Corporate Compliance and Economic Crime in the UK: the Economic Crime and Corporate Transparency Act and the extension of the identification principle

by Roberta De Paolis

On 26 October 2023, the Economic Crime and Corporate Transparency Act (ECCT) became law in the UK. It implemented a radical overhaul of the existing regulatory framework in the fight against economic corporate crime. On this point, the most significant changes concern the expansion of the so-called ‘identification doctrine’ – the primary model for attributing criminal liability to legal persons – and introducing the new offence of ‘failure to prevent fraud.’

While the expansion of the identification doctrine became law on 26 December 2023, the offence of ‘failure to prevent fraud’ will come into force between the end of 2024 and the beginning of 2025, following the publication of the Guidelines by the UK Home Office. Both measures are designed to complement each other and increase the likelihood that businesses can be successfully prosecuted and thus sanctioned for a wide range of economic crimes.

Before proceeding to a brief examination of the changes introduced by the 2023 legislature, it is worthwhile to summarise how a company can be prosecuted for a criminal offence committed by someone acting on its behalf under UK law:

1. through vicarious liability, which provides for a form of strict liability of the company for regulatory offences committed by its employees. More specifically, regulatory offences can be framed as ‘regulatory offences provided for the regulation of certain spheres of social or commercial activity’ and are, therefore, often prosecuted by specialized regulators.

2. through the legislative activity of Parliament, by introducing criminal offences targeted explicitly at companies and which are built on the mechanism of ‘failure to prevent’, such as the Corporate Manslaughter and Corporate Homicide Act 2007, the Bribery Act 2010, the Criminal Finances Act 2017, which provide for the liability of companies in the absence of adequate control measures aimed at preventing, respectively, the death of a person, bribery offences and tax evasion. 

3. through the doctrine of identification, which provides that corporations can only be prosecuted for criminal offences if it can be proved that the person who committed the crime (a) possessed the mens rea required to integrate the criminal offense and (b) acted as the ‘directing mind and will’ of the enterprise. In other words, the enterprise and the natural persons are considered a single entity whenever those who benefit from a delegation of responsibility and power (such as directors and controlling officers) engage in unlawful conduct and have the mental state required by the criminal offence.

As is evident, excluding vicarious liability cases and those provided for in specific legislative provisions, the identification doctrine represents the primary model for attributing criminal liability to companies. However, it presents several critical issues. First, the identification doctrine is well suited to small companies. In contrast, in the case of large companies with numerous levels of management, it is difficult to identify the specific individual who embodies the will of the company and satisfies the degree of guilt required by the criminal offence. Moreover, it should be noted that this imputation mechanism ignores that the reality of modern corporate decision-making processes is often the product of policies and procedures rather than individual decisions.

Secondly, the doctrine of identification not only operates unfairly between large and small companies but is also, conversely and paradoxically, overly inclusive to the extent that it risks holding a company liable even though a senior manager has acted independently and contrary to company policy itself.

 Ultimately, applying the identification doctrine in the fashion established in the English common law, represented an obstacle in prosecuting economic crime offences. Therefore, the English legislature implemented a series of changes to provide prosecutors and law enforcement authorities with new tools against economic corporate crime.

 In this sense, and as anticipated, the Economic Crime and Corporate Transparency Act 2023 not only introduces a new offense of ‘failure to prevent fraud’ but replaces the doctrine of identification established in the common law tradition with the so-called ‘senior manager’ test.

In the first respect, the offence of ‘failure to prevent fraud’ affects ‘large organizations’ (with a turnover over £36 million; a total budget over £18 million; and a total number of employees over 250) where:

 (a) an ‘associate’ has committed a fraud offence,

(b) for the benefit of the company or any person to whom services are provided on behalf of the company; and

(c) the company had not adopted reasonable procedures to prevent fraud (unless it was reasonable to expect that such procedures were in place).

Furthermore, the offense in question will be deemed committed by the relevant entity even if the natural person is an employee of a subsidiary undertaking or a person performing services for or on behalf of the relevant entity.

On the other hand, the UK legislature introduced a new mechanism to hold companies accountable for the actions of their senior managers- the so-called ‘senior manager’ test. Under this reform, a company can be held criminally liable if (a) a person ‘acting within the actual or apparent scope of his authority’ (b) commits a relevant economic offense. More specifically, a senior manager is an individual who, irrespective of the formal title held within the company, performs a significant activity that takes the form of 1. making decisions on how the whole or a substantial part of the activities of the legal entity or (as the case may be) the partnership should be managed or organized; or 2. actually managing or organizing the whole or a substantial part of those activities.