Q&A: The Economic Crime and Corporate Transparency Act

Headlines

• The Economic Crime and Corporate Transparency Act (the “Act”) is part of a wide legislative package to prevent abuse of UK corporate structures and tackle economic crime and received Royal Assent on 26 October 2023.
• Significantly, the Act addresses prosecutors’ long-held difficulty in establishing corporate criminal liability by replacing the requirement to prove that a company’s ‘directing mind and will’ had the requisite criminal intent with a ‘senior manager’ test. 
• A company will now be criminally liable where a ‘senior manager’ “acting within the actual or apparent scope of their authority” commits any of the list of corporate economic criminal offences specified in the Act.  
• The Act states that a ‘senior manager’ is someone who “plays a significant role” in the “decisions” or the “actual managing” of the organisation. There are questions as to how this will be applied in practice.
• The Act introduces a ‘failure to prevent fraud’ offence (see our previous update).

Read on for the significant impacts of the Act as they relate to senior managers and the failure to prevent fraud offence.

Senior Managers

1. What is the effect of the reform of corporate criminal liability?

Since 1971, to secure a conviction of a corporation, prosecutors have had to establish that the offence was committed by the ‘directing mind and will’ of the company. 

The rationale? Only the ‘guilty mind’ of the highest level of management could be considered as embodying that of the company and make it liable. Anything less than that would be fiction. This is the so-called ‘identification doctrine’.

The change brought about by the Act is that if a ‘senior manager’ commits a relevant offence, the organisation is also guilty of the offence.

2. Why the change from ‘directing mind’ to ‘senior manager’? 

The problem with the 50-year-old identification doctrine is the difficulty in applying it in the context of large companies in the present day. As the government notes in its Factsheet, “the past few decades have seen companies grow tenfold…their governance and management becomes more complex with new teams and subsidiaries that control different aspects of the business”. 

The risk that companies can escape liability increases if key decisions are decentralised away from the most senior level, dispersed across multiple directing minds who are not considered sufficiently controlling enough to embody the company and make it liable. In other words, it is difficult to determine who really pulls the strings and directs business functions. 

This position has been subject to criticism. Back in 2018, now-outgoing Director of the SFO, Lisa Osofsky, warned that the SFO was “hamstrung by the identification principles”.[1] She was right: this issue came to thwart the SFO in its attempts to secure high profile convictions, even where evidence of CEO dishonesty was strong.

3. Will this reform increase corporate criminal convictions?

The intention of the Act is to make it easier to hold companies criminally liable. How this translates to convictions is another matter. The government’s Impact Assessment considers that this reform will only increase court cases by 0-3 per year but also notes that “it is likely that corporate prosecutions will be dealt with by a Deferred Prosecution Agreement”.

As Lord Coaker said in the House of Lords: “the Bill is an important step forward, but the enforcement of it is everything. If laws that have been improved are not enforced, much of the debate and discussion we have had will not be as valuable as it should be.” We might expect that pressure maybe put on enforcement agencies in light of the Act.

As to the Serious Fraud Office’s reaction, Nick Ephgrave, new director of the regulator as of 23 September 2023, said: “this is the most significant boost to the Serious Fraud Office’s ability to investigate and prosecute serious economic crime in over 10 years. This new law will help prevent crime, as big businesses can no longer turn a blind eye to fraud. We welcome the expansion of our search powers, which will help speed up our investigations.”

Ultimately, whether the reform will increase corporate criminal convictions depends on who exactly a senior manager is and the evidential challenges that prosecutors might face in showing it.

4. So, who is a ‘senior manager’? 

The Act states that a senior manager is an individual who “plays a significant role” in:

• “the making of decisions about how the whole or a substantial part of the activities of the [organisation] are to be managed or organised” or
• “the actual managing or organising of the whole or a substantial part of those activities.”

The ‘senior manager’ test is intended to replicate the equivalent “senior management” test in the Corporate Manslaughter and Corporate Homicide Act 2007. Although there is no case law interpreting “senior management” in that context, the Ministry of Justice’s accompanying guidance to that act notes that “senior management” comprises “people who make significant decisions about the organisation, or substantial parts of it” and includes both those “carrying out headquarters functions…as well as those in senior operational management roles”. The guidance acknowledges the fact-specific nature of the test: “exactly who is a member of an organisation’s senior management will depend on the nature and scale of an organisation’s activities”.

So who is a ‘senior manager’ seems to boil down to a question of substance, not form; a test that will require more than a plain reading of job titles. The relevant questions to ask will likely include: What are the individual’s responsibilities? What is their role? What influence do they exert within the organisation?

5. What if the offence is committed outside the UK?

If the offence takes place outside the UK, the Act provides that the organisation is only guilty of the offence if “it carried out the acts that constituted that offence (in the location where the acts took place)”.

How this translates depends on the offence in question. For example, a UK company can be liable for a breach of UK sanctions if its senior manager, a UK national, committed a breach outside the UK. 

6. Next steps for companies?

In the absence of guidance on the matter (and analogous case law), it might be difficult for companies to plan around this reform. As noted, there may be evidential challenges in identifying senior managers, especially in the context of prosecuting large companies which have complex reporting matrices and decision-making processes.

In the first instance, it would be prudent for companies to identify who might be considered a senior manager and ensure that adequate training and risk prevention measures are in place.

What about the failure to prevent fraud offence?

a. What’s covered by the offence?

The ‘failure to prevent’ concept constitutes another inroad into holding companies to account for fraud committed by their employees, agents, and other individuals.  

The fraud offences covered are wide-ranging and include: fraud by false representation; obtaining services dishonestly; participating in fraudulent business; false accounting; false statements by company directors; fraudulent trading; and cheating the public revenue. 

As for what this might look like in the corporate context, following the Act’s consultation process, law makers cited “dishonest sales practices, hiding important information from consumers or investors, or dishonest practices in financial markets” as examples of the type of behaviour intended to be caught by the offence. It may be that public procurement fraud, false and dishonest statements made to investors, and instances of greenwashing could be subject to this regime.

The House of Commons decided that the offence would not cover failure to prevent money laundering, noting that the existing money laundering regime is already strong enough.

b. Is there a reasonable procedures defence?

Yes. Like the UK Bribery Act, if a company can prove that it had reasonable precautions in place to prevent fraud or that it was reasonable to have the precautions in place that it did, it will not be liable. The government is under a statutory obligation to issue guidance on “reasonable precautions” before the offence comes into force.

c. Who will it apply to?

Unlike the ‘senior manager test’ which applies to all companies, the failure to prevent offence will apply only to larger companies which must have at least two of the following:

• More than 250 employees
• More than £36 million turnover
• More than £18 million in total assets

The House of Commons rejected the House of Lords’ proposal to widen the scope of the offence to medium-sized companies seemingly with Business Minister, Kevin Hollingrake MP, noting that while “larger companies clearly have the capacity and human resources and risk compliance departments to mitigate these kind of risks”, applying the offence to smaller organisations would mean that they would “incur significant costs” (i.e. because they have less in-house compliance resources and budgets to implement compliance systems that would constitute adequate or reasonable procedures).

d. Interplay with reform to “identification doctrine”?

To establish this offence, there is no need to show that the company’s directing mind and will (or senior manager) were involved in the wrongdoing. In effect, it means that a company can be liable for actions of lower-level employees where the definition of ‘senior manager’ might fall short. Conversely, it also means that a company can be liable for both the underlying offence and the failure to prevent the offence.

e. Extra-territorial effect? 

The government’s factsheet on the new offence states that “if an employee commits fraud under UK law, or [is] targeting UK victims, the employer could be prosecuted, even if the organisation (and the employee) are based overseas”.

Significantly, it appears that a non-UK company could be prosecuted for failing to prevent an associated, non-UK party from committing fraud outside the UK if there are “UK victims” of that fraud.

f. What if the fraud is perpetrated against the company itself?

The company will not be liable if it was victim of the fraud.

However, it appears to be the case that if a person committed the fraud against the company with the intention to benefit the company, the company can still be liable (even if the company did not in fact gain any benefit).

g. What steps can companies take?

Subject to further information provided in the government’s pending guidance on “reasonable procedures”, it might be sensible to consider the following steps:

• Ensure the right tone from the top regarding addressing fraud.
• Implement training on fraud prevention.
• Conduct impact assessments as to where fraud risks come from and establish a compliance regime to address these risks. 
• Review terms of the business with third parties and consider whether conflicts of interests could arise.
• Make sure that whistle-blowing mechanisms allow instances of fraud to be flagged.

Any questions? Please contact any of the authors of this Q&A.

[1] Select Committee on the natural environment and rural communities act 2006 (parliament.uk), page 308.