The Economic Crime and Corporate Transparency Act

Answer

It’s difficult to quantify the impact of corporate and economic crime – fraud alone was estimated to have caused losses of £1.17 billion in the UK Finance Annual Fraud Report 2024. The government has come under increasing pressure to tackle economic crime – the February 2022 treasury committee report concluded that the government wasn’t making corporate crime enough of a priority. Subsequently, the economic crime plan 2 (2023–2026) was introduced by former Prime Minister Rishi Sunak’s government. The plan has three key aims:

• reducing money laundering and recovering more criminal assets;
• combatting kleptocracy and driving down sanctions evasion; and
• cutting fraud and other forms of economic crime.

It’s hoped that the introduction of the Economic Crime and Corporate Transparency Act 2023 will support these aims. The act has been described as aiming to “bear down further on kleptocrats, criminals and terrorists who abuse our financial system, strengthening the UK’s reputation as a place where legitimate business can thrive, whilst driving dirty money out of the UK”. The act introduced several key changes, such as:

• an extension of the identification doctrine for certain criminal offences;
• a new “failure to prevent fraud” offence;
• new crypto-related enforcement powers;
• new Serious Fraud Office (SFO) powers;
• new Companies House powers; and
• amendments to the Register of Overseas Entities.

For the purposes of this article, I’ll focus on the new failure to prevent fraud offence and the extension of the identification doctrine.

Attributing criminal liability to corporates

Corporate organisations can commit criminal offences both via their actions (or the actions of their agents) or by inaction. The most common bases on which corporations can be found criminally liable are via:

• strict/vicarious liability offences;
• the “identification doctrine”, where somebody representing the “directing mind and will” of the corporation is found to have had the requisite criminal state of mind; and
• (newer) “failure to prevent” offences.

The identification doctrine

Where a corporation is alleged to have committed a crime, it’s not always clear whose acts (eg, a false representation) or whose state of mind (eg, dishonesty) should be attributed to the company. This conundrum has typically been addressed via the English law “identification doctrine”.

The origins of the identification doctrine can be traced to the case of Lennard’s Carrying Co Ltd v Asiatic Petroleum Ltd, which related to a ship transporting goods for Asiatic Petroleum Co. that sank due to a fire caused by defects in its boiler. The court considered whether the company should be held liable for the negligence of its director and owner, Lennard, who knew or should have known about the defects. The court held that Lennard was the “directing mind and will” of the company and, therefore, the organisation could be held liable for the negligence of its director. This principle developed over time to allow an organisation to be convicted for a criminal offence where one of its “directing minds” had committed that offence. In Tesco Supermarkets Ltd v Nattrass, the identification doctrine was described as being applicable where an employee is “an embodiment of the company”.

Historically, this “directing mind and will” or “embodiment” has been limited to very senior members of an organisation, (often, but not always, a director or a member of the board) so it has been difficult for the courts to hold organisations to account, particularly large corporations where management responsibilities are delegated across many individuals.

The weaknesses of the doctrine were particularly evident in the failed prosecution of Barclays following the financial crisis for conspiracy to defraud. Barclays successfully argued that the CFO and CEO didn’t represent the “directing mind and will” of the bank, such that their actions and state of mind could not be attributed to Barclays. This was because those individuals, while senior executives, didn’t have “full discretion” or “entire autonomy” to complete the deal in question without final sign off from Barclays’ board. This case emphasised the challenge in applying the existing identification doctrine, particularly to large organisations with complex governance structures.

How has the identification doctrine been modified by the act?

The act has modified the identification doctrine for certain specified “economic” offences. For such offences, the prosecution doesn’t need to identify the directing mind and will of a corporate defendant; it need only identify a senior manager who has committed the relevant crime when acting within the actual or apparent scope of their authority. Senior managers can be any individuals who play a significant role in:

• making decisions about how the whole or a substantial part of the organisation’s activities are to be managed or organised; or
• managing or organising the whole or a substantial part of those activities.

This represents a significant extension of the identification doctrine and has applied to all commercial organisations, irrespective of size, since 26 December 2023. This aligns the UK’s approach more closely with that US, which instead has the ‘respondeat superior’ doctrine, which allows a company to be held liable for the actions of agents at all levels.

The government is already considering a further extension of the scope of this new “senior managers” test beyond economic crimes. Section 130 of the Crime and Policing Bill would allow the “senior manager” approach to attributing criminal liability to corporates for all criminal offences.

What can organisations do to prepare for the extension of the identification doctrine?

To manage the risks associated with the extension of the identification doctrine, organisations should:

• identify individuals who meet the definition of a “senior manager”;
• review and update their policies, guidance and training materials; and
• consider their approach to monitoring and reporting instances of misconduct.

What does the introduction of the failure to prevent fraud offence aim to do?

The act has also introduced a new failure to prevent fraud offence. This new offence will come into force on 1 September 2025. Under the new offence, a corporate or partnership which is a “large organisation” will be liable where an “associate” (which term will include employees, agents, subsidiaries and their employees and anyone else who performs services for or on behalf of the organisation) commits specified fraud offences for the organisation’s benefit (whether directly or indirectly). A corporate or partnership meets the definition of a “large organisation” if it satisfies two or more of the following:

• having more than 250 employees;
• having more than £36 million turnover; and
• having more than £18 million in assets.

This offence will apply to any large organisation doing business in the UK, irrespective of its domicile, if the underlying fraud involved a UK nexus.

However, where a relevant fraud has been committed, an organisation will have a complete defence if it can prove that, at the time the fraud offence was committed:

• it had in place procedures to prevent associates from committing fraud offences as it was reasonable to expect (reasonable prevention procedures); or
• it wasn’t reasonable in the circumstances to expect it to have any prevention procedures in place.

The government hopes that the implementation of this offence will encourage organisations to improve their fraud prevention measures and allow for organisations to be held accountable if they profit from the fraudulent actions of their employees.

What can organisations do to prepare for the failure to prevent fraud offence?

The government’s failure to prevent fraud guidance outlines six guiding principles for organisations to consider when reviewing their anti-fraud programmes to avail themselves of the “reasonable prevention procedures” defence:

1. Top level commitment. Senior management must take a role in fraud prevention and foster a culture within the organisation in which fraud is never acceptable.
2. Risk assessment. The expectation is that organisations will conduct assessments to identify their specific fraud risks. The scope of an assessment will vary but the guidance suggests that a starting point may be to identify persons who may be an “associate” of the organisation (for the purposes of the offence) and the circumstances under which those associates could attempt a fraud.
3. Proportionate risk-based prevention procedures. Organisations should draw up a fraud prevention plan, the scope of which should be proportionate to the level of risk identified in their risk assessment.
4. Due diligence. Linked to the above, organisations will need to consider and apply due diligence processes on persons who perform or will perform services for or on their behalf (ie, their associates).
5. Communication, including training. Organisations will be expected to ensure a clear articulation and endorsement of their anti-fraud policies, with appropriate communication from all levels within the organisation.
6. Monitoring and review. Organisations should regularly monitor and review the effectiveness of their fraud prevention measures.

Will these new measures help the government achieve the aims set out in the economic crime plan 2?

The new failure to prevent offence is intended to encourage organisations to promote transparency and to act with integrity. As fraud makes up such a significant proportion of the offences committed in the UK every year, it’s a key area of concern for the government.

The extension of the identification doctrine aims to address the weaknesses of the earlier regime and allow the SFO and other bodies to more readily prosecute organisations.

The act also introduces a range of broader investigatory and prosecutorial powers for Companies House, the National Crime Agency and the SFO to utilise. However, it remains to be seen how effective these powers will be in practice.

Final thoughts

The act represents a significant shift in the landscape of corporate crime and regulation. By introducing the new offence of failure to prevent fraud and by extending the identification doctrine to include senior managers, the act aims to hold organisations accountable for fraudulent activities and encourage them to implement robust fraud prevention measures. It also helps to clarify what had become a complex and fractured landscape, as a result of inconsistent application of principles in case law. The government hopes that these changes will strengthen the UK's reputation as a place where legitimate business can thrive, while driving out dirty money.

Further reading

To learn more about the new Economic Crime and Corporate Transparency Act and the failure to prevent fraud offence and what it might mean for organisations please see the articles below:

• New approach to corporate criminal liability and new offence of failure to prevent fraud.
• Failure to prevent fraud: New Year’s resolutions for corporates.
• UK government publishes guidance on the new corporate criminal offence of 'failure to prevent fraud'.

This article is intended to provide a general overview of the new failure to prevent fraud offence. It doesn’t constitute legal advice and the information contained in this article should not be construed as legal advice.

Charlotte Colvin is a trainee solicitor at Burges Salmon LLP.