Skip to main content

Global enforcement outlook

Corporate criminal liability

In recent years, governments all over the world have been introducing stricter or more expansive rules on corporate criminal liability, creating new enforcement agencies and implementing new methods of resolution, all of which is impacting investigations and compliance.

This trend will continue in 2021 and beyond, with Germany and the UK the jurisdictions to watch.


Germany is one of the few G20 countries where companies still cannot be held criminally liable (but may be subject to regulatory fines and the disgorgement of profits). However, in 2020, the government introduced a heavily debated draft bill (the so-called Corporate Sanctions Act) that, if it becomes law, will have a huge impact on companies doing business in Germany.

The bill introduces much higher fines and will significantly increase the number of investigations into corporate wrongdoing, as public prosecutors will have to initiate proceedings against any company suspected of committing a corporate offence.

According to the draft bill, a company can be sanctioned if a company-related offence has been committed by either:

  • a manager; or
  • an employee or a third party acting on behalf of the company and the company lacked appropriate compliance measures that would have either prevented the offence or made it considerably more difficult to commit.

The law will also lead to an increase in internal investigations (albeit conducted independently from any defence and to very high prosecutorial-like standards) and a greater focus on ensuring companies have state-of-the-art compliance management systems, given that both these factors, alongside co-operation with the authorities, may help reduce any fine considerably.

Further, the bill provides for a novelty in German law – the proposed ‘sanction on parole’ mechanism. Similar to deferred prosecution agreements (DPAs) used for example in the US, the UK and France (and being introduced in a number of other jurisdictions), the company may be released from its obligation to pay a criminal sanction if it does not reoffend within a certain period of time and complies with certain requirements.

The bill is facing legislative delays due to the pandemic and, once in force, will allow companies two years to review existing or implement new compliance processes. But companies are strongly advised to adapt their compliance management systems promptly as well as look at the guidance the draft bill provides on conducting internal investigations and co-operating with the authorities.  After all, even if the proposals are watered down, the trend in Germany towards holding companies liable for the criminal wrongdoing of its managers and employees seems irreversible.

Germany doesn’t have a central agency or federal body akin to the UK Serious Fraud Office or US Department of Justice with a remit for tackling complex corporate crime. Instead, there are some 140 public prosecutors. Some, like the Munich, Stuttgart, Hamburg or Cologne prosecutors, are already focused on corporate misconduct, and many are likely to become more active as and when the proposed Corporate Sanctions Act becomes law.

Norbert Nolte

For full details of the proposed Criminal Sanctions Act, read our briefing (PDF, 0.8MB).

The UK

There have been long-held concerns in some quarters in the UK that, relative to certain peer jurisdictions like the US, the current law does not provide a satisfactory framework for prosecuting companies for economic crimes.

In response, the UK has from time to time considered whether corporate criminal law reform should be made – with the Serious Fraud Office (SFO) being one of the strongest advocates. And so it is that the UK is once again considering reforming its law on corporate criminal liability. In particular, the review performed by the Law Commission will assess the suitability of the common law ‘identification doctrine’, under which a company can generally only be criminally liable for an offence if the offence can be attributed to someone who was the ‘directing mind and will’ of the company.

The ‘failure to prevent’ model in the Bribery Act, also adopted in the 2017 Criminal Finances Act, may be adopted to address some of the perceived issues with the ‘directing mind and will’ doctrine without having to reform it entirely. And offences such as those contained in the Pensions Schemes Act 2021 suggest there is an appetite to criminalise conduct that previously would be dealt with by other means.

There are strongly held views on both sides of the argument for reform, so it seems the debate on corporate criminal liability in the UK, both in terms of the form of liability and the range of potential offences, will continue until there is a significant shift in government priorities and improvement in economic conditions. Although there is no prospect of immediate reform, the fact that this is back on the agenda, with the UK government recently commissioning an expert review, is a meaningful development.

On the resolution side, November 2020 guidance from the SFO codifies the SFO’s approach to using DPAs. The SFO sets a high bar for what it expects both in terms of conduct to be considered for a DPA and the terms that any DPA would likely contain.

The challenge the SFO will face over the next handful of resolutions will be making DPAs onerous enough to satisfy public opinion but not too onerous, else companies might instead decide to contest a trial, where to date the SFO has had limited success.

In the UK, while there are still relatively few examples each year of corporate prosecutions or resolutions for serious economic crime, there is an argument that companies should, to an extent, be incentivised to agree a negotiated resolution, perhaps for example through the use of greater discounts on financial penalties.

Ben Morgan

Developments elsewhere

Australia is introducing new laws on foreign bribery (based on the ‘failure to prevent’ model found in the UK Bribery Act) and implementing a DPA scheme. In addition, the Australian Law Reform Commission has proposed expanding this model to other ‘international’ corporate offences, such as tax evasion and modern slavery.

Malaysia has introduced a ‘failure to prevent bribery’ offence, as well as guidelines on adequate procedures that can help companies understand what procedures they need to prevent corruption in their business activities.

China has proposed increasing penalties for certain commercial bribery and public disclosure offences. Restrictions on the cross-border transfer of personal information under the long-awaited draft Personal Information Protection Law are set to make it more difficult for companies to respond to investigations by foreign regulators and enforcement agencies.

Australia, Malaysia and China join an increasingly long list of countries (such as Italy, France, Canada, Singapore, Japan and Kenya) that, in recent times, have strengthened their corporate crime laws, methods of resolution or both. These efforts signal a more aggressive approach by legislators and regulators globally to tackling issues of corporate crime.

John Choong
Hong Kong

Countries with formal corporate criminal laws map graphic

Precautionary measures

With the risk of enforcement action against corporate criminality growing, it is vital that precautionary measures to prevent the commission of criminal acts are in place.

Many authorities, such as the US Department of Justice and the French anti-corruption agency, issue best-practice guides on how to introduce standards that either act as a defence to liability altogether or at least reduce potential fines by way of mitigation. This guidance, which in most cases overlaps significantly, should help companies to calibrate what prosecuting authorities expect in terms of effective compliance environments and, if things go wrong, what their expectations are in terms of co-operation, negotiating a resolution or conducting internal investigations. And with the remit of an increasing number of regulators now intersecting with the criminal law, the guidance published by regulators is relevant to managing not only regulatory but also various criminal risks.

Some enforcement agencies publish only very general guidance on what they expect from corporate compliance programmes. But even when very detailed guidance is available, companies still face the challenge of not only keeping track of developments in the various jurisdictions in which they operate, but also dealing with different requirements, identifying the strictest requirements applicable to their business and adapting their compliance regime accordingly. Unlike in other areas of law, there is no room for discretion when it comes to criminal liability, both for the individual and the corporation.

Katie Palms
Senior Associate,