Expansion of Corporate Criminal Liability in the UK: Reform of the Identification Principle and New Offence of Failure to Prevent Fraud

September 18, 2023

Click for PDF

Over the last two weeks, both the House of Commons and the House of Lords have considered the Economic Crime and Corporate Transparency Bill (“the Bill”). The government has described the Bill as the most significant reform of the identification doctrine in more than 50 years and the proposals have been welcomed by the UK’s Serious Fraud Office.

Although there is an outstanding point of contention for corporate criminal liability reform relating to the scope of the failure to prevent fraud offence, and in particular, whether it should be limited to large organisations, or expanded to non-micro organisations, the Bill is now in the final stages of its passage through Parliament and some commentators have indicated it could receive royal assent before the end of this year.

Key Takeaways

  • The Bill proposes a number of changes to the current law including an expansion of the identification principle and a new offence of failure to prevent fraud.
  • Organisations can be held liable for actions of “senior managers” for the purposes of prosecuting relevant economic crimes.  Organisations should identify and train individuals who fall within this definition.
  • In anticipation of the new offence of failure to prevent fraud coming into force, organisations must ensure reasonable procedures are in place to prevent fraud.  This could include:
    • carrying out a fraud risk assessment;
    • updating existing policies to identify and mitigate fraud risk;
    • ensuring staff are properly trained and retaining training records; and
    • ongoing monitoring of risk and compliance with policies.


The identification principle – the current position

With the exception of a small number of specific offences, including the existing failure to prevent offences under the Bribery Act 2010 and the Criminal Finances Act 2017, in order for a corporate entity to be held criminally liable for the actions of an individual, that individual must be the “directing mind and will” of the corporate entity. This is called the “identification principle”.

The leading case on the identification principle is Tesco Supermarkets Ltd v Nattrass,[1] which states that one has to identify “those natural persons who by the memorandum and articles of association or as a result of action taken by the directors, or by the company in general meeting pursuant to the articles, are entrusted with the exercise of the powers of the company”, also referred to as the primary rule of attribution.

The principle has been narrowly applied and prosecutors have had difficulty satisfying the test in a number of high profile cases including The Serious Fraud Office v Barclays PLC and Barclays Bank PLC.[2] In that case, Davis LJ found that despite the defendants being senior executive directors and two of those defendants being on the board, their actions could not be attributed to Barclays because they had not been delegated entire authority to complete the relevant acts. Davis LJ noted that the “status” of an individual is a relevant consideration, but the focus should be on the particular authority bestowed by the company for the performance of the particular function in question.

The Barclays case and others like it have triggered debate about whether the identification principle, now over fifty years old, is fit for purpose when dealing with large multinational companies with complex management structures. As it stands, smaller companies with simpler structures are more exposed to criminal prosecution given the relative ease in demonstrating which individuals control and direct the company’s actions. This has prompted concern that larger companies are not being held to account for criminal wrongdoing carried out on their behalf. The proposals to reform corporate criminal liability laws, discussed below, seek to address these difficulties.

Proposed reforms

1. New approach to “attributing criminal liability for economic crimes to certain bodies

Rather than relying on the identification principle, under the new legislation, the corporate entity will be liable for actions committed by a “senior manager” acting within the actual or apparent scope of their authority.

Senior manager” is defined as an individual who plays a significant role in:

  • the making of decisions about how the whole or a substantial part of the activities of the body corporate or partnership are to be managed or organised, or
  • the actual managing or organising of the whole or a substantial part of those activities.[3]

This definition is adopted from the Corporate Manslaughter and Corporate Homicide Act 2007. The Explanatory Notes to the Corporate Manslaughter and Corporate Homicide Act 2007 state that this covers both individuals in the direct chain of management, and those in, for example, strategic or regulatory compliance roles.[4] The practical impact is that the pool of potential employees whose criminal conduct could be attributed to a corporate body is widened potentially very substantially.

At this stage, the reforms to the way in which liability is attributed to an organisation will only apply to economic crimes specified in the Bill, such as offences relating to fraud, bribery, theft, false accounting and concealing criminal property.[5] However, whilst the current focus is on economic crimes (which reportedly make up over 40% of crime in the UK[6]), the government has “committed in the Economic Crime Plan 2 and the Fraud Strategy to introduce reform of the identification principle to all criminal offences in due course”.[7]

The explanatory notes to amendments made by the House of Lords following the third reading in July 2023 state that the Bill “ensures that criminal liability will not attach to an organisation based and operating overseas for conduct carried out wholly overseas, simply because the senior manager concerned was subject to the UK’s extraterritorial jurisdiction: for instance, because that manager is a British citizen […] However, certain offences, regardless of where they are committed, can be prosecuted against individuals or organisations who have certain close connections to the UK. Any such test will still apply to organisations when the new rule applies”.[8]

The reform of the identification principle is intended to make it easier for authorities to pursue corporates for primary fraud and bribery offences rather than just failure to prevent offences. Although “senior manager” is now defined, it will still be subject to judicial interpretation and the courts may favour a narrow interpretation, as in The Serious Fraud Office v Barclays PLC and Barclays Bank PLC.[9] The government has also concluded in its Impact Assessment that whilst the reforms to the identification principle are expected to increase the number of corporate prosecutions, the number of additional cases is expected to be low.[10]

2. Failure to prevent fraud

In addition to broadening the general scope for corporate criminal liability, a new corporate offence of failure to prevent fraud will also be introduced. This new offence borrows from both the existing offences of failure to prevent bribery under the Bribery Act 2010 and failure to prevent the facilitation of tax evasion under the Criminal Finances Act 2017.

Under the new offence, if they meet specific criteria, large corporates and partnerships will be held criminally liable where:

  • a specified fraud offence is committed by an employee or agent (such as fraud by false representation, fraud by abuse of position or fraud by failing to disclose information); and
  • the offence benefits the organisation.

The prosecution must establish both limbs of the offence set out above. However the company will have a defence if it can show it either had “reasonable procedures” in place to prevent the fraud, or that it was not reasonable to have relevant procedures at all. This is said to place a lesser burden on organisations than the requirement to have “adequate procedures” under the Bribery Act 2010.[11] As with the Bribery Act and the Criminal Finances Act there is a requirement for the government to issue “guidance about procedures that relevant bodies can put in place to prevent persons associated with them from committing fraud offences”.[12] This has not yet been issued but it is likely to include detailed policies, procedures and training.

The House of Lords disagreed with the House of Commons that the failure to prevent fraud offence should only apply to large organisations. They voted to amend the Bill so that the offence applies to “non-micro organisations” which satisfy two or more of the following conditions in a financial year: (i) turnover of more than £632,000 and less than £36 million; (ii) a balance sheet total of more than £316,000 and less than £18 million; and (iii) more than 10 but less than 250 employees.[13] In support of this amendment, Lord Garnier referred to the fact there is no exemption for small and medium enterprises for the offence of failure to prevent bribery and proposed that only the very smallest and newest commercial organisations should be exempted from the failure to prevent regime.[14] The Commons rejected these amendments on Wednesday 13 September and the Bill has been returned to the Lords for further consideration.

Extraterritorial reach

The failure to prevent fraud offence has wide extraterritorial effect, applying to a body corporate or a partnership wherever they are incorporated or formed.[15] The government factsheet summarising the failure to prevent fraud offence explains that: “if an employee commits fraud under UK law, or targeting UK victims, their employer could be prosecuted, even if the organisation (and the employee) are based overseas”.[16]


The failure to prevent fraud offence is making headlines and will inevitably need to be given serious consideration by large organisations. The new legislation is designed to close “loopholes that have allowed organisations to avoid prosecution in the past”.[17]

The government believes that the changes will “result in a deterrent effect where increased awareness and corporate liability may deter would-be fraudsters”. [18] Perhaps most compellingly, the government intends that the legislation will create cultural change and encourage the development of an anti-fraud culture within organisations.[19]

Post-legislative scrutiny of the Bribery Act 2010 identified a changing and improved corporate anti-bribery culture following the introduction of the failure to prevent bribery offence. The government hopes that the proposed changes will have a similar impact for fraud and will promote a corporate culture in which fraud detection and prevention are encouraged.[20]

It is not clear how many prosecutions the failure to prevent fraud offence will give rise to – the Serious Fraud Office (“SFO”) has only prosecuted two corporations for failure to prevent bribery since the Bribery Act came into force in 2011.[21] On the other hand, the offence of failure to prevent bribery has featured in nine of the twelve deferred prosecution agreements (“DPAs”) entered into since DPAs were introduced in February 2014.  The SFO is likely to take a similar approach to prosecuting failure to prevent fraud offences.

Practical steps

In anticipation of the Economic Crime and Corporate Transparency Act coming into force, we have set out some practical steps to be considered:

  • Risk assessments: carry out and document appropriate risk assessments, identifying relevant fraud risks.
  • Reasonable policies and procedures: identify and update relevant existing policies or introduce new policies to ensure the new offences are taken into account and to mitigate the fraud risks identified in the risk assessment.
  • Reporting: ensure appropriate channels are in place for reporting suspicions of fraud.
  • Identification of potential senior managers: identify which individuals and roles may fall into the definition of “senior manager”. Ensure those individuals receive adequate training on fraud risk and applicable policies and procedures and are appropriately monitored.
  • Raising awareness within the company: provide adequate training to employees to embed fraud policies and procedures and ensure that employees are aware of appropriate channels for reporting suspicions of fraud. Records of this training should be retained.
  • Ongoing monitoring: procedures should be put in place for the ongoing monitoring of fraud risk, compliance with relevant policies and procedures (including the effectiveness of fraud detection processes), and the conduct of individuals. Companies should monitor and review their effectiveness on a regular basis to ensure that necessary improvements are made when required.

Whilst the timeline for the Bill receiving royal assent and being implemented is uncertain, it is important to understand the proposed changes and how to prepare for their implementation. The reforms demonstrate a cultural change and appetite for greater scrutiny of corporate entities. It will be interesting to see how they are used by law enforcement authorities once the Bill is passed.

Irrespective of the final content of the Bill, there is no doubt that it is a significant change for the corporate criminal liability landscape within the UK.

[1] [1972] AC 153.

[2] [2018] EWHC 3055 (QB).

[3] https://bills.parliament.uk/publications/51963/documents/3729.

[4] https://www.legislation.gov.uk/ukpga/2007/19/section/1/notes?view=plain.

[5] https://bills.parliament.uk/publications/51963/documents/3729.

[6] https://www.gov.uk/government/publications/fraud-strategy/fraud-strategy-stopping-scams-and-protecting-the-public.

[7] https://www.gov.uk/government/publications/economic-crime-and-corporate-transparency-bill-2022-factsheets/factsheet-identification-principle-for-economic-crime-offences.

[8] https://hansard.parliament.uk/lords/2023-06-27/debates/EF8264AF-6478-470E-8B37-018C4B278F6E/EconomicCrimeAndCorporateTransparencyBill.

[9] [2018] EWHC 3055 (QB).

[10] See attachment here.

[11] See attachment here.

[12] Section 203 of the Bill https://bills.parliament.uk/publications/51963/documents/3729.

[13] https://publications.parliament.uk/pa/bills/cbill/58-03/0363/220363.pdf.

[14] https://hansard.parliament.uk/Lords/2023-09-11/debates/181F85C9-5619-4DAF-BD42-327C0DAF036F/EconomicCrimeAndCorporateTransparencyBill.

[15] https://bills.parliament.uk/publications/52462/documents/3896.

[16] https://www.gov.uk/government/publications/economic-crime-and-corporate-transparency-bill-2022-factsheets/factsheet-failure-to-prevent-fraud-offence.

[17] https://www.gov.uk/government/publications/economic-crime-and-corporate-transparency-bill-2022-factsheets/factsheet-failure-to-prevent-fraud-offence.

[18] See attachment here.

[19] https://bills.parliament.uk/publications/50688/documents/3279.

[20] https://bills.parliament.uk/publications/50688/documents/3279.

[21] https://bills.parliament.uk/publications/50688/documents/3279.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact the Gibson Dunn lawyer with whom you usually work, any member of Gibson Dunn’s White Collar Defense and Investigations practice group, or the following authors in London:

Michelle M. Kirschner (+44 20 7071 4212, [email protected])
Matthew Nunan (+44 20 7071 4201, [email protected])
Allan Neil (+44 20 7071 4296, [email protected])
Patrick Doris (+44 20 7071 4276, [email protected])
Maria Bračković (+44 20 7071 4143 [email protected])
Amy Cooke (+44 20 7071 4041, [email protected])
Rebecca Barry (+44 20 7071 4086, [email protected])