Euan McMahon
Legal Director
Hi everyone, welcome to Inside Investigations. I’m Euan McMahon, I’m a Legal Director in the Civil Fraud and Investigations Team here at Mishcon and I am joined by Chris Gribbin, he’s in our White Collar Crime and Investigations Team. Um, this is number five I our series of investigations related webinars. If you’ve not joined before they’re a series of short lunchtime sessions, uh, that we ran last year and we’ll be running this year, um, covering various investigations topics. So we’ve done workplace investigations, uh, dawn raids, PR and investigations, and open source intelligence. Uh, if you’re interested in any of those sessions and you didn’t catch them live, then you can get them online on Mishcon’s website. In this session we’re going to be talking about corporate criminal liability. Uh, so Chris, let’s start with the title of this session. Corporate Criminal Liability an Evolving Landscape. What do you mean by that? What’s, what’s evolving, what’s changing in this space?
Christopher Gribbin
Managing Associate
Yes, thanks Euan and, uh, hello everybody. Um, what’s evolving in this space? Well, uh, a number of things are evolving and some very important changes have taken place, um, about how the law approaches criminal liability for corporate bodies, um, the last couple of years and those changes have in quite a fundamental way, uh, redrawn the map in this area. And, and they really matter, we’ll go through it, but they really matter, um, in two instances. First, when a company uncovers an issue, uh, with a potential criminal angle in the course of, um, an internal investigation. And so the changes we’re going to talk about are, are acutely important to how a company manages next steps in that context. Um, but there are also, um, of course changes that are very important when companies are facing the investigation by an external enforcement body. So that, that’s why the changes matter, um, and we’ll go through what those changes are.
Euan McMahon
Legal Director
Yeah, uh, I suppose an obvious first question is, how are companies actually held liable under Criminal Law?
Christopher Gribbin
Managing Associate
Well the issue is, um, a difficult one. Uh, it’s a pretty abstract question, when should a company be held criminally liable and, um, for a long time without wishing to go through the whole history, um, the answer is derived from a, uh, a 1971 case, a House of Lords case which established what, um, is known as the identification principle. Um, which required a prosecutor to determine the persons who represented the directing mind and will of the company. Those persons’ acts and their respective mental states can be attributed to the company in question. So at its simplest you had a position where if a, uh, CEO committed fraud through his role, uh, and the CEO could be shown to be the directing mind and will of the company then the company was liable just like the CEO was liable. So that was the position.
Euan McMahon
Legal Director
Right, and I suppose, as you say, that is at its simplest, it can be, it’s relatively straight forward I guess for smaller companies when there’s an obvious, um, controlling mind, directing mind and will but I guess a bit more complex and grey for the larger corporates when you’ve got sort of diffused management structures and like, varying levels of responsibility?
Christopher Gribbin
Managing Associate
Precisely, precisely. And this is, this is the issue that came to a head in, over the last decade or so and it, um, there is a significant prosecution at Barclays Bank Plc after the financial crisis.
Euan McMahon
Legal Director
Mm hmm.
Christopher Gribbin
Managing Associate
That was bought, you might remember it, it was bought by the Serious Fraud Office, they alleged that the directing mind and will of the corporate in that case for the purposes of the alleged fraud were the Group CEO, the Finance Director and the Executive Chairman of Investment Management in, uh, the Middle East and North Africa.
Euan McMahon
Legal Director
Yeah.
Christopher Gribbin
Managing Associate
So they were obviously on the face of it extremely senior people but the High Court found in 2018, that they did not have, um, full discretion in the circumstances of that case to act on behalf of the company such that they in fact did not represent the directing mind and will of the company. So it didn’t follow that the company should be held liable, um, for their actions. So the law still retains that old idea of identification principle. It’s still a mechanism by which liability can be established against a company, but the reality is, was, uh, that after the Barclays case in 2018 the threat of prosecution on that basis for larger corporates, which as you say will have diffuse management structures, sophisticated systems and so on, um, it made it much more difficult, uh, for a prosecutor to point to the directing mind and will such that the risk of, um, enforcement sort of fell away in practice, um, and theory. So there was this sort of consensus building that there had to be some change and in 2022 the Law Commission looked at the issue, um, and found that, uh, primary legislation was required. There was a need for legislative change and that lead to the reform of the law in this area through the introduction a new model of corporate criminal liability, um, at the very end of 2024, came into force at the very end of 2024.
Euan McMahon
Legal Director
Yep.
Christopher Gribbin
Managing Associate
Whereby liability may be established by reference to the actions in a company of a Senior Manager which means that an individual who plays a significant role in either the making of decisions about how the whole or a substantial part of the activities of the body corporate, or as the case may be partnership, I’m reading from the statute here, are to be managed or organised.
Euan McMahon
Legal Director
Yeah.
Christopher Gribbin
Managing Associate
Or, uh, certainly an individual who plays a significant role in the actual managing or organising of the whole or substantial part of those activities. So it is intended the new law, to capture both board level decision making, those who are making decisions about how the activities should be organised or managed.
Euan McMahon
Legal Director
Right.
Christopher Gribbin
Managing Associate
As well as the actions of those persons who are actually carrying out the management and organisation of those activities. So it’s a, it’s a, it’s a more, um, sophisticated test than what went before which was a bit of a blunt tool that had become, um, outdated. And it means that either category or persons could trigger liability for a company. Now there’s an important proviso to this, that as it stands, that reform is only in place for economic crime offences that are listed in a schedule to the relevant statute, which those offences include, uh, money laundering and fraud and bribery and tax evasion, um, all the economic crime offences that you may expect to find. Um, but they don’t include the, the balance of other criminal offences. Now, um, without going into, into too much speculation. As it stands at the moment there is a Bill before Parliament that would actually serve to, to expand and reform to all other offences. Um, and I think it is likely that we will see that but for the moment it’s just that that particular new model is just for, um, economic crime.
Euan McMahon
Legal Director
Right, so, so it doesn’t replace the old identification in principle but, but it’s a significant shift and one that it looks like will continue, to, to move?
Christopher Gribbin
Managing Associate
Yeah I think so, yeah, yeah. So it hasn’t replaced it entirely as it only covers economic crime, but, um, it means now that if there is some kind of financial wrong doing, that a company, uh, uncovers, it needs to weight whether that Senior Manager test is met and whether there is therefore risk of, um, corporate liability on that basis.
Euan McMahon
Legal Director
Right, okay. So, so that, that’s the law, uh, according to the statute on paper. Do you foresee or has it had, is it going to have a real impact in, in day-to-day practice?
Christopher Gribbin
Managing Associate
Well it is going to have a, a significant impact on practice yes. Um, I mean it, it’s important at the same time, um, to, to remember that it’s not the only model of liability, uh, that is available to prosecutors because the reality of what we’ve seen over the last 10, 15 years is that law enforcement had moved away from the traditional model of enforcement whereby the actions of individuals were attributed, um, to a company and towards a new model of liability following the introduction of a number of offences that turn on a company’s failure to prevent a, a criminal offence. Which is a separate model of liability to, to what we’ve looking at and that was first introduced in, um, uh, well, uh, 15, 16 years ago now with the Bribery Act 2010 and it’s sort of expanded to cover the facilitation of tax evasion through reform in 2027 and a, a further reform came into force last year, um, in respect of the failure to prevent fraud. Um, so it only covers those three offences, that, that model of liability failing to prevent, which is bribery, the facilitation of tax evasion and fraud and proviso footnote with fraud. It only applies to large companies, for, for the fraud events.
Euan McMahon
Legal Director
I was just going to say, and large companies, what do you mean by that?
Christopher Gribbin
Managing Associate
So it is the same definition that’s used elsewhere in, in some pieces of legislation. And it requires a company to meet two of the following three criteria, which is, um. more than 250 employees. Uh, a turnover in excess of 36 million or assets in excess of 18 million.
Euan McMahon
Legal Director
Mm hmm.
Christopher Gribbin
Managing Associate
Um, I mean, in very simple terms, as, as a model of liability, it means that companies face, um, or are exposed to liability when someone who is performing services for or on behalf of the company. So classically an employee or a consultant.
Euan McMahon
Legal Director
Yeah.
Christopher Gribbin
Managing Associate
Commits one of those offences, um, and unless the corporate can show they had in place adequate or reasonable procedures to mitigate the risk of that offence, um, the company is liable. So, I mean it has been a very successful model, um, the question of what are reasonable procedures…
Euan McMahon
Legal Director
Yeah.
Christopher Gribbin
Managing Associate
…is, um, a bit wider than this webinar but it’s, it’s the subject of, of government guidance for all three kinds of offences that are in scope for the failure to perform models. So bribery, facilitation tax evasion and, and fraud. But fundamentally it’s about understanding the risks in scope and considering how best to deal with those risks, um, to mitigate them.
Euan McMahon
Legal Director
Right. And you, you said it has been a successful model. Why do you say that? In what way has it been successful?
Christopher Gribbin
Managing Associate
Yeah, it has, it has been an extremely successful model for prosecutors to establish liability. Um, I think in two ways. First, because it, it served to mandate a culture of compliance, for example, with anti-bribery measures which I think most of us, um, probably, um, on this webinar will be able to attest to, um, it will bear witness to in our professional lives. There is this baseline of, of, a compliance culture with anti-bribery…
Euan McMahon
Legal Director
Yeah.
Christopher Gribbin
Managing Associate
…measures. And, um, and that is really the stated intention to an extent of the failure prevent model. It is, um, it’s a feature not a bug that, uh, the compliance measures should be put in place and that the, there should be a, um, an uplift in those measures across industry. And the second reason I think it’s been successful is because it simply has proved in very straight forward mechanism for, uh, prosecutors to, uh, deploy because it effectively shifts the burden to the company which is then, once an associated person has been, um, identified as committing an offence, the burden is then on the company to show that it had in place, um, reasonable procedures. So it’s, it’s much easier than, um, methods gone by in the past. That said, there’s an important caveat to that which is that the success to date has, uh, almost exclusively been in respect of the bribery offence. We’ve had very limited, um, success from prosecutors or enforcement bodies around the facilitation of tax evasion offence which to an extent is understandable, given its more niche nexus. Um, but the, the offense that’s just come into force, the failure to prevent fraud offence, that only came into force as of last September, um, and so we’ve not really seen, I mean we haven’t seen, uh, any enforcement activity in respect of that yet. Um, but it does follow a large amount of lobbying, um, for the extension of the model in that, uh, to cover fraud it was described at one point by a former director of the SFO as being on her wish list. And the expectation, um, we see if this is right or not, is that prosecutors will want to, to use the offence and show that, um, it has filled, uh, a gap and it is a tool that they are able to use to good effect in the same way they have with the, the bribery offense in particular.
Euan McMahon
Legal Director
Uh huh. You’ve, um, you raised I think, mitigating risk in terms of doing that. What, what steps should companies be taking in terms of I guess, uh, preventative measures and, and when an issue comes to light?
Christopher Gribbin
Managing Associate
So in terms of preventative measures, the, the failure to prevent model is really intended as I said, specifically, it’s designed to encourage companies to think about those risks in advance of any wrong doing and to ensure that ensure that they’ve put in place the necessary, uh, risk prevention, uh, procedures, systems, controls that they should have in order to mitigate their particular risks such that they can down the line if they need to rely on, um, those measures for the purpose of the defence. So as, as mentioned, the government have published guidance for each of the different offenses. The guidance is slightly different, um, for each of the offenses, but the key thing cutting through all of them, um, inevitably, is to have a risk assessment in place that properly scopes out in the particular areas of risk, uh, for, um, that particular corporate. And that’s a process that can be conducted in, in various different, um, ways, anything from a desktop review through to speaking to people, um, and that can be done by, um, in writing by questionnaires or by interviews with people who are, um, have responsibility for different parts of the business. It’s, um, it is a, a bespoke process to an extent, but the point is to get in a position where you’ve, um, you have crossed the areas of risk, and that will then form the, the measures you are able to put in place. But, but setting aside the sort of preventative measures, that compliance angle, um, that a company should, should be focussed on, the way that the reform of the, both the identification principles, so the senior manager, um, test that we now have, uh, and the expansion of the failure to prevent model, in the way that we have been discussing. The way that that will really impact companies down the line is about what they should do when an issue comes to light and the…
Euan McMahon
Legal Director
Mm hmm.
Christopher Gribbin
Managing Associate
…exposure that they’ll have then, um, and we’re only just starting to see that happen in practice with the most recent reforms that we’ve, we’ve been discussing. The nature of the changes is that they aren’t retrospective. So they only apply to conduct after the law comes into force. So for senior managers that’s the very end of 2024 for the failure to prevent fraud offence, that’s September last year. So going forward, since the 1st September, if a company uncovers a fraud of some kind that ticks the boxes so it’s intended to benefit the company, it’s by a person performing services for or on behalf of the company, then that company is now fixed in a way that it wasn’t before the 1st September with potential criminal exposure. And it will need to consider how to, um, resolve that issue.
Euan McMahon
Legal Director
Mm hmm. And, and, uh, when you say resolve the issue, what do you mean by that? What should, what should a company be doing?
Christopher Gribbin
Managing Associate
Well, there were, uh, when I say resolve the issue, there are really two, two things and they are connected to an extent. Um, one is about taking remedial steps to, to correct course, to correct the position to ensure that the systems that you had in place, that have apparently failed, um, work going forward. Uh, and perhaps to, uh, exit the relevant persons and, and make adjustments, uh, in that respect. And the second thing is, is a more difficult issue which is about how to manage the issue of the exposure that you, you’re then fixed with the, the enforcement risk. Because what we’ve been talking about here is, is what happens when the actions trigger liability for the company. That’s what we’re, we’re concerned with and there are really two ways in which that come to the attention, uh, as in the potential liability can come to the attention of, of a prosecutor. Um, the first is a third party tells an enforcement body, and the second is that the company tells the enforcement body, um, first. And, uh, both of those things are, are in a bit of a state of flux, that, that they’re changing, or starting to change. In respect of the latter, what is known as self-reporting when a company goes to, uh, a prosecutor enforcement body. Um, in 2012, so a significant period of time ago now, the UK introduced what are known as, uh, deferred prosecution agreements of DPAs. They are effectively boil down, uh, a deal between a prosecutor and a company with the approval, uh, of the Courts. Or the deal is approved by a Court, um, whereby a potential prosecution is deferred subject, um, to, to various conditions including the payment of a fine. And they were introduced more or less contemporaneously with the, the introduction of failure to prevent model. And they’ve met with success, um, in the same way. So we’ve seen a number of DPAs founded on the basis of Bribery Act, um, violations. Uh, and, and what we have seen since then is that that initial enthusiasm for self-reporting has, uh, waned. And there have been fewer and fewer companies that have taken that step of self-reporting with this con, constant decrease in DPAs. Um, the SFO now have not concluded a DPA since 2021. That’s 5 years. The Crown Prosecution Service, um, they’ve only ever concluded one DPA and that was in 2023, um, that’s now 3 years ago. They haven’t concluded one since then. So the absence of self-reporting obviously makes life more difficult for prosecutors seeking to, to enforce against companies. Um, in terms of steps they’ve taken, uh, to remedy that last April, the Serious Fraud Office, um, put out new guidance which was specifically on the issue of corporate corporation, uh, and enforcement and that set out a, a number of things. But it set out a presumption that going forward, uh, from that date the SFO committed to, would commit to offering, um, DPA negotiations. So inviting the company, um, in to seek to negotiate, uh, a DPA to resolve an issue for any company that, that self-reported, um, with a small proviso that unless exceptional circumstances, um, apply. So that was intended specifically to reassure corporates and to effectively encourage self-reporting as a product of that. And, and the other, the rest of the guidance, I won’t go into it now, but it includes similar measures along, um, stuff like timelines and a more prescriptive approach to the process, which is what, um, there was nothing of that kind to the same effect, um, before then.
Euan McMahon
Legal Director
Mm Hmm. And if, if kind of notwithstanding that they don’t self-report.
Christopher Gribbin
Managing Associate
Well, yeah. So, self-reporting carries, uh, obvious risk.
Euan McMahon
Legal Director
Mm hmm.
Christopher Gribbin
Managing Associate
Uh, and so at the same time as there’s sort of been this, um, encouragement through this guidance, there’s also been increasing focus on what measures can be put in place, what reforms can be realised to increase the risk of not self-reporting. So the risk that a third party will get there first. Um, and in particular, there’s been focus on the potential incentivisation of whistle blowers as a solution. It’s something which the United States, um, has used for years to, uh, great effect. Um, but it’s not something that’s been embraced historically for various reasons here in the UK but that is, um, changing and the SFO have, uh, publicly said they want to see some form of whistleblowing incentivisation, um, bought forward which would change the sort of, uh, risk pictures significantly I think.
Euan McMahon
Legal Director
Yeah.
Christopher Gribbin
Managing Associate
Um, the devil, of course, is going to be in the detail, um, and as it stands the issue is subject to, um, review and there is a report that was submitted only last week, last Wednesday, uh, to the Home Secretary following, um a review taking place through the last calendar year by, uh, Jonathan Fisher, KC.
Euan McMahon
Legal Director
Mm hmm.
Christopher Gribbin
Managing Associate
Alongside other aspects of fraud enforcement but a lot of the, um, a lot of the, uh, the focus, uh, or the expectation around, around that report are, is around what, uh, it will say about the incentivisation of whistleblowers going forward. We don’t even have the report yet, much less the government’s response to it but, but what comes out of that is going to be critical for how, uh, for the future direction of, of travel in terms of risk for companies if they, if they don’t, um, self-report if they find an issue.
Euan McMahon
Legal Director
Uh huh, yeah and I suppose if, if whistleblowing incentivisation is introduced, I mean it may be obvious but we can probably expect a relevant uptake in reporting so I guess all the more reason to make sure appropriate policies and procedures and everything else are in place.
Christopher Gribbin
Managing Associate
Completely, yeah, uh, exactly. They go hand in, uh, hand in hand, um, in the future.
Euan McMahon
Legal Director
Right well thank you very much, um, for that Chris. We’ve, I think we’re just about at our time limit so we will end episode 5 of our series there. Um, as I mentioned at the top of the episode, we are going to continue to delve into various aspects of investigations in the coming sessions. The next session will be in, uh, April, so, um, look out for that invitation closer to the date. Um, and in addition, uh, just so you are aware, Mishcon will be hosting an Inside Investigations Conference on the 24 June so if that sounds like something that is of interest to you, uh, there will be a link to register interest in the follow up email. Um, thank you very much for joining me Chris, uh, thank you all for, for watching and we will see you on the next session.