alone corporate criminal offence whereby a commercial organisation is guilty of an offence if it fails to prevent persons associated with a commercial organisation from bribing another person to obtain or retain business for the organisation or to obtain or retain and advantage in the conduct of business. 

This offence bites on a commercial organisation or partnership which is incorporated under UK law, and which carries on a business whether in the UK or elsewhere. It also bites on any body corporate (or partnership) wherever incorporated that carries on a business or part of a business in any part of the UK.

Commercial organisations should be aware that the offence has extraterritorial effect, in that companies can be prosecuted for failing to prevent bribery that occurs outside of the UK.

The section 7 offence is a example of a strict corporate liability, however there is an important check and balance to the offence in the form of a defence of having ‘adequate procedures in place designed to prevent persons associated with the commercial organisation from undertaking bribery’.  The government has published guidance on the issue of adequate procedures which can be found at www.justice.gov.uk/downloads/legislation/bribery-act-2010-guidance.pdf.

What has changed recently?

The most significant developments in the area of corporate criminal liability have come in the form of:

1. DPAs

In February 2014, the SFO and the CPS gained a power to offer corporates deferred prosecutions without the need to go to trial in return for the payment of significant financial penalties. The SFO / CPS can use this tool not only in relation to the BA 2010, but a variety of criminal offences such as theft, false accounting, fraud, fraudulent evasion of VAT and others as set out in schedule 17 to the Crime and Courts Act 2013. 

To a certain extent, DPAs have been introduced to help prosecuting authorities to deal with the problems they have faced in resourcing large and complex investigations into corporates, and also the hurdle of the identification doctrine in offences relating to economic crime, both of which have resulted in few prosecutions against corporates. The generally accepted aim of the DPA regime is to generate a shift in corporate culture to openness and self-reporting of corporate behaviours that may be viewed as criminal, particularly when such investigations can be costly both in terms of financial resources and the reputational damage that can occur. 

Until the recent Tesco DPA, the SFO had only concluded three DPAs all in relation to bribery. The Tesco DPA can be seen as a step forward and a broadening of the SFO’s approach to DPAs as it related to false accounting.

The DPAs made in relation to XYZ (in 2016, with an as-yet unnamed company) and Rolls Royce have demonstrated that although the SFO guidance on DPAs suggests the financial penalty should be commensurate with that imposed on a conviction, in reality the courts, and by agreement the SFO, are becoming ever more flexible as to the level of discounts that might be applied for early self-reporting, full disclosure and engagement with the SFO during the investigation stage. I discuss later on what can be learnt from the four DPAs, and how this might shape the planning for procedures to deal with economic crime.

2. Corporate offence of failing to prevent the facilitation of tax evasion

The government has recently published a bill which is due to come into force in autumn 2017, in which two new offences are created. The first offence will apply to all business, wherever located, in respect of the facilitation of UK tax evasion. The second offence will apply to businesses with a UK connection in respect of the facilitation of non-UK tax evasion. The offences are similar to the section 7 of the BA 2010 offence in that they are subject to a ‘reasonable prevention procedures’ defence. As such, the controlling mind test does not form part of these offences.

As with the BA 2010, the government has published guidance on the defence and has indicated that six principles underpin the defence:

·     risk assessment

·     proportionality of risk-based prevention procedures

·     top level commitment

·     due diligence

·     communication (including training)

·     monitoring and review.

These are substantially the same or similar to the principles that underpin the ’adequate procedures’ defence in the BA 2010.

Whilst companies in the banking, financial and professional services industries are likely to be at highest risk and will shoulder the largest compliance burdens, businesses and their in-house counsel in all sectors are advised to conduct thorough and enhanced due diligence in relation to business operations, suppliers, employees, agents and its systems and the manner in which payments are made for goods and services, particularly where companies are engaged with offshore companies and accounts.

Where are we going (or: is it going to get any less onerous)?

It appears from the recent government call for evidence on CCL (https://consult.justice.gov.uk/digital-communications/corporate-liability-for-economic-crime) that the way ahead for corporates is only going to become more risk and compliance-focused, and the resource burden ever greater.

The call for evidence considers, in the context of economic crime, the extent to which the identification principle (controlling mind test) is deficient as a tool for effective enforcement of the criminal law against large modern companies. It considers the need for reform and seeks views on the most suitable approach to reform. There is no doubt that this consultation comes in the wake of the perceived success of section 7 of the BA 2010 and support for the extension of that model from SFO director David Green, and the public clamour for corporates to be held to account (particularly in the wake of the LIBOR investigations).

The options that the call for evidence considers are:

1. Amendment of the identification principle to broaden the scope of those considered to be the controlling mind of a company

2. Strict (vicarious) liability – making companies liable for the criminal acts of its employees, representatives or agents, without the need to prove any fault element such as knowledge or complicity at the corporate centre

3. Strict (direct) liability – a company could be liable of a separate offence akin to a breach of statutory duty to ensure that economic crime is not used in its name or on its behalf. This would likely be in tandem with a due diligence / an adequate procedure-type defence, and is the model employed in section 7 of the BA 2010 where the burden is on the defence to evidence adequate procedures

4. Failure to prevent as an element of the offence – in this model, it is for the prosecution to prove not only that the predicate offence occurred, but that it occurred as a result of management failures, manifestly as negligent conduct or as systematic inadequacies in policies and procedures. This is the same as option 3, but places the burden of providing inadequate procedures to prevent the offences occurring on the prosecution

5. Regulatory reform – this option considers building on regulatory reforms already seen in the financial services industry which seek to deter misconduct through strengthening individual accountability, particularly at senior manager level. This option considers broadening the scope of the senior manager regime to other industries.

Although the call for evidence is now closed, the government has indicated that it is likely to consult further on the particulars of its preferred option. In-house counsel are well placed to respond to any such consultation and can provide important opinions and data on the impact any reform may have on the businesses they advise. It is important the government hears from those who will be affected by any reforms as well as the lawyers who advise such businesses.

The common factor in all of the reform options is that there is likely to be a significant resource and compliance burden placed on companies in order to mitigate the risk of economic crime. If the approach taken to bribery and tax evasion is an indicator of the government’s preferred model, we are likely to see some new form of section 7, in failing to prevent offence in relation to economic crime.

What can in-house counsel and companies do now?

In light of the BA 2010 being nearly six years old; the government’s new consultation on economic crime; the SFO flexing its muscles in relation to corporate DPAs beyond bribery; and the public clamour for greater corporate responsibility, companies and their in-house counsel should try and get ahead of the curve and take proactive steps to risk assess their businesses in the context of exposure to economic crime, and reassess their exposure to bribery and plan a proportionate response to ensure sufficient resources are made available to those managing the process. 

In-house counsel should consider getting ahead by undertaking an audit of their organisation’s anti-bribery and corruption compliance systems. This will help to identify where your organisation’s vulnerabilities lie in respect of the government’s proposed widening of the offence of failing to prevent to include economic crime. This is likely to have the added bonus of sharing the resource costs.  

Although a company’s response is likely to involve detailed anti-economic crime policies and updated bribery policies, our experience has taught us that for a company to put itself in the best position to avail itself of an adequate procedures defence or to self-report and negotiate a DPA, there needs to be a shift away from the standalone projects that focus on the drafting of policies and risk identification, towards organisations recognising a need to allocate significant resources to making a culture of anti-economic crime pervasive in their organisations, including auditing and internal investigation projects to measure the success of those initial policies.

The corporate prosecutions for bribery and the DPAs in recent months have, in one form or other, involved companies that had policies in place but which were ineffective or not being implemented. There have been four key themes or shifts in focus as a result of those cases which should help to demonstrate and evidence ‘adequate procedures’ being in place.

1. A need for top-level commitment to prevent bribery and corruption or economic crime

2. The need for anti-bribery and anti-economic crime to be pervasive throughout an organisation

3. Robust testing, modelling and auditing of policies and systems and controls (whether internally or through an external law firm)

4. Continual reassessment of the adequacy of the policies and amendment where necessary.

Organisations are encouraged to avoid a situation where policies and procedures sit in a file on a shelf, as to do so is unlikely to avail an organisation of the adequate procedures defence under the BA 2010 or any future economic crime legislation. What is clear from the cases we have seen is the importance the SFO will place on the views of employees throughout the organisation (through employee interviews) to understand their awareness and interpretation of policies when forming a view as to whether an organisation can rely on the ‘adequate procedures’ defence.

Reviewing compliance and planning ahead

In-house counsel should consider reviewing BA 2010 compliance and planning for economic crime prevention by: 

·     Being proactive, and keeping a record of steps taken, decision-making, and audits projects

·     Regular reporting at board level on anti-bribery / economic crime compliance

·     Regularly reviews of contractual relationships and third party policies and procedures on these issues.  Tough commercial decisions should be taken where counsel are not satisfied with compliance in the supply chain, thereby mitigating the risk to their organisation

·     Ensuring employees receive training on bribery / economic crime risks and ensuring regular updates. Keeping records of the provision of training. Sampling interviews of employees in high-risk parts of the business

·     Updating and modifiying policies and procedures to new risks, new supply chains, new jurisdictions. An out-of-date policy is not a good policy

·     Consideration of publishing (as with modern slavery statements) anti-bribery and corruption / economic crime statements on compliance efforts

·     Regularly monitoring and testing policies and procedures. ‘Dry runs’ or modelling test scenarios are an extremely useful method of ensuring your policies and procedures work. This is likely to be the key element in providing a robust audit trail of anti-bribery / economic crime compliance.

If not now, when? 

There are particular trigger events which provide a good opportunity to review your company’s anti-bribery policies and risk assess and develop policies for economic crime. For example:

·     a merger or acquisition (as part of the due diligence process) – where you can assess your company against the target company, and take account of new markets, jurisdictions or industries

·     where your company expands into a new jurisdiction – you will want to ensure the policies remain proportionate to the risks associated with those jurisdictions

·     where your company engages with a new supplier or supply chain

·     where your company engages with a new agent

·     where your company expands its products or services

·     when there is a government or regime change in an existing jurisdiction in which your company operates

·     where BA 2010 / economic crime weaknesses have been identified following an internal investigation.

On each occasion, what might have been adequate before should be reconsidered in light of the new circumstances. What you cannot do is sit back and do nothing.

What happens if it all goes wrong?

First, do not panic. If a possible criminal offence comes to light, an in-house counsel will want to consider starting an internal investigation as soon as possible. It is advisable to contact an external legal firm for advice and assistance in relation to an internal investigation, particularly in light of privilege issues that are likely to arise during any such investigation. Some practical tips in relation to dealing with internal concerns include:

·     Keep any investigation team as small as possible. Keep a defined and detailed record of who they are

·     If possible, keep the investigative function within the legal function or a direct report of the legal function

·     Keep a ‘client’ list of who is to be informed of progress (usually senior management and board level)

·     Keep communication about the issue to a minimum and within the investigation team

·     Act quickly to ensure those outside of the investigative function are not talking or writing about the issue

·     Plan and prepare the investigation, and keep records of decisions on its scope and the way in which things will be approached

·     Set timetables for actions to be completed

·     Keep notes, plans and reports confidential

·     Consider outsourcing to an external law firm by way of instruction or using a law firm for particular parts of the investigation.

The broadening of corporate criminal liability is coming in one form or another, with the aim being to make it easier to prosecute companies. In-house counsel should start planning now, whether that be picking up the phone to an external law firm to understand the issues further, planning a risk identification exercise, or conducting an audit of current policies. The key message is act now and be proactive.