“Too big to fail and too big to jail?” Are some corporations’ untouchable to the UK regulators?

Posted on
Building close up

Blog by Amber Egan, UWE Bristol Law alumni

Public trust in business has been tarnished by the disclosure of fraudulent, dishonest and harmful activity by banks and corporations, such as the fall of Arthur Andersen and Libor Scandal.[1] The extent of corporate crime was brought to light during the 2007-2008 financial crisis, there was vast illegal conduct of many financial institutions who were then bailed out by the taxpayer. This was the turning point for the regulators and governments, it highlighted that tighter controls and sanctions were needed for corporations.

For corporations to be held accountable the prosecution had to prove that a person had “the directing mind and will of the company,” which is known as the identification doctrine.[2] This doctrine failed at many hurdles, including ignoring the complexity of modern corporations, the inequality between different sized corporations and individuals, but also, a lack of evidence for prosecution. Due to such ambiguity surrounding responsibility in larger complex corporations, it may be impossible to show ‘a controlling mind and will’. The identification doctrine can cause inequality between how ‘the untouchable executives’ and the ‘low-hanging fruit’ are treated, lower-level employees can be easy scapegoats for large corporations.[3] Following the Libor scandal, several low-level traders were prosecuted such as UBS trader Tom Hayes[4] whereas UBS could not be held criminally liable due to difficulty in fulfilling the requirements of the doctrine.

To try and address the issues with the identification doctrine, the UK introduced a series of statutes using the failure-to-prevent module to strengthen the approach to corporate economic crime. The new module was employed in both The Bribery Act 2010 and The Criminal Finances Act 2017, the offences can be classed as strict liability as the only defence available to corporations is a due-diligence defence, where the corporation can prove that ‘adequate procedures’ were in place to prevent such conduct making prosecution straight forward.[5]  The results from charges brought by the Serious Fraud Office (SFO) are disappointing, the failure-to-prevent bribery offence[6]has only had two convictions since the introduction in 2010. The regulators have mainly employed DPAs as punishment instead of pushing for conviction. Unfortunately, the enforcement strategy is often determined by the size and the importance of the corporation, there has only been two convictions using the failure-to-prevent module, both being SMEs.[7] The regulators and even the judges fear prosecuting corporations that are ‘too big to fail’ and as a result it can be argued they alter the rules to fit the corporation making them ‘too big to jail.’

The SFO is not the only regulator in the UK with power, the Financial Conduct Authority (FCA) can take action such as suspending or withdrawing a firm’s authorisation, issuing civil fines, injunctions, restitution orders and insolvency orders, however breaches rarely amount to anything but fines.[8] The FCA has the power under the Money Laundering Regulations 2017[9] to criminally prosecute a person or organisation it suspects of not putting in place sufficient safeguards against money laundering. The FCA has not brought a single criminal prosecution against a firm or individual for breaching its new Regulations which came into effect in 2017.[10]

The UK introduced DPAs in 2013,[11] the driving force for legislating DPA’s is the difficulty in achieving successful prosecutions of corporate offenders, however they have had limited application. They often include provisions for corporations to pay large fines, along with improving their conduct and governance through an external monitor. The aim is to foster cooperation between corporations and regulators by encouraging self-reporting in aid of leniency.[12]  Even though DPAs are available to be used by all enforcement agencies, so far they have only been used by the SFO for nine agreements and have largely been for bribery offences.[13] Whereas since 2013, the US has entered into 280 DPAs for numerous financial crimes. [14] Some positives of DPAs are that funds and resources are saved by avoiding a lengthy court trial especially where a corporation self-reports and it limits the uncertainty of a trial. One of the weaknesses with a DPAs is inconsistency between large and SMEs. SMEs often commit much less severe crimes, but as they do not pose a risk to the economy when they go bankrupt, a prosecution can pushed for. Another weakness is the deterrence given with a DPA, HSBC is a repeat offender when it comes to financial crime so there is a risk of financial penalties from DPAs becoming “a cost of doing business, lessening the impact and the effectiveness of DPAs.”[15]

The regulators principal argument for the move towards DPA’s is the risk of the collateral consequences caused by a prosecution.[16] When a corporation is convicted it would bring collateral consequences on potentially innocent employees and shareholders, along with possible catastrophic effects for the industry, the stock market and the knock-on effects for the wider community.

For example, HSBC being a systematically important institution meant that it was untouchable by regulators, the fear of the damage to the global economy was far greater than the need for prosecution in the UK and US. As a result, they were offered a DPA and controversially kept their banking licence. Many corporations have essential government contracts so prosecutors are careful to avoid penalties leading to automatic debarments that would affect government operations where government contracts are essential the collateral consequences would be severe, such as military contracts.[17]

Prosecutors seeking to deter corporate crime should adjust their strategies to focus more on charging culpable individuals, as there has been very little prosecution activity for individuals also. However, prosecution is only a benefit if the correct individuals are being identified, as discussed above, lower-level employees are made scapegoats by senior executives.

Does the Senior Managers Certificate Regimer light at the end of the tunnel?

The SMCR aims to encourage a culture of staff at all levels taking personal responsibility for their actions and making sure staff clearly demonstrate where responsibility lies.[18] This makes the issue of identification much easier as responsibilities of senior managers will be clearly set out and, should something in their area of responsibility go wrong, they can be personally held accountable. For the senior managers regime, firms must provide documentation to the FCA to show responsibilities of senior managers and their suitability for their jobs.[19]

The certification regime is for those that are not senior managers but ‘whose role means it’s possible for them to cause significant harm to the firm or customers’.[20] A firm should not permit an employee to carry out certain functions unless it has issued them with a certificate to say that they are fit and proper for the specific function.

The FCA has extensive powers allowing them to issue penalties, custodial sentences and prohibitions[21] for breaches of the SMCR including breaches of the Code of Conduct[22] and breaches of The Fit and Proper rules,[23] set out in the FCA handbook.[24] However, as seen before just because the FCA has the power to impose custodial sentences does not mean they will, the FCA has only imposed fines under the SMCR as yet.


[1] Ministry of Justice Corporate Liability for Economic Crime Call for Evidence (Ministry of Justice: London, 2017) p3

[2] Tesco Supermarkets LTD v Nattrass [1972] AC 153

[3] Nick Werle, ‘Prosecuting Corporate Crime When Firms Are Too Big to Jail: Investigation, Deterrence, and Judicial Review’ (2019) 128 Yale L J 1366, p1412

[4] R v Tom Alexander William Hayes [2015] EWCA Crim 1944.

[5] A Ashworth, ‘A new generation of omissions offences?’ (2018) 5 Crim. L.R. 354 p.4.

[6] The Bribery Act 2010 s7.

[7] There have been two convictions under s7 of the Bribery Act 2010 for failing to prevent bribery, while under s45 and s46 of the Criminal Finances Act 2017 there has been no convictions to date. The government is unable even to specify the number of companies who fail to file tax returns or the amount of penalties collected for late filing.<https://leftfootforward.org/2021/04/our-watchdogs-are-toothless/ > accessed 29th April 2021

[8] The Financial Conduct Authority ‘Enforcement’ (FCA,2016) <https://www.fca.org.uk/about/enforcement> accessed 29th June 2020

[9] This replaced the Money Laundering Regulations 2007

[10] Rozi Jones ‘FCA yet to prosecute under 2017 money laundering rules’ (Financial Reporter, January 2020) <https://www.financialreporter.co.uk/regulation/fca-yet-to-prosecute-under-2017-money-laundering-rules.html#:~:text=For%20over%20two%20years%20the,up%20to%20two%20years’%20imprisonment.> accessed 5th August 2020

[11] Crime and Courts Act 2013 s45 Schedule 17

[12] F Mazzacuva, ‘Justifications and purposes of negotiated justice for corporate offenders: deferred and non-prosecution agreements in the UK and US systems of criminal justice’ (2014) 78 J. Crim. L. 249

[13] SFO have come to nine agreements since the introduction of DPAs in 2013.

[14] Gibson Dunn, ‘2019 Year-end update on corporate non-prosecution agreement and deferred prosecution agreements’ (Jan 2020) <https://www.gibsondunn.com/2019-year-end-npa-dpa-update/> accessed 4th August 2020

[15] Editorial, “Too Big to Indict”, New York Times, 12 December 2012, quoted in Reilly, “Justice Deferred is Justice Denied” (2015) Brigham Young University Law Review 101, 103.

[16] Nick Werle, ‘Prosecuting Corporate Crime When Firms Are Too Big to Jail: Investigation, Deterrence, and Judicial Review’ (2019) 128 Yale L J 1366, p1378

[17] For example, Rolls Royce, Airbus and G4S all have government contracts.

[18] Press Release, ‘FCA outlines proposals to extend the Senior Managers and Certification Regime to all financial services firms’ (FCA, July 2017) <https://www.fca.org.uk/news/press-releases/fca-outlines-proposals-extend-senior-managers-certification-regime-all-firms> accessed 8th April 2020

[19] Financial Services (Banking Reform) Act 2013 Part 4 s29

[20] O Jackson, ‘Primer: the senior Managers certification regime’ (2018) International Financial Review 1

[21] Lexis PSL ‘FCA and PRA investigations, enforcement and discipline overview’ (Lexis Nexis, 2020) <https://www.lexisnexis.com/uk/lexispsl/corporatecrime/document/393813/583N-GY51-F18F-M1K2-00000-00/FCA-and-PRA-investigations,-enforcement-and-discipline—overview> accessed 29th April 2020.

[22] Referred to as COCON

[23] Referred to as FIT

[24] Examples of penalties include J Staley CEO of Barclays for breaching COCON 2.1.2 fined £321,200 by the FCA, Guillaume Adolph a former Deutsche trader for breaches of Principle 5 and FIT fined £180,000 and a prohibition by the FCA. See Financial Conduct Authority ‘Fines 2018’ (FCA,2020) <https://www.fca.org.uk/news/news-stories/2018-fines> accessed 29th April 2020.