Economic Crime And Corporate Transparency Act, 2023: A Comprehensive Analysis

The enactment of the Economic Crime and Corporate Transparency Act, 2023 ('ECCTA') in the United Kingdom ('UK') marks a significant milestone in the jurisprudence of economic crimes. This article discusses the reforms introduced by the ECCTA and their impact on determining the liability of corporate entities and their controlling minds in cases of economic crimes. It also sheds light on the criminal liability of corporates in India while noting the valuable lessons that need to be learnt from the UK reforms, especially in today's complex corporate landscape.

I. Introduction

Prosecuting corporates for economic crimes has never been an easy task. The 'directing mind and will' test, which seeks to identify the ultimate decision-maker to hold liable for an alleged offence, often falls short in tracing accountability in complex corporate structures with multi-level management and decentralised decision-making mechanisms.

It was to address this lacuna in the framework governing economic crime and corporate liability, along with the objective of reducing corporate frauds, that the ECCTA was enacted in the UK.¹

The ECCTA has expanded the former identification principle, making corporates liable for specific criminal offences based on the Senior Manager Test instead of the previous 'directing mind and will' test. The reform broadens the scope of accountability of senior executives whose actions can be attributed to a corporate for the purpose of establishing criminal liability. It has also introduced a new offence, namely failure to prevent fraud, thereby further increasing the scope of a corporate's criminal liability.

II. Redefining the Identification Doctrine

The identification doctrine, also known as the identification principle, is a legal concept in common law that holds a corporate criminally liable for the actions of its 'directing mind,' typically high-level executives or senior management, if those individuals commit criminal acts in the course of their duties for the corporate. This principle is based on the idea that the actions of these individuals represent the actions and intentions of the corporate itself, preventing the abuse of the separate legal personality of a company by its executives.

Under the erstwhile legal framework, for a corporate to be found guilty of a criminal offence requiring proof of mens rea, it was necessary to establish that an individual representing the company's 'directing mind and will' possessed the requisite state of mind.

Advocates for reform argued that this rule was inadequate for addressing misconduct in larger companies with complex decision-making structures, where responsibility is spread across multiple individuals or committees. Establishing mens rea behind the relevant acts, particularly in large corporates with decentralised and multi-layered management, was remarkably difficult. To address this challenge, a category of 'failure to prevent' corporate criminal offences was introduced. These offences, which cover bribery, tax evasion, and now fraud under the ECCTA, do not directly attribute primary liability to the company for the substantive offence. Instead, they impose liability for failing to prevent the offence from occurring. This approach allows for a more effective prosecution of corporate misconduct in cases where individual culpability is difficult to establish.

S. 196 of the ECCTA extends liability for economic crimes to companies or partnerships where the offence involves a senior manager, thereby broadening the range of individuals whose actions can result in liability for the corporate entity. This change simplifies charging decisions and subsequent prosecutions of companies and partnerships, making them more straightforward for prosecutors. The reform amends and broadens the grounds on which companies and partnerships can be held primarily liable for a variety of economic crimes, applying to both the UK and non-UK businesses.

III. Expanding the Scope of Corporate Criminal Liability

Taking a step forward from the identification principle, the ECCTA introduces the Senior Manager Test, attributing liability in an economic crime by a corporate. Under the new standard, a corporate can be held criminally responsible following the identification doctrine if a senior manager commits a relevant crime while 'acting within the actual or apparent scope of their authority'. This increased liability applies only to specified economic crimes. A senior manager is described as someone who significantly contributes to the decisions regarding the management or organisation of the entire or a significant part of the activities of the corporate body or partnership or the actual management or organisation of the entire or a significant part of those activities. The specific title of the individual is not important as long as they meet this definition.

The reform expands the group of senior executives whose actions could be linked to a corporate, establishing criminal liability against it. The explanatory notes of the Corporate Manslaughter and Corporate Homicide Act, 2007, which influenced the concept of senior management, suggest that this could include individuals directly involved in management, as well as those in strategic or compliance roles. This broader category may encompass company directors, senior officers who are not on the board, and possibly individuals in departments like HR, in-house legal teams, and regional or divisional managers in nationwide organisations.²

Under the failure to prevent fraud offence, a corporate can be held responsible if it fails to prevent specified fraud offences committed by an associated person. The new set of strict liability criminal offences is modelled after existing 'failure to prevent' offences in the UK, such as failure to prevent bribery and the facilitation of tax evasion. However, this new offence applies only to large organisations and excludes small and medium-sized companies. A corporation is considered a large organisation under the ECCTA, if, in the financial year before the alleged fraud, it meets two or more of the following conditions:

1. It has more than 250 employees,
2. It has a turnover exceeding £36 million, and/or
3. It has a balance sheet total exceeding £18 million.

Further, for a parent company of a group to be classified as a large organisation, it must meet at least two of the following criteria:

1. An aggregate turnover exceeding £36 million (or £43.2 million gross),
2. An aggregate balance sheet total exceeding £18 million net (or £21.6 million gross), and/or
3. More than 250 aggregate employees.

Any person, agent, employee, or subsidiary providing services for or on behalf of a large company will come under the umbrella of an associated person. This definition closely mirrors how an associated person is defined in other UK anti-corruption laws. Consequently, parent companies can now be held accountable for fraud committed by an employee of a subsidiary if that employee has the necessary intent. It is important to note that the associated person must intend to benefit either the corporate directly or a person to whom services are provided on behalf of the corporate.

IV. Defence of Reasonable Procedure

In case a corporate fails to prevent fraud offences, there are two available defences. The first defence is available in cases where the corporate itself was the intended target of the fraud. The second defence is called the defence of 'reasonable procedure', where the failure to prevent the offence of economic crimes can be defended if the organisation can demonstrate that it had reasonable prevention measures in place or that it was not reasonable under the circumstances to expect it to have such measures.

However, what constitutes reasonable procedure to prevent fraud under the ECCTA has not been outlined yet, and hence, the new offence will come into effect once the statutory guidelines defining the scope and extent of reasonable procedure are defined. Based on the draft statutory guidelines, the reasonable procedures align with the six compliance principles. These principles resemble those found in the UK's Bribery Act, 2010, referred to as 'adequate procedures', but there are differences, particularly regarding the methodology for risk assessment and the significance of financial controls. Having a documented risk assessment is a crucial aspect of the defence based on reasonable procedures. The focus of this assessment is on the risk of associated persons within the organisation engaging in specified economic crimes to benefit the organisation, the group, or its customers rather than the risk of internal fraud against the organisation. The importance of risk assessment can be understood from the draft statutory guidance, which states that in some limited circumstances, it may be considered reasonable not to implement measures in response to a particular risk. However, it will rarely be considered reasonable not to have conducted a risk assessment at all.

V. Extra-Territorial Application of the ECCTA

The failure to prevent fraud offences has broad extraterritorial reach, applying to a corporate or partnership regardless of where they are incorporated or established. According to a government factsheet summarising the offence, if an employee commits fraud under the UK law, or targets UK victims, their employer could be prosecuted, even if the organisation (and the employee) is based overseas.

The definition of body corporate or partnership wherein the senior managers are liable for economic crimes includes entities incorporated outside the UK, so a non-UK company could also be held liable if an offence is committed by a senior manager who is a UK national or a foreign national, as long as the offence occurs in the UK. For the failure to prevent fraud offences, it is possible that foreign organisations can be implicated if an employee or agent commits fraud under UK law or targets UK victims, provided that the organisation meets the criteria for being a large organisation.

VI. Drawing Parallels in the Indian Legal System

While it is undisputed that a company can be prosecuted for criminal offences as an artificial entity, it cannot possess the necessary mens rea, an essential element of any criminal offence. Therefore, the issue of whether a company can be prosecuted for an economic crime depends on the identification principle and the doctrine of vicarious liability. Presently, the established legal stance is that if a company commits a criminal offence, the responsibility lies with the directors. The liability of the directors is primarily determined in two ways:

1. In cases where the offence committed shows mens rea, the investigation seeks to focus on determining the intention and actions of the responsible individuals acting on behalf of the company.
2. In cases where the statutory framework itself invokes the doctrine of vicarious liability; accountability is held by explicitly outlining such liability.

However, such tasks are easier said than done. Attributing criminal liability to individuals on behalf of a corporate that cannot have mens rea by determining its 'alter ego' is often precarious. So, what lessons do we need to learn from the ECCTA in the UK, and are there any parallels that already exist in India?

The ECCTA mandates that all current and prospective company directors, individuals with significant control, 'relevant officers' of relevant legal entities ('RLEs'), and Authorised Corporate Service Providers ('ACSPs') must verify their identities, confirming their true identities. In India, the Companies Act, 2013 ('CA') introduces a concept of Significant Beneficial Owner ('SBO') in line with the Financial Action Task Force ('FATF') regulations. S. 90(1) of the CA is the main governing provision in this regard. The purpose of this provision is to seek the ultimate persons benefitting from the ownership of the company. In some ways, this provision works similarly to the intended objectives of the ECCTA, where the Senior Manager Test is applied to determine liability based on the identification of interest and autonomy.

Besides this, there are various other laws in India, such as foreign exchange regulations, environmental laws, labour laws, and tax laws, that attract vicarious liability that specifically outline the responsibilities of individuals in charge or directors when a company commits an economic crime. Directors can also be held responsible under certain provisions of the Insolvency and Bankruptcy Code, 2016 and the Prevention of Money Laundering Act, 2002. The presumption is that despite being a separate legal entity, a company works based on directing the will of the individual, and any individual having the controlling will of a company shall be culpable for a crime committed by the company if the relevant acts can be traced back to his decisions.

Failure to prevent fraud by a corporate is revolutionary legislation, and so far, there is no parallel to it in India.

VII. Conclusion

The landmark legislation in the UK will have far-reaching consequences. Once enacted in its entirety, it will inspire other common-law countries to bring similar legislation. The question of accountability in economic crimes by a corporate is no longer a matter of simple investigation. The globalisation and digitalisation of the economy have already changed the corporate management landscape, and the recent emergence of technologies like artificial intelligence ('AI') and its possible role and use in corporate decision-making will continue to add layers of difficulty in determining human actors behind a corporate's action. Therefore, a re-evaluation of the identification principle and liability doctrine is the call of the hour. The reforms in the UK only apply to criminal offences, but the nature of the crime itself has been changing with time, and conventional principles of interpretation need to be revisited.

A growing commercial market like India with an evolving corporate sphere will need to keep an eye on the global tides and adapt its best practices to prevent the repetition of the mistakes of its fellow nations.

Footnotes

1. Economic Crime and Corporate Transparency Act 2023. (n.d.). https://www.legislation.gov.uk/ukpga/2023/56/enacted

2. Fraud Strategy (Home Office, ed. 2023); https://www.gov.uk/government/publications/fraud-strategy

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.