Personally Accountable

Directors and managers face potential personal criminal liability for some offences - and whenever a director is held liable there are implications for brand reputation Tan Ikram provides a checklist

A company is often referred to as a separate legal entity, which simply means that in the eyes of the law it is separate or distinct from those persons who own or run it. Lifting the veil of incorporation means to ignore this fact and to make shareholders and directors responsible for the company's actions or liable for the company's debts. As this defeats the whole purpose of the company being a separate person it is only done very rarely and cautiously. The veil may be lifted:

- Where expressly provided for by statute
- Where the courts decide to do so under a common law doctrine.

It is increasingly common practice for statutes which impose criminal sanctions to provide that, if the offence in question is committed by a company, then any director, manager, secretary or similar officer who consented to, or connived at, the offence or who is negligently responsible for it, will himself/herself be guilty of a separate offence. The legislation on Health & Safety at Work and on environmental protection, as well as employment legislation and the employment Part (s.8) of the Asylum and Immigration Act 1996, contain several such provisions. As we shall see, newer legislation exposes directors to imprisonment, rather than financial penalties as has often been the case in the past.

Health and safety

The Health & Safety at Work Act 1974 sets out health and safety duties for companies, employees and senior management. It is also the principal piece of legislation under which certain other regulations can be made, for example the Management of Health & Safety at Work Regulations 1999.

The Health & Safety at Work Act 1974 creates certain main offences as follows.

An employer must ensure, so far as reasonably practicable, the health and safety of people at work and must ensure, so far as reasonably practicable, the health and safety of those not directly employed but who may be affected by their undertaking. If it has more than five employees, a company must:

- Produce a written health and safety policy
- Describe the arrangements for putting the policy into practice
- Revise the policy wherever appropriate
- Bring the policy to the attention of employees.

In addition, under the Management Regulations, employers must carry out a suitable and sufficient risk assessment, dealing with work-related risks faced by employees and others who might be affected by the company's activities.

The regulations state that effective arrangements must be in place for planning, controlling, organising, monitoring and reviewing the preventative and protective measures. Further, one or more competent persons must be appointed to implement the measures needed to comply with the law, and the employer must provide employees with full information and training on risks and protective measures.

The penalties for the main offences are a fine of £20,000 in the Magistrates' Court and unlimited fines in the Crown Court.

Personal liability

A director, company secretary or manager of a company can be held criminally responsible for health and safety offences by virtue of the Health & Safety at Work etc Act 1974. To be guilty, the company itself must be guilty of a health and safety offence, and that offence must have been committed with the consent or connivance of, or be attributable to neglect on the part of, a director or manager.

If a director is convicted of a breach of this provision he can be disqualified from being a director for up to two years under the Company Directors Disqualification Act 1986.

HSE enforcement

In February 2002 the Health & Safety Executive (HSE) published an enforcement policy statement. One of its objects is to investigate the conduct of directors and managers who fail in their responsibilities, and the HSE will therefore look, where appropriate, to prosecute directors of companies so as to hammer home the importance of health and safety legislation.

Guidance

The Health and Safety Commission has issued a guidance code dealing with directors' responsibilities for health and safety. There are five action points set out in this guidance document as follows.

- The board needs to accept formally and publicly its collective role in providing health and safety leadership in its organisation.
- Each member of the board needs to accept their individual role in providing health and safety leadership for their organisation.
- The board needs to ensure that all board decisions reflect its health and safety intentions as articulated in the health and safety policy statement.
- The board needs to recognise its role in engaging the active participation of workers in improving health and safety.
- The board needs to ensure that it is kept informed of, and is alert to, the relevant health and safety risk management issues. The Health and Safety Commission recommends that boards should appoint one of their number to be the health and safety director.

Naming and shaming

Since October 2000 the HSE has published a report, updated weekly, in which it names organisations and individuals convicted of offences under health and safety law. The HSE intends to continue to publish such a report, thereby increasing pressure for compliance with health and safety laws.

The Environment Agency has taken a similar approach to environmental offences, with some success. Consider the effect that this could have on your brand reputation in these days of social responsibility.

Environmental issues

As we have seen in relation to health and safety, certain Acts, as well as creating general duties which are enforced against companies, also provide that directors and managers can be convicted of offences if they are culpable.

The Environmental Protection Act 1990 is the principal piece of legislation dealing with the control of pollution by way of waste, contaminated land, statutory nuisances and clean air. It has also been amended to cover modified organisms.

The Act creates offences, both in respect of the avoidance of pollution and also of failing to comply with any improvement/prohibition notices, or misleading investigators. On conviction, a fine up to £20,000 or three months imprisonment is available and, on indictment to the Crown Court, two years imprisonment and an unlimited fine.

The Environmental Protection Act also provides that, where an offence under the Act has been committed by a corporate body and is then proved to have been committed with the consent or connivance of, or to have been attributable to neglect on the part of, any director, manager, secretary etc, that person is also guilty of the offence and liable to be proceeded against and punished accordingly. As in the field of health and safety, we anticipate that there will be a tendency to look at the responsibilities of directors and managers under environmental legislation, and decisions to prosecute them as individuals will follow.

The Water Resources Act 1991 forms the basis of authority to discharge into waterways subject to conditions imposed under licence and also includes provisions to prosecute breaches of those licences, or to prosecute those who pollute without authority. It creates offences for breach of its provisions by corporate entities and also creates personal liability for directors and managers.

Corporate manslaughter

Currently, companies can be held criminally responsible for manslaughter where it is possible to identify someone within the company who can be said to represent its 'mind and will'. If this person commits a crime in the course of their employment, that crime can then be attributed to the company as well, and it is possible to prosecute both the individual concerned and the company.

During the trial of P&O European Ferries after the Zeebrugge disaster, the trial judge found: 'Where a corporation through the controlling mind of one of its agents does an act which fulfils the prerequisites for the crime of manslaughter, it is properly indictable for the crime of manslaughter.'

The 'controlling mind' test can in some cases, be difficult to satisfy, so the Government has proposed reforms in a corporate manslaughter bill, creating offences of corporate killing and also new offences for individuals.

The reform is aimed only at the area of criminal law used to prosecute those who kill when they do not intend to cause death or serious injury, but where they have:

- committed a crime which was only intended to result in some minor injury but which unforeseeably led to death; or
- been extremely careless or negligent; or
- been reckless as to whether death or serious injury occurred.

RECKLESS KILLING

A person commits reckless killing if:

- his conduct causes the death of another
- he is aware of a risk that his conduct will cause death or serious injury and
- it is unreasonable for him to take that risk having regard to the circumstances as he knows or believes them to be.

KILLING BY GROSS CARELESSNESS

A person commits gross carelessness if:

- his conduct causes the death of another
- a risk that his conduct will cause death or serious injury would be obvious to a reasonable person in his position
- he is capable of appreciating that risk at the material time but did not in fact do so.

And, either his conduct falls far below what can reasonably be expected in the circumstances, or he intends by his conduct to cause some injury, or is aware of and unreasonably takes the risk that it may do so, and the conduct causing or intending to cause the injury constitutes an offence.

KILLING WHEN INTENTION WAS TO CAUSE ONLY MINOR INJURY

The proposed changes include a further category of offence to cover a situation where a person's conduct causes the death of another, and they intended, or were reckless as to whether, some injury was caused, and the conduct causing or intending to cause the injury constitutes an offence.

Sentences for these offences range from life imprisonment for reckless killing to 10 years' imprisonment for 'minor injury' type offences.

CORPORATE KILLING

A new draft Bill was announced in the Queen's speech in November 2004 with some details still unclear; it is understood that it will state that a company will be guilty of corporate killing if:

- a management failure by the corporation is the cause, or one of the causes, of a person's death
- that failure constitutes conduct falling far below what can be reasonably be expected of the corporation in the circumstances.

If a company is convicted of corporate killing it may be ordered by the court to remedy the failure in question. Failure to comply with such an order would result in prosecution with an unlimited fine in the Crown Court and a £20,000 fine in the Magistrates' Court.

In its earlier consultation document, the Government said that it was considering creating an additional offence, which would allow a director to be prosecuted if it could be shown that the director or senior manager had 'contributed to' or 'significantly contributed to' the offence committed by the company. There was the further suggestion of extending the provisions on director disqualification. However, in a letter to companies as part of its 'regulatory impact assessment', the Government stated that it no longer supported such reforms. This will come as considerable relief to those who opposed the radical extension of personal liabilities of directors.

In reality the Bill is unlikely to become law in this current session of parliament, and debate on reform may go on for years.

Data Protection Act 1998

It is a criminal offence to fail to register with the information commissioner when registration is required. This is a strict liability offence, in that it is no defence to prove that there was no guilty knowledge or intent.

It is also a criminal offence to fail to comply with the notification regulations.

Directors and other company officers can be prosecuted as well as their company if the company has committed an offence with their consent or connivance, or if the offence is attributable to their neglect. Directors also have a legal liability to keep their company's data safe and secure.

The Data Protection Act states that 'reasonable' measures need to be taken to prevent data loss or damage. In the case of an infection by a virus it might be considered to be a case of bad luck, but it might also be due to misuse or negligence.

This aspect of the Data Protection Act remains untested. No UK director has been charged for not keeping their company's data securely protected.

What constitutes 'reasonable' measures still has to be legally defined, but, on paper at least, companies (and their directors in particular) could be held liable.

Asylum and Immigration Act 1996

A very topical subject is the control of immigrants working in the UK.

Even here, directors ought to take care, as it is a criminal offence to employ a person aged 16 or over who is subject to immigration control, except if:

- that person has current and valid leave to be in the UK, which does not prevent him or her from taking the job in question
- the person comes into a category where employment is allowed (for example asylum-seekers who have been given permission to work and student nurses admitted under the terms of the Immigration Rules who may enter into contracts of employment without any additional permission being required).

Conviction potentially leads to a £5,000 fine, and any director, manager, secretary or similar officer of a company who consented to, connived at, or negligently allowed the offence to take place, will be guilty of the offence as well as the company.

An employer has a complete defence (unless he knows that the employee is an illegal immigrant) if he can show that a document appearing to relate to the employee and 'of a description specified in an order made by the Secretary of State' was produced to him before the employment began and was 'retained by the employer, or a copy or other record of it was made by the employer in a manner specified in the order in relation to documents of that description'.

Trade Descriptions Act 1968

This is enforced by local trading standards officers, who enjoy powers of seizure of goods and documents. It is a regulatory field that companies are likely to encounter if they sell or provide services to the public.

The offences are punishable with fines and/or imprisonment and include the following.

- In the course of a trade or business, applying a false or misleading trade description to goods, or supplying goods to which a false or misleading trade description is applied. This is an absolute offence, not dependent on proof of dishonesty or any other state of mind.
- Offering goods at a reduced price if the price from which it is said the goods on offer have been reduced (ie the previous selling price), is not a price at which the goods have been on offer to the public for a period of at least 28 days in the preceding six months.
- In the course of any trade or business, knowingly making a false statement or recklessly making a statement that is false as to various matters in connection with the provision, nature, etc, of any services, accommodation or facilities.

The Act does provide defences, all of which require a defendant to prove matters on the balance of probabilities. The most significant is that the commission of the offence was due to the act or default of another person and that the defendant took all reasonable precautions and exercised all due diligence to avoid the commission of such an offence.

The Trade Descriptions Act has been interpreted to include vicarious liability, so that where an offence is alleged, a company can 'recklessly' make a statement through the actions of a junior employee (not a 'directing mind'). However, importantly, the House of Lords decided in Tesco Supermarkets Ltd v Nattrass [1972] that where a company can show that it took all 'reasonable precautions and exercised all due diligence', including proper training and supervision, then, where an offending act is done by an employee who is not a 'directing mind' of the company, it can rely upon such defences where a junior employee will be 'another person'.

Company Act and insolvency

It is a criminal offence to conceal or destroy the company's property, books, records and the like within 12 months before insolvent liquidation (or up to five years if done with intent to defraud the creditors). The court may also order repayment, restitution, or the payment of compensation by the directors.

It is a criminal offence not to hand over property, books, etc, to the liquidator, or deliberately to make a false statement of affairs.

Fraudulent trading happens when a company carries on business at a time when there is, to the knowledge of the directors, no reasonable prospect of creditors ever receiving payment. This includes a situation where there are no good grounds for thinking that the company can pay its debts even if the directors think otherwise. The standard is objective. The signs of fraudulent trading are:

- large unexplained profits/losses
- actions and transactions by officers of the company when they know there are insufficient funds
- taking orders and deposits when they cannot be fulfilled
- playing one bank off with another - this is known as 'cross firing'
- large variations between balance sheets.

If convicted, the director or shadow directors have to make a contribution, without limit, from personal funds, as the court sees fit. This is to enable compensation and also to punish those concerned. Fines for this offence are limitless and imprisonment is possible for up to seven years.

Enterprise Act 2002

New laws now hold directors individually responsible for anti-competitive behaviour. For the first time, they face risk of imprisonment. Under the Enterprise Act, directors and employees face imprisonment if they dishonestly engage in price fixing, market sharing, limiting production or supply or bid-rigging. This offence carries a maximum sentence of five years imprisonment and/or an unlimited fine. There is also a new offence of falsifying, concealing or destroying documents if the person concerned knows or suspects they would be relevant and if he knows or suspects an investigation is being conducted or likely to be conducted.

Conflicts of interest

In relation to all the above offences, there will always be the potential for a conflict of interest between an individual and his company, and separate legal representation will often be appropriate to deal with raids and searches, or questioning and interviews by the authorities. Investigating authorities will often conduct dawn raids, trawling for evidence, and may arrest to undertake questioning. Ready access to specialist advisers will be essential.

Company law review

The Companies (Audit, Investigations and Community Enterprise) Bill received Royal Assent on 29 October 2004. Expected to come into force in April 2005, it includes:

- strengthening of the company investigations regime
- creation of new duties to give information to auditors/company investigators by directors and other employees
- new sanctions for non-compliance.

Further proposals in the new Company Reform Bill announced in the Queen's Speech include:

- abolition of the requirement for a company secretary in all private companies
- clarification on the role of directors.

Adding value

The Turnbull report suggested that legal risk should be addressed like any other business risk. This 'thinking ahead' approach is often forgotten in the mist of strategic planning. The specific risks which should be addressed include: 'All risks which are significant to the fulfilment of business objectives including ... legal, health, safety, environment, reputation and business probity issues'. In practice, this requires a three-pronged strategy at board level.

- Looking forward: identifying potential key legislation with criminal sanctions and lobbying/influencing decision makers as appropriate.
- The ongoing control and management of legal risks through audit and risk review processes and internal whistle blowing procedures.
- Corporate defence through the appointment of specialist advisers and introduction of 'dawn raid' procedures.

Risk management, however, should not merely be a compliance exercise, as lawyers might sometimes suggest. From a business perspective, it should be a means of adding value and gaining business advantage through good governance and internal control.

Having effective systems is key to good management, and should not be seen simply as a means of avoiding criminal sanctions.

- Tan Ikram is a partner, business investigations and governance, IBB Solicitors, Tel: 01895 230941, E-mail: tan.ikram@ibblaw.co.uk

The information contained in this article is based on the law as at December 2004.

Personally Accountable

Topics

Related articles

The changing face of corporate defence: Part 1

Virginia Tech awarded more than $960,000 risk grant

How risk managers can prepare for a supercharged hurricane season

The heat is on: climate change set to increase economic losses

Global tensions are rising, but risk perceptions are in the eye of the beholder

Movers and Shakers - Bloomberg, Saxo Bank, Evelyn Partners, Zurich, WTW, Gallagher

More ESG Risks

The unintended consequences of ‘green’ initiatives

Sector spotlight: how mining companies can manage growing ESG, regulation, and talent risks

Regulation watch: How to manage the risks created by the Supply Chain Due Diligence Act

Interview: how to become a modern risk manager

Technical briefing: risk management challenges in India

Financial services firms increasingly concerned about the risks of implementing disruptive tech, including AI