Following an earlier call for evidence in 2017, the Law Commission has been tasked with considering options to reform the law on when and how companies should be held liable for criminal offences. Earlier this year it published a discussion paper and invited responses to 13 questions.
A clash of concepts
When should a company (or other ‘non-natural person’) be deemed guilty of a crime? The answer is far from obvious. As a starting point, the concepts of ‘corporate personality’ and ‘crime’ do not seem easily compatible. The first is a convenient legal fiction, enabling shareholders to make their capital work for them in a way that limits their personal liability; the second is a moral judgement on behalf of society at large, a public statement that certain conduct merits condemnation and punishment. Where the two concepts meet is those scenarios where the legal fiction interferes with the process of moral judgement (for instance, where a company does harm in ways that are hard to attribute to particular individuals), or, conversely, enables it (by way of public statements about, and remedial steps by, companies, which might not be achievable by prosecuting individuals). With that in mind, a handful of points of principle should be noted from the outset in the context of the Law Commission’s discussion paper about changing the basis of corporate criminal liability in the UK.
A complicated picture
First, criminal offences in the UK vary in a number of ways that are significant in this context, including their fault element (as focused on by the discussion paper), as well as whether they are typically committed by omissions rather than acts (as in, for instance, corporate homicide, health and safety offences, and breaches of money laundering regulations), and whether they can be dealt with otherwise than by criminal prosecution (for instance by civil penalties, Deferred Prosecution Agreements (DPAs), or regulatory steps, such as suspending, varying or withdrawing of licences or registrations).
In a related point, some companies are more regulated than others, as society has made judgements about the extent and nature of their responsibilities, based on the sectors in which they operate. A company that manufactures or supplies medicines, for instance, will face a set of responsibilities (many of them backed with criminal penalties for breach) on top of those applying across all sectors (like bribery or financial sanctions). We do not start with a level playing field.
Making the case for change
Second, any change to the basis of corporate criminal liability in the UK will come with a cost to the companies affected, in terms of additional compliance measures and risks, some but not all of which may be hedged by way of insurance. The debate, as and when there are major changes to be considered in Parliament, is likely to be fierce (as it was prior to the passing of the Bribery Act 2010).
Given that, it is important to bear in mind that expanding the scope of the criminal law should not be the first or the only tool to reach for, to deal with a problem. It is notable that the examples from prosecutors annexed to the discussion paper all involve either public procurement (which might be addressed by tightening up contractual provisions or due diligence) or financial services (which might be addressed by the rules and processes of the Financial Conduct Authority), rather than by introducing new corporate offences or changing the basis of corporate criminal liability in general.
When examining the case for making changes to the law on corporate criminal liability, it is also important not to conflate (as the prosecutors’ examples seem to do) the question of whether conduct (by companies or individuals) should be criminal in the first place, with the separate question of whether it ought to be easier to prove and penalise such conduct.
Acting on behalf of a company
Third, when we consider the circumstances in which the actions of an employee, or some other person associated with a company, can fairly be attributed to it, we must axiomatically be thinking of actions taken in the context of that person’s role with the company, on its behalf, or for its benefit (even if not, necessarily, within the strict scope of their role or approved by the appropriate manager). It would certainly be irrational to make a company liable for, to take an extreme example, acts of fraud committed by an employee against it (as where someone abuses their position within a company to siphon funds from it). But the dividing line between an action taken by an individual on behalf of a company, and one that abuses their position by committing a criminal act for which they had no authority, will not always be clear.
The impact on individuals
The last, and most important, point of principle in this context is that the impact of changes in this area will also be felt to some extent by individuals, and that impact should be carefully considered. At the time of writing, it is starkly notable that literally no convictions of individuals have been obtained in cases linked to DPAs; in some cases, the associated prosecutions of individuals have led to acquittals. It is hard not to conclude that the convenience to companies and prosecutors of resolving criminal cases in this way has come at the price of implicating (and, therefore, causing financial and reputational damage to) individuals who are legally (and, we must therefore assume, also factually) innocent.