Nigel's Eyes

20230223 Failure to prevent ...

There is little doubt that there is a growing interest in the creation of "failure to prevent" laws. Broad Left pressure groups such as Transparency International and the UK's All-Party Parliamentary Group on Anti-Corruption and Responsible Tax (which has a number of Conservative MPs in its ranks) are agitating strongly in favour of one or more "failure to prevent" provisions to be added to existing laws relating to money laundering and more. The UK's Law Commission thinks there is a discussion to be had.

The Law Commission published a report, Corporate Criminal Liability, in 2022.

The Commission called it " an options paper for the Government on how it can improve the law to ensure that corporations are effectively held to account for committing serious crimes."

Here's the problem: Corporations are not capable of forming the intent to commit an offence. As a result, corporations are liable for offences of strict liability, for performing an "actus reus" but not of crimes that require "mens rea". Corporations can also be guilty of failing to do things such as failing to provide a safe place of work. That's where things get fudged because it implies that the company knew that something needed to be done but didn't do it. But companies cannot "know" any more than they can form intent.

A company has "legal personality" and in law it is a "person." But of itself, it can do nothing. It requires the mind of humans to direct it.

The argument here is a legal argument that has much in common with the philosophical argument as to whether computers can think- an area which tumbles over into legal argument, too.

For example, The Law Commission has proposed "removal of criminal responsibility for the person in the passenger seat" in autonomous vehicles. By "passenger seat" it means that formerly known as the driver's seat. In that case, liability would pass to the manufacturer of the vehicle.

The Law Commission has not made any recommendations relating to "failure to prevent.." but it has raised what it calls "options." If there is to be a change from the current position, the Law Commission says the following should be considered:

- Allowing conduct to be attributed to a corporation if a member of its senior management engaged in, consented to, or connived in the offence.
- the organisation’s chief executive officer and chief financial officer would always be considered to be members of its senior management.

An offence of failure to prevent fraud by an associated person.
An offence of failure to prevent human rights abuses.
An offence of failure to prevent ill‑treatment or neglect.
An offence of failure to prevent computer misuse.

But it goes into an area that is becoming more common and further away from the principles of natural justice: A regime of administratively imposed monetary penalties.

So these are the issues we need to think about.

1. This is not "piercing the corporate veil" as some have said. It does not, directly, touch shareholder qua shareholder. It does if the shareholder is also a member of the company's senior management.

2. We are really talking about semantics because -

3. Are we really talking about anything new? The answer to that is "no." The concept of vicarious liability has been creeping in its scope and effect for decades. In short, there is nothing novel about the idea that a company is liable for the actions of its employees.

4. The question here is simply that legislators, instead of building on what they have, are trying to create something novel and to do that it's necessary to demolish huge swathes of law developed over centuries. But actually, they don't need such a radical solution.

By using vicarious liability as the starting point, there is no need to create an offence of "failing to prevent.."

So what's the motivation behind this?

It's hidden in that "administrative penalty" thing: if it is established to the satisfaction of a non-judicial officer that an offence was committed then, instead of seeking prosecution of those who e.g. facilitated money laundering using the company as a vehicle, a penalty can be imposed against the company.

There is a defence: that the company has in place adequate measures to detect and prevent such offences. As we know, that results in tick-box compliance and a large expenditure on technology, consultants and support staff who do not contribute to the company's profits. It used to be said that the cost of compliance was offset against the potential cost of failure but regulators are, increasingly, finding failure and imposing substantial penalties everywhere they look.

So is this proposal a great benefit to society?

No, I don't think so. I think it's a honeypot for RegTech companies and consultants and a cashcow for regulators.

There are better, cheaper ways of achieving the same objective but they don't feature in government-led discussions.

Further reading:
https://www.lawcom.gov.uk/project/automated-vehicles/
https://www.lawcom.gov.uk/project/corporate-criminal-liability/
https://bills.parliament.uk/publications/49554/documents/2831

failure to prevent
money laundering
human trafficking
computer breaches