Global enforcement outlook

Corporate criminal liability

In recent years, governments all over the world have been introducing stricter or more expansive rules on corporate criminal liability, creating new enforcement agencies and implementing new methods of resolution, all of which is impacting investigations and compliance.

This trend will continue in 2021 and beyond, with Germany and the UK being the jurisdictions to watch.

Germany

Germany is one of the few G20 countries where companies still cannot be held criminally liable (but may be subject to regulatory fines and the disgorgement of profits). However, in 2020, the government introduced a heavily debated draft bill (the so-called Corporate Sanctions Act) that, if it becomes law, will have a huge impact on companies doing business in Germany.

The bill introduces much higher fines and will significantly increase the number of investigations into corporate wrongdoing, as public prosecutors will have to initiate proceedings against any company suspected of committing a corporate offense.

According to the draft bill, a company can be sanctioned if a company-related offense has been committed by either:

• a manager; or
• an employee or a third party acting on behalf of the company and the company lacked appropriate compliance measures that would have either prevented the offense or made it considerably more difficult to commit.

The law will also lead to an increase in internal investigations (albeit conducted independently from any defense and to very high prosecutorial-like standards) and a greater focus on ensuring companies have state-of-the-art compliance management systems, given that both these factors, alongside cooperation with the authorities, may help reduce any fine considerably.

Further, the bill provides for a novelty in German law – the proposed ‘sanction on parole’ mechanism. Similar to deferred prosecution agreements (DPAs) used, for example, in the US, the UK and France (and being introduced in a number of other jurisdictions), the company may be released from its obligation to pay a criminal sanction if it does not reoffend within a certain period of time and complies with certain requirements.

The bill is facing legislative delays due to the pandemic and, once in force, will allow companies two years to review existing or implement new compliance processes. But companies are strongly advised to adapt their compliance management systems promptly, as well as look at the guidance the draft bill provides on conducting internal investigations and cooperating with the authorities.  After all, even if the proposals are watered down, the trend in Germany towards holding companies liable for the criminal wrongdoing of its managers and employees seems irreversible.

For full details of the proposed Criminal Sanctions Act, read our briefing (PDF, 0.8MB).

The UK

There have been long-held concerns in some quarters in the UK that, relative to certain peer jurisdictions like the US, the current law does not provide a satisfactory framework for prosecuting companies for economic crimes.

In response, the UK has – from time to time – considered whether corporate criminal law reform should be made – with the Serious Fraud Office (SFO) being one of the strongest advocates. And so it is that the UK is once again considering reforming its law on corporate criminal liability. In particular, the review performed by the Law Commission will assess the suitability of the common law identification doctrine, under which a company can generally only be criminally liable for an offense if the offense can be attributed to someone who was the ‘directing mind and will’ of the company.

The ‘failure to prevent’ model in the Bribery Act, also adopted in the 2017 Criminal Finances Act, may be adopted to address some of the perceived issues with the ‘directing mind and will’ doctrine without having to reform it entirely. And offenses such as those contained in the Pensions Schemes Bill suggest there is an appetite to criminalize conduct that previously would be dealt with by other means.

There are strongly held views on both sides of the argument for reform, so it seems the debate on corporate criminal liability in the UK, both in terms of the form of liability and the range of potential offenses, will continue until there is a significant shift in government priorities and improvement in economic conditions. Although there is no prospect of immediate reform, the fact that this is back on the agenda, with the UK government recently commissioning an expert review, is a meaningful development.

On the resolution side, November 2020 guidance from the SFO codifies the SFO’s approach to using DPAs. The SFO sets a high bar for what it expects both in terms of conduct to be considered for a DPA and the terms that any DPA would likely contain.

The challenge the SFO will face over the next handful of resolutions will be making DPAs onerous enough to satisfy public opinion but not too onerous, or else companies might instead decide to contest a trial, where to date the SFO has had limited success.

Developments elsewhere

Australia is introducing new laws on foreign bribery (based on the ‘failure to prevent’ model found in the UK Bribery Act) and implementing a DPA scheme. In addition, the Australian Law Reform Commission has proposed expanding this model to other international corporate offenses, such as tax evasion and modern slavery.

Malaysia has introduced a ‘failure to prevent bribery’ offense, as well as guidelines on adequate procedures that can help companies understand what procedures they need to prevent corruption in their business activities.

China has proposed increasing penalties for certain commercial bribery and public disclosure offenses. Restrictions on the cross-border transfer of personal information under the long-awaited draft Personal Information Protection Law are set to make it more difficult for companies to respond to investigations by foreign regulators and enforcement agencies.

Precautionary measures

With the risk of enforcement action against corporate criminality growing, it is vital that precautionary measures to prevent the commission of criminal acts are in place.

Many authorities, such as the US DOJ and the French anti-corruption agency, issue best-practice guides on how to introduce standards that either act as a defense to liability altogether or at least reduce potential fines by way of mitigation. This guidance, which in most cases overlaps significantly, should help companies to calibrate what prosecuting authorities expect in terms of effective compliance environments and, if things go wrong, what their expectations are in terms of cooperation, negotiating a resolution or conducting internal investigations. And with the remit of an increasing number of regulators now intersecting with the criminal law, the guidance published by regulators is relevant to managing not only regulatory but also various criminal risks.