The Economic Crime and Corporate Transparency Act (the Act) received Royal Assent on 26 October 2023 and it makes a major change to the threshold for attribution of criminal liability to corporate entities and partnerships, a test sometimes referred to as the "identification doctrine". The new legal test comes into effect from 26 December 2023 and means it will be easier for businesses to be prosecuted and held liable for the acts of senior managers within their organisation.
Currently, a corporate entity will only be liable for criminal conduct by a person who acts as its "directing mind and will". That test has been lamented by law enforcement authorities for being too narrow with the SFO complaining in 2018 that it was "hamstrung" by it when it came to securing corporate prosecutions. The Act replaces the current, common law test with a new statutory test for certain economic crime offences, which are listed in a schedule to the Act. The effect is that criminal liability can be attributed to a corporate if a “senior manager […] acting within the actual or apparent scope of their authority” commits a "relevant offence", which includes fraud, false accounting, false statements by directors, tipping off, tax evasion, bribery and others. Whilst it only covers economic crime at the moment, the Criminal Justice Bill, proposed in the King's Speech, would broaden the new test further, to all criminal offences.
How is the test for corporate criminal liability changing?
The current "directing mind and will" test was established over 50 years ago in Tesco Supermarkets Ltd v Nattrass [1972] AC 153 and requires that the conduct in question was carried out by someone with the necessary authority to constitute the directing mind and will of the organisation. Lord Hoffman sought to provide additional clarity on the test in Meridian Global Funds Management Asia Ltd v Securities [1995] 2 AC 500 where he articulated the test as requiring an assessment of "whose act (or knowledge, or state of mind) was for this purpose intended to count as the act of the company".
Over the past 20 years, the test has been considered in multiple civil cases where judges have grappled with the interpretation of the test and discussed whether concepts of "senior management" and "relevant responsible directors or employees" might be more fitting. The Government's impact assessment (published in June 2023) set out its view that the test is too narrow and does not reflect the modern reality of decision-making in complex corporations. The Government also expressed its concerns that the test may unfairly target smaller companies where it is easier to identify a "directing mind and will" compared to larger companies with more directors and more complex governance structures.
Turning to the new test, the Act defines a "senior manager" as an individual who plays a "significant role" in:
- the making of decisions about how the whole or a substantial part of the activities of the body corporate or (as the case may be) partnership are to be managed or organised or
- the actual managing or organising of the whole or a substantial part of those activities.
The Explanatory Notes to the Corporate Manslaughter and Corporate Homicide Act 2007 (from which the definition of "senior manager" in the Act is taken) also explain that this covers both those in the direct chain of management as well as those in, for example, strategic or regulatory compliance roles. The intention is that this will involve considering not just an individual's job title, but what their roles and responsibilities are within the organisation i.e. the level of managerial influence they might exert.
Whilst we can expect disputes over what the definition of "senior manager" really means (including in relation to what constitutes a "substantial part" of a corporate's activities), this new test aims to make it easier to prosecute companies for a "relevant offence" by expanding the pool of people whose conduct could result in criminal liability being attributed to a company.
There are also likely to be disputes about whether a senior manager was acting within the actual or apparent scope of their authority. It seems likely that there will be more cases considering whether a senior manager was acting within the "apparent" scope of their authority (given it seems unlikely that committing fraud would ever be within the "actual" scope of authority). Determining whether a senior manager was acting within the "apparent" scope of their authority will require a highly fact sensitive assessment of the nature of their work and the business expectations in relation to their performance of that work. This will likely include considering whether they are held out by the corporate entity as having authority to act on its behalf in relation to the matters or transactions which gave rise to the relevant offences, and in practice is likely to involve a strong consideration of context and the policy behind the extension of liability.
Extra-territorial scope
The reform to the "identification principle" will apply to both UK and non-UK corporates or partnerships and is of broad territorial scope because it will apply if: (i) an act or omission forming part of the "relevant offence" took place in the UK, which (in many cases) can include the harm being suffered in the UK; or (ii) the corporate or partnership would be guilty of the "relevant offence" in the location where the act took place even if this is not within the UK.
Who will this affect and how can companies prepare?
The "senior manager" test will apply to all corporates or partnerships and so companies of all sizes would be well-advised to ensure that they conduct a review to identify the senior managers within their organisation (which is a test of substance over form), review the risks attaching to their activities and responsibilities, including the scope and limits of their authority, ensure appropriate procedures are in place (which might involve eg ensuring that more than one senior manager has to sign off on certain activities), regular communication regarding standards of conduct and ensuring that economic crime awareness training is conducted throughout the organisation.
The Act is also bringing into force a "failure to prevent fraud" offence. Whilst this will not apply to small and medium organisations, large organisations (those which meet two out of three of the following criteria: over 250 employees, turnover of £36 million+ and assets of £18 million+) will therefore need to ensure that their policies and procedures (including training) are updated to address this new offence. That process may well form part of the same exercise as the review they carry out for the purposes of dealing with the changes to the "identification doctrine".
