Corporate Criminal Liability in England & Wales

Corporate Criminal Liability in England & Wales: Former Lord Chancellor Signals that Reform is on the Way


Former Lord Chancellor Sir Robert Buckland KC MP has reportedly hinted that new corporate ‘failure to prevent’ offences may be added to the Economic Crime and Corporate Transparency Bill (the Bill) that is currently making its way through Parliament. Speaking at an event hosted by the American Bar Association on 10 October 2022, Mr Buckland (now the Secretary of State for Wales) stated that he is “sure there will be further amendments tabled to the Bill, particularly centred around failure to prevent economic crime”. His remarks come after the Law Commission (a statutory independent body tasked with keeping the laws of England & Wales under review) published its much-anticipated Options Paper in June 2022, setting out ten potential options for the reform of the laws of England & Wales on corporate criminal liability.

This is the latest development in an area of law which has been the subject of significant criticism from prosecutors in recent years, largely due to the legal and evidential difficulties experienced in securing corporate convictions in a number of high-profile cases.

Four of the ten options advanced by the Law Commission relate to the potential introduction of new corporate ‘failure to prevent’ offences in areas such as fraud and human rights abuses, while the remaining six options include: maintaining the status quo (which now appears not to be the UK Government’s preference); modifying the scope of who constitutes a company’s ‘directing mind and will’; introducing new civil and administrative monetary penalties; and / or enhancing corporate compliance obligations. Significantly, the Law Commission considered and rejected the possible introduction of a general corporate ‘failure to prevent economic crime’ offence. This suggests that Mr Buckland’s remarks referred to the introduction of specific ‘failure to prevent’ offences (e.g., in relation to fraud), rather than a broader offence referring to economic crime more widely.

Given the apparent direction of travel as articulated by Mr Buckland, it seems likely that the scope of criminal liability for companies will expand over the coming years. As such, there is little room for complacency and companies may wish to give renewed thought as to whether existing policies and procedures are sufficiently broad, have been properly implemented and will withstand scrutiny by the authorities.

In Depth

Background: Current Law in England & Wales

As the law currently stands in England & Wales, criminal liability for certain offences can be attributed to companies through the ‘Identification Principle’, which provides that, in general and with the exception of certain strict liability offences (e.g., in the health and safety sphere) or ‘failure to prevent’ offences (discussed further below), a company can only be liable for an offence where the individual committing the offence represents that company’s ‘directing mind and will’ (i.e., an individual or group of individuals who are sufficiently senior that their conduct and state of mind can be attributed to the company). Under the current law, this directing mind will generally be that of the members of the board of directors (individually or collectively) and those to whom they (or a company’s articles of association) have expressly delegated relevant authority.

However, over time and as this principle has been applied by the courts, numerous practical difficulties have arisen, especially when seeking to establish the directing mind of large companies with complex governance structures.

In R v Andrews Weatherfoil [1972] 1 WLR 118, the Court of Appeal quashed the conviction of a company accused of corruption, partly on the basis that the employee paying the bribe (a manager of a division) did not have the requisite status and authority for his mental state to be attributed to the company. Almost 40 years later, in R v St Regis Paper Co Ltd [2011] EWCA Crim 2527, a company successfully appealed against a conviction based on the actions of one of its technical managers who dishonestly recorded false entries and submitted misleading reports to the regulatory body for environmental pollution control. Part of the court’s reasoning was that the company had express environmental policies in place which did not grant the technical manager any discretion to falsify records (indeed, a key part of the individual’s role was to promote best practice in environment performance at the company).

Issues related to the Identification Principle came to a head more recently in R v Barclays plc & Anor [2018] (Southwark Crown Court), which was effectively upheld by the High Court in SFO v Barclays plc & Anor [2018] EWHC 3055 (QB). In that case, fraud charges were dismissed against Barclays plc and Barclays Bank plc, despite the fact that (taking the Serious Fraud Office’s (SFO’s) case at its highest) the former chief executive officer (CEO) and chief financial officer (CFO) were alleged to have been involved in the relevant conduct.

On the facts of that case, the High Court found that the bank’s directing mind was that of the full board of directors and the particular committees to which specific authority to undertake the relevant transactions had been delegated. As the full board / committees did not authorise the CEO and CFO to enter into the relevant transactions, the bank could not, it was found, be liable for their acts. This differs from the legal position in relation to partnerships and limited liability partnerships, whereby (as set out in statute) the partnership as a whole will incur criminal liability for the actions of any partner or member acting in the course of business of the firm.

Calls for Reform

The current law has been criticised as inadequate in addressing misconduct carried out by employees of larger companies. Lisa Osofsky, the current Director of the SFO, in common with her predecessor, has called several times for reform, stating that the law in England & Wales makes it “very difficult to hold companies with complex governance structures to account for their fraudulent conduct”. Ms Osofsky and others have noted that senior employees are not always privy to operational-level business decisions (and so the Identification Principle makes it difficult for prosecutors to attribute the wrongdoing of mid-level employees to the company) and it will rarely be the case that the board of directors as a whole can be said to have authorised alleged criminal conduct.

Due to these challenges, prosecuting agencies such as the SFO and the Crown Prosecution Service have called for the expansion of the ‘failure to prevent’ model of offence. This type of offence was introduced into UK law by section 7 of the Bribery Act 2010 (failure to prevent bribery) and can also be found in sections 45-46 of the Criminal Finances Act 2017 (failure to prevent the facilitation of tax evasion). The model criminalises companies for failing to prevent the criminal conduct of their ‘associated persons’ (i.e., persons who perform services for or on their behalf), subject to a defence of the company having had in place adequate (or reasonable) procedures designed to prevent such conduct. This both avoids the need to rely on the Identification Principle and incentivises companies to invest in their compliance programmes.

One suggestion for reform has been the introduction of a broad ‘failure to prevent economic crime’ offence, which would encompass a range of financial crimes such as fraud, money laundering and false accounting. It has even been suggested that the range of offences falling within the definition of ‘economic crime’ could match the extensive list of the offences that can be the subject of a deferred prosecution agreement (DPA), as listed in Part II of Schedule 17 of the Crime and Courts Act 2013.

Against this background, in November 2020 the UK Government asked the Law Commission to examine the issue and publish a paper providing an assessment of different options for reform. In its terms of reference for the review, the Law Commission stated that it would be guided by the need to ensure the proper accountability of companies which engage in criminal conduct, without imposing disproportionate burdens upon businesses.

Options Paper

Following a public consultation, the Law Commission published its Options Paper on 10 June 2022, outlining ten potential options for reform as follows:

(A) Option 1

Retaining the Identification Principle as it stands (in other words, maintaining the status quo).

(B) Option 2A

Allowing conduct to be attributed to a company if a “member of the corporation’s senior management engaged in, consented to, or connived in the offence”.

Under this option, ‘senior management’ would mean “any person who plays a significant role in the making of decisions about how the whole or a substantial part of the organisation’s activities are to be managed or organised, or the actual managing or organising of the whole or a substantial part of those activities”. Consent generally refers to situations in which permission is given to commit an offence, whereas connivance refers to ‘wilful blindness’.

(C) Option 2B

The same as Option 2A, with the addition that ‘senior management’ will be deemed to include the company’s CEO and CFO as a minimum.

This option appears specifically designed to address the situation which arose in Barclays, whereby the CEO and CFO were not deemed to have been acting as the directing mind of the bank.

(D) Option 3

A new offence of ‘failure to prevent fraud’ by an associated person which would be committed where an associated person (such as an employee or agent) commits an offence of fraud with intent to benefit the company or another person on behalf of the company.

As with section 7 of the Bribery Act 2010, this would apply when a company has not put in place reasonable procedures to prevent its associated persons from committing fraud for the benefit of the company.

(E) Option 4

A similar offence of ‘failure to prevent human rights abuses’.

(F) Option 5

A similar offence of ‘failure to prevent ill‑treatment or neglect’.

(G) Option 6

A similar offence of ‘failure to prevent computer misuse’.

This would criminalise a company’s failure to prevent offences under the Computer Misuse Act 1990, such as the offence of unauthorised access to computer material (i.e., hacking). The Law Commission intends for this option to be considered as part of the Home Office’s current review of the Computer Misuse Act 1990 rather than as a standalone measure.

(H) Option 7

Make publicity orders (requiring a company to publish details of its conviction) available in all cases where a company has been convicted of an offence.

(I) Option 8

A new regime of administratively imposed monetary penalties.

These monetary penalties would apply where a criminal act (e.g., a fraud) is perpetrated by a company’s associated person with the intention of benefiting the company. In such cases, the company would be liable to pay a monetary penalty which is enforceable as a civil debt unless it could show that it took reasonable steps to prevent the wrongdoing. As this would be a civil (as opposed to a criminal) sanction, the burden for enforcement would be lower.

(J) Option 9

Civil actions in the High Court, giving the High Court the power to impose civil monetary penalties on companies that have facilitated serious crime.

These penalties could operate in a situation where company decision-makers have not participated in a crime, but the way in which the company has conducted itself has facilitated it. In setting out this option, the Law Commission gave the example of a monetary penalty being imposed on a company after the trial of individuals for offences committed in the course of their employment at the company. This would effectively enable punitive measures to be taken against a company while avoiding the need for a criminal conviction.

(K) Option 10A

A reporting requirement based on section 414CB of the Companies Act 2006, requiring public interest companies to report on anti-fraud procedures.

Section 414CB of the Companies Act 2006 requires ’public interest companies’ (i.e., publicly traded companies, banks and insurance companies with over 500 employees) to publish a ‘non-financial and sustainability information statement’ containing a report on their performance and impact in environmental, social and governance (ESG) and anti-bribery and corruption fields (among others). Option 10A would require public interest companies to include information on steps they have taken to prevent fraud in these statements.

(L) Option 10B

A reporting requirement based on section 54 of the Modern Slavery Act 2015, requiring large corporations to report on their anti-fraud procedures.

Section 54 of the Modern Slavery Act 2015 provides that legal entities carrying on at least part of their business in the UK, with a total annual turnover of not less than £36 million, are required to prepare an annual ‘slavery and human trafficking statement’. In a similar manner, option 10B would require such entities annually to publish information concerning steps they have taken to prevent fraud committed by associated persons.

Dismissed Options

The Law Commission also considered the following models, which were ultimately excluded from the options published:

A broad offence of ‘failure to prevent economic crime’

This option was rejected by the Law Commission as the concept of ‘economic crime’ would, in its view, likely be too broad and render compliance overly burdensome on companies. It would also leave many companies with overlapping duties, such as those under the UK anti-money laundering regime or financial/prudential regulations.

The doctrine of respondeat superior (‘let the master answer’)

Under this doctrine (also referred to as ‘vicarious liability’), which is applied in many United States jurisdictions, the criminal acts or omissions of any employee committed in the course of their employment, no matter how junior, can be attributed to a company.

The Law Commission indicated concerns about the “inappropriateness of the breadth” of the doctrine and noted that, while this model is favoured by some respondents as a route to making company prosecutions easier to achieve, this is not the intention behind the Options Paper. Overall, the Law Commission reasoned that the implementation of this model would “represent a fundamental change in corporate criminal liability” in England & Wales and so, in view of the criticisms of the doctrine and the practical concerns about the lack of prosecutorial safeguards, could not recommend it as an alternative to the Identification Principle.

Models of attribution based on ‘company culture’ or similar

These models would enable a company to be convicted of an offence on the basis of its company culture or systems. This can be seen in Australian law, where some fault elements—such as intent—can be attributed to a company on the basis that its culture or policies and procedures encouraged or permitted the commission of the offence by employees. However, the Law Commission noted that there has been significant debate in Australia about the effectiveness of these provisions, in large part due to a lack of clarity as to the boundaries of company culture.


Undoubtedly, many companies will breathe a sigh of relief that a broad ‘failure to prevent economic crime’ offence as proposed by the SFO is not one of the options recommended by the Law Commission. Companies understandably might have struggled to imagine how they could effectively implement a coherent suite of policies and procedures in relation to all 49 categories of offence (plus ancillary offences such as attempts or conspiracies to commit an offence) that are available for a DPA.

Also absent from the Options Paper are any options focused on facilitating the imposition of criminal liability on companies for sanctions breaches. This is not overly surprising given the apparent enforcement focus on civil fines as opposed to criminal liability for sanctions breaches (as reflected in the recent power given to the Office of Financial Sanctions Implementation to impose strict liability civil fines on persons or entities that breach sanctions laws). That being said, if the criminal enforcement of economic sanctions increases (e.g., in light of the sanctions imposed after Russia’s invasion of Ukraine), similar issues related to the Identification Principle may arise and lead to calls for sanctions-specific form.

As for the actual content of the Options Paper, a variety of stakeholders, including Members of Parliament from the UK’s main political parties and anti-corruption groups, had criticised it for a lack of focus and for failing to set out a well-defined course of action. Such stakeholders may, however, draw some comfort from Mr Buckland’s recent comments that additional failure to prevent offences may be introduced to the Bill, though the detail and scope of such proposals remain to be seen.

In any case, given political developments (including a strengthened desire to fight economic crime as a result of the war in Ukraine) and the pressure from across the political spectrum for reform, companies may benefit from pre-emptively undertaking risk assessments and identifying any gaps in their policies and procedures focused on the prevention of fraud and other economic crimes. This also chimes with an increased focus on compliance globally, not only in terms of reducing financial crime but also in the context of responding to investors’ expectations, effective ESG programmes and good governance generally.

Helpfully in this regard, the SFO has published guidance setting out its expectations as to what constitutes an effective compliance programme. While the Government mulls the Law Commission’s various options for reform, companies may wish to revisit their existing policies and procedures to ensure that they are fit for purpose according to the criteria set out in the guidance.