Legal Update

May 28, 2024

UK Criminal Liability Alert: Safeguarding Companies Operating in the UK From the Actions of Their Employees

Click for PDF

What do I need to know?

New criminal laws in the UK will make companies more vulnerable to criminal prosecution for the acts of their employees and agents than ever before. The Economic Crime and Corporate Transparency Act 2023 (“ECCTA”) introduces two significant changes to the criminal law in the UK, making it easier for prosecution agencies to hold companies accountable for the actions of their employees. Those changes are the introduction of a new corporate offence of Failure to Prevent Fraud and the broadening of the criminal legal principles which make companies liable for the actions of their employees.

Failure to Prevent Fraud

Companies operating in the UK, or that have a close nexus to the UK, are already vulnerable to prosecution if they fail to prevent bribery or fail to prevent the facilitation of tax evasion in their businesses. Later this year, the UK will extend those principles to make companies criminally liable if they fail to prevent an “associate,” (i.e., employees, agents, subsidiaries, or person who performs services on behalf of the company) from committing fraud for the benefit (directly or indirectly) of the company[1].The specified fraud offences are listed at schedule 13 of the Act and include, fraud; false accounting; and false statements by company directors.

The Serious Fraud Office (“SFO”) is committed to using these new powers, with the Director of the SFO publicly expressing his desire to be the first agency to prosecute a company for the failure to prevent fraud offence[2].

Who is impacted by the Failure to Prevent Fraud Offence?
Large organisations defined in the Act as a corporate or partnership, which meets two or more of the following criteria[3]:

(i) has a turnover of more than £36 million;
(ii) has total assets of more than £18 million; or
(iii) has more than 250 employees.

Does the Failure to Prevent Fraud Offence apply to non-UK companies?
Yes, if the company is operating in the UK and meets the qualifying criteria above or an essential element of the offence has a nexus to the UK. For example, a US incorporated company operating in the US offering goods or services to the UK could be liable for the fraudulent actions of its US based employee if UK customers were impacted by the fraud.

Do companies benefit from any statutory protection?
Companies have the benefit of a statutory defence if they can demonstrate that at the time the fraud was committed, the company had reasonable prevention procedures, or it was not reasonable in all the circumstances to have been expected to have any prevention procedures[4]. Official guidance on reasonable procedures to prevent fraud will be published later this year, but we anticipate the reasonable procedures guidance to resemble the guidance published for failure to prevent bribery and failure to prevent tax evasion.

Corporate Criminal Liability

The corporate criminal liability doctrine in the UK has been broadened, putting companies at risk of prosecution if a senior manager acting within their scope of authority commits a “relevant offence”[5]. A relevant offence includes economic offences such as; false accounting, bribery, fraud, tax evasion, money laundering offences and Customs & Excise offences[6]. This list of offences is however already under review with the government looking to extend the list of economic offences to include all criminal offences[7].

Who is a senior manager?
A “senior manager” is purposely widely defined to include any individual who plays a significant role in the making of decisions of how the whole or a substantial part of the activities of the body corporate or partnership are to be managed or organised, or the actual managing or organising of the whole or a substantial part of those activities[8].

Who is impacted by the extension of the doctrine?
Companies and partnerships based in the UK, regardless of whether the senior manager commits the offence in the UK.

Does the doctrine apply to non-UK companies?
Yes, it includes companies incorporated outside the UK where there is a UK nexus or the offence committed by the senior manager has extra-territorial jurisdiction, but foreign companies operating overseas will not be liable for acts of a senior manager operating outside the UK simply because he is a UK citizen.

Do companies benefit from any statutory protection?
No, this is a strict liability offence, but much will depend on whether the person was a senior manager as defined by the Act and whether they have committed a relevant offence.

What to do next?

The revised corporate criminal liability doctrine and failure to prevent fraud offence are untested laws and companies should conduct impact risk assessments and take advice to determine how best to safeguard themselves.


[1] s.199 ECCTA 2023.
[2] SFO Strategy document for 2024 -2029.
[3] s.201 ECCTA 2023.
[4] s.199(4) ECCTA 2023.
[5] s.196 ECCTA 2023. In force as of 26 December 2023.
[6] Defined at s.196(2) ECCTA 2023 and Schedule 12 of the Act.
[7] Criminal Justice Bill 2023.
[8] s.196(4) ECCTA 2023.