Corporate Liability Reform in the UK is Accelerating: Your GRC Teams Need to Future-Proof Compliance  

Does the UK face a corruption challenge? In January, Lord Theodore Agnew, the minister in the treasury and cabinet office with responsibility for counter-fraud and cross-government efficiency, unexpectedly resigned. His cited reason: the government’s “lamentable” oversight of the COVID-19 loans schemes and ministers “foolishly” shelving plans to introduce a new economic crime bill in the coming parliamentary session.

The stir following Agnew’s statements and resignation prompted members of Parliament to debate the urgent need to reform the allegedly weak and outdated legislation that, according to them, has turned the city of London into a haven for illicit financial flows from across the world. Enter the surprise crisis in Ukraine, and a UK government economic crime bill suddenly found swift passage to become law.

The Economic Crime (Transparency and Enforcement) Act focuses on foreign ownership of UK property, unexplained wealth orders and proposals to assist the Office of Financial Sanctions Implementation (OFSI) in sanctions enforcement actions. The government has also published proposed reforms to Companies House, the entity responsible for maintaining a register of companies in the UK.

Missing the Boat on Corporate Criminal Liability

A handful of issues deserving attention are disappointingly overlooked by the legislation. In particular, the director of the Serious Fraud Office (SFO) previously advocated changing the law relating to corporate criminal liability. In particular, the House of Commons Treasury Committee re-emphasised in its Jan. 26 2022 report that failure to reform these rules would mean “corporate criminals will continue to […] escape prosecution.”

These and other interested observers see at least two areas where action should have been taken in the crime bill:

‘Controlling Mind’

The first mooted aspect is the need to reform or expand the “controlling mind” test. Under current legislation, corporates can only be liable for most criminal offences if those who represent the “directing mind and will” committed the wrongdoing.

As the SFO commented in June 2021, this test makes it difficult to prosecute companies where mid-level employees commit misconduct. For example, the SFO prosecution of Barclays bank in 2018 failed when the high court interpreted the requirement as meaning members of the bank’s board had to have committed the alleged misconduct to warrant charges.

‘Failure to Prevent’

The second key issue absent resolution within the crime bill is the need to create a new criminal offense for “failing to prevent economic crime.” Such a rule would be similar to the existing offenses of failure to prevent bribery and failure to prevent the facilitation of tax evasion. This would allow, for example, banks to be held to account for granting fraudulent coronavirus bounce-back loans.

Responding to New and ‘Soon-to-Arrive’ Regulations

The hastily enacted crime bill is not the only piece of economic crime legislation with which corporate compliance executives need to grapple. But in general, the recent flurry of activity which aims to improve the UK’s response to economic crime is to be welcomed.

Moreover, experts in economic crime have long argued that these and other changes are essential given the UK’s major role in the global economy. Given current attitudes and momentum, GRC managers should expect to see more changes arriving in the short term.

Note that a robust and effective compliance structure may accomplish more than prevention or mitigation. In the event of an offense, evidence of a robust and effective compliance structure can be a mitigating factor in reducing a penalty or sentence imposed by the courts.

Each organization and sector are different. Nonetheless, all should consider taking actions such as:

• Conduct an economic crime risk assessment: Identifying the areas of your operations where there may be a greater risk of economic crime and assessing the adequacy and effectiveness of existing systems and controls will enable you to identify any improvements required. Areas of medium or high residual risk can then be targeted to ensure the most effective use of your resources. Your risk assessment should be regularly re-performed to ensure it is still fit for purpose.
• Bolster your culture: Controls will only be effective if the organization establishes a strong culture of ethics and compliance through all corporate levels. In this respect, the “tone at the top” is key in promoting a robust “speak up” culture that encourages stakeholders to ask questions and raise concerns without fear of retaliation. An effective tone at the top should be embedded through regular compliance communications, a code of ethics with regular recommitment to that by all employees, and a whistleblowing policy and channels.
• Train employees: Employee and contractor background screening is important, as is providing adequate and ongoing training. Training should cover the entire organization, and you should consider implementing more targeted training for those in higher risk roles or locations.
• Ensure independent review: Independent review of the compliance program is important, too, and a key expectation of regulators. If one is not already in place, consider implementing an effective and independent internal audit function.

Future-Proof Compliance

Sanctions have entered the public consciousness to a degree and manner previously unseen. This will undoubtedly spotlight economic crime and sanctions violations in the coming months. However, in the absence of concrete reforms to corporate liability legislation, it can be difficult for companies to respond. Taking steps now to strengthen existing compliance structures will help future-proof organizations and lessen the potential burden to compliance teams.