The Law Commission’s discussion paper seems to start from an assumption that there is something wrong with the status quo, as represented in the ‘identification principle’ set out in the case of Tesco Supermarkets Limited v Nattrass [1971] UKHL 1. But is that right? To the extent that criminal liability is about moral judgements, it surely makes sense that the liability of a company (or other ‘non-natural person’) should depend on the acts and intentions of a person controlling it (its ‘directing mind and will’). To the extent that many modern criminal offences address acts or omissions where no fault is necessarily involved, the law has evolved to enable the courts to vary that principle according to context (by reference to the New Zealand case of Meridian Global Funds Management Asia Limited v Securities Commission [1995] UKPC 5). Various statutory offences, including corporate homicide, and the ‘failure to prevent’ offences, have been created in response to specific identified needs. In these circumstances, it is far from clear that there is any general case to abandon the identification principle, certainly not based on the examples cited by prosecutors.

Considering the Alternatives

Senior managers

The Commission looks at alternative methods from other jurisdictions of attributing criminal liability to companies. In Canada and Australia, statutes have substituted ‘senior manager’ for ‘directing mind and will’, so that companies can be made liable by reference to a broader set of individuals. Should that approach be taken here, of course some thought would need to be given to what ‘senior manager’ means – an issue that will be familiar to those who work in the financial sector, but which is far from simple, and would not easily translate into other, less strictly regulated, sectors.

Corporate culture

The Commission also asks about an even harder, less familiar concept, also used in Australia, where a company can be held liable where a ‘corporate culture’ has ‘directed, encouraged, tolerated or led to non-compliance’. There is surely a risk that this concept is too nebulous to provide legal certainty or to guide juries in knowing when to convict, which may in turn prompt companies to resolve the uncertainty by agreeing Deferred Prosecution Agreements for commercial reasons, rather than because the offence has genuinely been committed. That would in turn have impacts on them in terms of increased cost and risks, and on individuals who may be unfairly identified in the process.

The US system

Finally, the Commission asks about the system in the US, where companies are held liable for the actions of ‘any employee, representative or agent acting in the scope of their employment or agency’. To adopt this principle in the UK would represent a huge change and would come with huge costs and risks to companies and individuals. The case for making such a change has simply not been made out.

Due Diligence Defences

It seems axiomatic that, if any of these alternatives were adopted, they should be accompanied by a defence of due diligence (or, to use the language of the ‘failure to prevent’ offences in the Bribery Act 2010 and the Criminal Finances Act 2017 (CFA), procedures that are ‘adequate’ or ‘reasonable’. Even without such a defence, due diligence steps would be indirectly encouraged by a combination of internal risk management, insurers’ requirements, and sentencing practice. Considering the parameters of any such defence illustrates the difficult issues involved. Would the state provide guidance, as it has in the case of the Bribery Act and the CFA, to help companies with what procedures would be considered ‘adequate’ or ‘reasonable’ in these contexts? To what extent would they be sensitive to the differences between offences, industry sectors, and individual businesses? In what circumstances, if at all, might it be appropriate for a small company to conclude (as it may under the CFA) that it was reasonable not to adopt procedures?

The Consequences for Companies (and Others)

It also seems axiomatic that changes along these lines would come at a cost to companies. While it is true that some procedures already exist – including those aimed at meeting risks from the Bribery Act and the CFA, and those specific to the regulated sector for the purposes of the Proceeds of Crime Act 2002 and money laundering regulations – any of the mooted alternatives would require expansions not just of paperwork and protocols but also of personnel, requiring more people to train in and perform functions relating to compliance (and, as we have already seen, some businesses will find it expedient to ‘poach’ compliance personnel from the public sector). The risk of companies having to pay fines and/or fund legal investigations and defences would also increase and (for some risks and some companies) translate into insurance costs. These increased costs may in turn lead to increased prices for consumers and/or impact on the competitiveness of certain market sectors, where barriers to entry become too high for new market participants. The scope for individuals to become suspects in criminal cases, whether rightly or wrongly, would also increase, with all the potential for serious injustice that this implies.