In the following guest post, the authors examine two specific provisions of the new U.K. Economic Crime and Corporate Transparency Act 2023. The two provisions the authors examine are the Act’s new corporate offense of “failure to prevent fraud” and the reformed “identification principle.” The authors of this guest post are Mark Sutton, Partner at the Clyde & Co law firm, Leah Barratt, Senior Associate at Clyde & Co, and Frederica Johnston, trainee solicitor at Clyde & Co. A version of this article previously was published as a Clyde & Co client alert. I would like to thank the authors for allowing me to publish their article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is the authors’ article.
********************
The Government’s promised crackdown on economic crime looks set to become a legislative reality through the introduction of the U.K. Economic Crime and Corporate Transparency Act (the “Act”). Two of its most heralded provisions include the new corporate offence of “failure to prevent fraud” and a reformed “identification principle”. Together, they represent the cornerstone of the Government’s policy to increase the criminal accountability of corporate entities. The new U.K. Act received Royal Assent on 26 October 2023 and the reforms to the identification principle will take effect this Boxing Day, 26 December 2023.
Following our previous article, we discuss below these two key changes brought about by the Act, what the reforms to the identification principle mean in practice, and the Act’s wider implications for entities and their insurers.
The failure to prevent fraud offence
What is the latest update?
In our first article, we explained that the new corporate offence aims to tackle fraud by holding organisations liable if their employees commit a fraudulent act with a view to the organisation itself benefitting. There was intensive debate between the House of Commons and the House of Lords as to which organisations should fall within the scope of the offence. The argument for broader application, to encompass smaller entities as well, was that fraud is indiscriminate: it can be committed by anyone, at any time, irrespective of an organisation’s size or resources. The opposing view was that bringing small or medium-sized enterprises (“SMEs”) within scope would expose those entities to an unfair administrative burden in terms of the added requirements to assess compliance risks under the Act.
The decision ultimately turned on the intended purpose of the offence, which was to improve accountability in larger, more complex organisations. The offence therefore only remains applicable to large organisations, being bodies which satisfy at least two of the three following criteria:
- more than £36 million in turnover;
- more than £18 million balance sheet total; and/or
- more than 250 employees.
However, whether the offence should apply to small and medium-sized organisations still remains under the microscope: the Government has promised to keep the threshold for the offence under review and it has included a delegated power within the Act with which to modify or remove the SME threshold in the future.
How can organisations prepare for the arrival of the new offence?
An organisation will have a defence if it can prove that it either had “reasonable procedures” in place to prevent fraud, or that it was reasonable not to have such procedures (such as where the risk of fraud is extremely low). The effective development and implementation of internal “reasonable procedures” to prevent fraud from taking place will therefore be critical to the new offence’s impact.
The Government has promised to provide guidance on what “reasonable procedures” might look like and we expect this during the first part of 2024. Whilst we await publication of this guidance, the commentary set out in our preceding article remains unchanged. Organisations must undertake extensive risk assessments and review their current fraud prevention practices to determine whether their anti-fraud policy is up to scratch or in need of improvement.
Reforms to the identification principle
The changes brought by the new Act do not end with the introduction of the failure to prevent fraud offence. One of the Act’s most instrumental cultural reforms is, arguably, the development to the identification principle which will come into force on 26 December 2023.
What is the identification principle?
The identification principle is a common law test which for years has only allowed liability to attach to the organisation itself if the offence was committed by an individual representing the “directing mind and will” of that organisation.
The principle has long faced widespread criticism. The company’s “directing mind and will” has usually been restricted in the UK to directors and senior officers. This has meant that it has been difficult to prosecute larger organisations where the relevant decision-making is apportioned between several individuals across different divisions of the business.
How has the identification principle been amended?
Under Section 196 of the Act, an organisation will now be criminally liable when a “senior manager” has committed the offence. A “senior manager” is defined as being an individual who plays a significant role in:
(a) the making of decisions about how the whole or a substantial part of the body corporate’s activities are to be managed or organised; or
(b) the actual managing or organising of the whole or a substantial part of those activities.
This definition will take into account the relevant individual’s roles and responsibilities within the organisation and their decision-making powers (rather than just their job title). The effect of this is to widen the pool of people who can be caught by the identification principle and with it, the number of individuals who will be capable of attributing criminal liability to their organisation. Larger entities will therefore be well advised to consider whether mid-level managers and any other employee ranks could be considered a “senior manager” under the identification principle. If they are, entities may wish to reflect on whether any training is necessary to help them understand their new exposure.
For now, these provisions only apply to the economic crimes listed in Schedule 12 of the Act, which include offences of bribery, fraud and false accounting. However, further change may be on the horizon: the reforms tabled by the Criminal Justice Bill are likely to extend the identification principle yet further.
The Criminal Justice Bill makes provision for corporate liability where a senior manager commits an offence whilst acting in the scope of their actual or apparent authority, for any crime. The Criminal Justice Bill therefore goes further than the Act, which is confined to economic crimes. This means, in simple terms, that prosecutions for any criminal offences committed by senior managers in the course of their employment could be attributed to the organisation, if the Bill is enacted.
What is the geographical scope of the reformed identification principle?
Unlike the failure to prevent fraud offence, the reformed identification principle will apply to all corporate bodies and partnerships established in the UK. A further distinction is that an organisation will not be liable for a relevant offence if the act or omission in question was carried out outside of the UK, unless the organisation would be guilty of the offence in the overseas country where it was committed.
What will the penalty be for corporations?
If a corporation is criminally convicted under the reformed identification principle, it will face a fine. The maximum fine will vary depending on the particular offence, but corporates risk an unlimited fine for the most serious of crimes. The individuals who are guilty of the same offence can also be subject to a criminal conviction and other penalties.
What are the consequences for the insurance industry?
As we foreshadowed in our previous article, it would be advisable for insureds, brokers and insurers alike to evaluate carefully their D&O and/or civil liability policy wording. Key points to consider might include the “Insured Persons” definition, the policy’s conduct exclusion, and the coverage triggers for pre-/investigation costs.
To reflect the new exposures which senior managers will face under the reformed identification principle, insured entities may also want to ensure that anyone who could be considered a “senior manager” under the reformed identification principle has cover under the entity’s management liability policy. This means that insureds will need to examine the scope of the Insured Persons definition and confirm whether it extends cover to employees who carry out a senior management function (rather than merely directors and officers of the entity) if that is what is desired by the organisation.
In addition, insureds and brokers may wish to review the policy’s limit of indemnity to ensure it is sufficient to account for the increased exposure that the changes to the identification principle may bring about.
Of course, the new exposures to entities and individuals do not stop there. If the further reforms to the identification principle sought by the Criminal Justice Bill are enacted, any criminal offence committed by senior managers acting in their capacity as such could be attributed to the organisation. The question that naturally follows is whether this exposure is a risk that entities are willing to bear themselves or whether there is a need for the organisation to procure appropriate cover from their insurers for this risk.
Whichever way those questions are answered, it is clear that with the failure to prevent fraud offence poised to come into force in 2024, insureds, brokers and insurers need a strong grasp of how their policies will respond to claims stemming from the new offence because it is only a matter of time before insurers will be called upon to support their clients.
Conclusion
The enactment of the Economic Crime and Corporate Transparency Act indicates the UK Government’s desire to build a strong legislative framework to hold large organisations to account for corporate crime. Large organisations face a greater exposure for their employees’ actions and during the first part of 2024, large entities should take steps to evaluate whether they have reasonable procedures in place to prevent fraud prior to the Act coming into force. In the meantime, the reforms to the identification principle will take effect from 26 December 2023 and as is traditional on Boxing Day, employees might once again look to their employer for a festive bonus. This year, senior managers, in particular, may get more than they bargained for.