Global Enforcement Outlook: Europe’s evolving corporate criminal liability laws

Following the outlook on the US we now focus on developments in Europe, where legislators and authorities are increasingly active in the white collar space.

National corporate criminal liability developments

A number of criminal liability laws are simultaneously evolving at a national level. 

In Germany, the draft Corporate Sanctions Act, which sought to introduce corporate criminal liability, has not become law but remains on the horizon.

The new German government’s coalition agreement includes an expressly stated intention to revise existing corporate sanctions rules (including sanction amounts). The agreement also aims to improve legal certainty on companies’ compliance obligations and create a precise legal framework for internal investigations. Whether the current system will be overhauled, the draft Corporate Sanctions Act “revived”, or a completely new law proposed, remains to be seen.  

Other laws have been adopted that impact on investigations and enforcement risk, in particular the German Supply Chain Duty of Care Act, which provides for sanctions of up to 2 per cent of the annual corporate group’s global turnover, and the largely expanded criminal offence of money laundering adopting an “all-crimes approach”, meaning that every offence may constitute a predicate offence for money laundering.

France is currently discussing proposals to amend its corporate criminal law regime.

The proposed “Gauvain bill” would criminalise any failure to supervise that leads to offences by employees (which echoes the British concept of “failure to prevent”). Indeed, the Supreme Court recently held a holding company criminally liable for three employees’ bribery of a foreign public official.

The process regarding judicial public interest agreements (the French equivalent of deferred prosecution agreements) would also be extended to acts of favoritism and the maximum duration of compliance program monitoring extended to 5 years. An ad hoc representative or a special committee could act as representative during negotiations, or even conduct an internal investigation. Under the proposal, protections of  documents and information transmitted during the negotiation period of the settlement would be reinforced, the rights of the individual during an internal investigation strengthened, and suspects given access to files. However, it is important to note that the Bill will probably not be considered or taken forward before the French presidential and parliamentary elections.

Also noteworthy is the decision of the Criminal Division of the French Supreme Court of November 25, 2020 (n°18-86.955), which recognised the transfer of the criminal liability of an absorbed company to the absorbing company in the event of a merger, therefore reversing its case law. The same ruling also dealt with mergers designed to escape criminal proceedings.

The French anti-corruption agency (AFA) updated its guidelines on 4 December 2020 to help companies detect and prevent corruption, clarifying some issues and formalizing the way the AFA expects companies to address corruption risk. The recommendations take into account the case law, and they include guidelines on risk mapping, internal investigations into corruption and follow-up actions, such as formal reporting. The guidance also states that the governing body should be informed ‘when the suspicions appear to be sufficiently substantiated’, stating that the risk map should be updated, and stating that – if necessary – legal action and potential disciplinary action should be taken.

In Italy there have been persistent rumors that the law on companies’ quasi-criminal liability might be reviewed, in particular the statute of limitation regime and the list of offences that trigger liability would be limited in scope. However, there are no concrete proposals yet.

Italian law on company criminal liability was first introduced in 2001 and sets out that corporations can be quasi-criminally liable (and thus be subject, among others, to monetary sanctions, restrictive measures and seizure of profits) when certain offences have been committed by directors/representatives/employees/agents in their interest or to their benefit and no adequate compliance program has been previously adopted and/or effectively implemented.

With respect to compliance programs, in June 2021, the Italian Association of Enterprises (Confindustria) issued a revised set of guidelines on how to shape an adequate and effective compliance program, which can help companies to build a potential compliance defense in case of “criminal” prosecutions.

The UK government is considering further reforming its corporate criminal liability laws, making it easier to fix a company with liability in economic crime cases. Due to the applicable legal tests, it is currently significantly easier for an enforcement agency to prosecute a company for bribery and facilitation of tax evasion offences, as opposed to other offences such as fraud and money laundering.

However, this political football has been kicked around in the UK before, and there are strong views on both sides of the case for change, so it is unclear if and when changes will come. The current iteration of the debate sees the Law Commission analysing responses to the consultation it performed in 2021, aiming to publish information on options for reform in early 2022.

Although DPAs are available and increasingly used in the UK, companies needing to resolve problematic conduct will give serious thought to the alternatives of accepting a guilty plea, or even contesting a trial. That may be because the prosecutor is unwilling to offer a DPA in the particular circumstances of a case, but it may also be because a company might feel the ongoing, post-resolution terms that are becoming common in DPAs are unacceptably onerous.  That will always be a delicate and case specific judgment, and a DPA is not the right answer in all enforcement situations.

Recently two large companies have pleaded guilty to corruption and money-laundering offences with multi-million-pound fines. An energy services company pleaded guilty to failing to prevent senior managers of certain group companies from using agents to bribe officials to win oil contracts in the Middle East as a result of not maintaining effective internal controls. However, the fine was reduced at sentencing to reflect the company’s guilty plea and the company’s overhaul of its compliance procedures.

In December 2021, we saw the first criminal conviction and the first prosecution of a bank under the Money Laundering Regulations 2007: NatWest was fined £264m having pleaded guilty to failing appropriately to supervise a customer’s account. This is an example of the wider trend towards the criminalisation of systems and controls failures, and other forms of corporate negligence in the UK; see also most recently the new criminal offences in the UK Pensions Schemes Act 2021 which will impact corporate and distressed activity involving groups with UK defined benefit pension schemes.

Overall, we see many jurisdictions (thinking about) tightening their existing regulations, except for Italy which seems to look at limiting the – currently rather broad - scope of its law on quasi-criminal liability. It remains to be seen what will actually become law in the end, and when.

EU corporate criminal liability developments 

After more than 25 years of planning, preparation and numerous delays, on 1 June 2021 the European Public Prosecutor's Office (EPPO) started to work. The EPPO is the world's first supranational public prosecutor's office and is responsible for investigating offences affecting the European Union's financial interests, including fraud, corruption, money laundering and serious cross-border tax offences. It has already registered more than 1,700 crime reports from EU member states and private parties and opened 300 investigations with an estimated damage to the EU budget of almost €4.5bn.  

In December 2021, the EU commission adopted a proposal for a Directive on the protection of the environment through criminal law, which defines new environmental crimes, sets a minimum level for sanctions and aims to strengthen the effectiveness of law enforcement cooperation. This is certainly an area to watch also in Germany and in other jurisdictions.  

The fight against money laundering is still on top of the political agenda. In 2021, the EU Commission published its much-anticipated legislative AML package to, amongst other things, establish an EU single rulebook on AML/CFT and to create a new AML/CFT supervisory authority at EU level.

What can companies do about corporate criminal liability?

Companies should watch developments closely and try to anticipate and adapt to changing enforcement risks. Criminal liability laws are evolving quickly and prosecutors and regulators across Europe are focussing more on corporate misconduct in areas ranging from AML, to market misconduct, ABC, tax evasion, data privacy, ESG and others.

Effective compliance systems and precautionary measures are vital. Guidance issued by legislators, authorities and organisations can help companies understand expectations on compliance and internal investigations.

Similar trends are beginning to be evident across a range of jurisdictions so companies with multi-jurisdictional footprints might find that they can import learnings from one part of their organisation to another.

Most of all, people on the frontline must understand what is expected of them. To ensure clear and consistent compliance, some organisations may choose to enforce a common standard across their portfolio, rather than bespoke and fragmented local systems and controls.

This is the third in our 2022 Global Enforcement Outlook blog series, which will look at key enforcement and investigations trends over the next month. All other blogs in the series will be made available here.