Imagine your boss being criminally liable for your actions, even if they had not authorised you to carry them out. Imagine, as a company director, being criminally responsible for an employee’s actions even if you were unaware what they were up to or had even expressly prohibited the behaviour in question. UK prime minister Theresa May’s proposed criminal finance bill brings both these scenarios into play.
The bill seeks to make companies and directors criminally responsible for failing to prevent money laundering, false accounting and fraud by employees. It is central to May’s high-profile plan to curb “boardroom excess” and improve corporate governance in UK companies, but it raises significant questions for company and criminal law.
Due to the twin concepts of corporate personality and limited liability, a company is an entity in itself, distinct from its shareholders, and its directors and employees. In company law, personal liability occurs in rare circumstances of what the legal profession terms “piercing the corporate veil”—ignoring the distinct personality of a company and holding the shareholders or the directors personally liable for corporate actions and omissions. This can happen in cases of fraud.
An underlying principle of criminal law is that the perpetrator of an action or omission is responsible for it. This is fairly clear for individuals. It is, however, complicated when companies are involved.
As it stands, a company is an artificial entity, acting through humans who are insulated from its liabilities. But which actions are attributed to the company and when are individuals disallowed from avoiding personal responsibility?
Traditionally, corporate criminal responsibility arises only if individuals act as the company. The so-called “identification doctrine” is often a device to prevent corporate liability by limiting it mainly to the actions and omissions of senior management. They are regarded as the corporate “directing mind”.
The knowledge of a managing director when there is a failure to file statutory notices would normally be attributed to the company. So, in theory, a company might want an individual occupying a low-level position to be saddled with responsibility to avoid huge liabilities for the company itself.
Corporate responsibility, however, does not remove a director’s criminal responsibility for acting fraudulently, including stealing from the company. At the moment, though, under the Companies Act 2006, it is rare to find directors taking criminal responsibility for actions undertaken on the company’s behalf. Directors are not responsible for the actions of other people, including employees in their control, unless they have aided and abetted the offence.
Prevention or cure?
Pioneered in the Bribery Act 2010, “failing to prevent” is an emergent concept of criminal responsibility that penalises, especially superiors, for the actions and omissions of others, particularly subordinates.
“Failing to prevent” reflects the difficulty of proving dishonesty and holding anyone other than the primary perpetrator criminally responsible. As an example, the Act contains the offence of failure by a commercial organisation to prevent bribery by associated persons like employees, agents and subsidiaries that provide services to the company.
Just like the Bribery Act, the new criminal finance bill proposes corporate responsibility to prevent money laundering, false accounting and fraud but will go further to also make directors criminally responsible even in the absence of aiding and abetting.
There is an argument that the means to hold directors to account in this way already exists. The Companies Act sets out the personal and collective duties of directors, who can delegate functions but cannot abdicate responsibility. The Act also sets out the duty to exercise reasonable care, skill and diligence, and the general duty to promote the success of the company.
This applies in practically every situation where a decision has to be made concerning the affairs of a company. These can all, arguably, be applicable to the failings targeted by the new proposals but they involve largely civil penalties. This means fines rather than criminal prosecution. Director disqualification is another possibility which is not regarded as a criminal penalty.
It gets even more complicated when we consider whether the criminal finance bill would distinguish between executive and non-executive directors and whether it applies only to directors formally appointed to their particular roles.
Will non-executive, de facto and shadow directors have personal liability as well? In the Companies Act, there is no significant difference between executive and non-executive directors, and between formally appointed directors and other people that are doing the job of a director without a formal appointment.
Those complications aside, should companies and directors really be concerned about the new criminal finance bill?
According to attorney general Jeremy Wright, prosecution can be avoided by taking “the actions necessary to discourage such offending in the first place”. There will, therefore, be a due diligence test, the boundaries of which have not yet been clarified. Past experience of the Bribery Act prosecution guidance from the Serious Fraud Office and Crown Prosecution Service suggest clarity and certainty are unlikely.
Directors should find no comfort in that potential ambiguity. Construction and services firm Sweett Group became the first company to face conviction under section 7 of the Bribery Act in April this year—for failing to prevent bribery during operations in the United Arab Emirates—and there is reason to expect prosecutions under the new criminal finance bill. It is time to design adequate procedures against money laundering, false accounting and fraud, and on the assumption that the buck won’t stop till it gets to the top.