The UK Compliance Time Bomb: Why Dishonesty Laws and the Crime Bill are about to shake up Boardrooms

Executive Summary:  

• Recent developments in English criminal law have significantly heightened corporate and individual liability risks, particularly for senior managers.
• The Supreme Court's 2017 decision in Ivey v Genting Casinos, upheld in criminal cases by R v Barton and Booth (2020), redefined dishonesty from a subjective two-stage test under R v Ghosh (1982) to an objective standard. Juries now assess conduct solely on the standards of ordinary decent people, given the defendant's knowledge of the facts, eliminating defences rooted in personal beliefs, industry norms, or commercial pressures. This shift is central to fraud offences under the Fraud Act 2006 and to conspiracy to defraud, making it harder to justify aggressive practices such as misleading accounting or risk concealment.
• Compounding this, the Economic Crime and Corporate Transparency Act 2023 (ECCTA) has replaced the narrow "directing mind and will" doctrine with broader attribution rules for economic crimes: corporations are liable if a "senior manager" (defined by influence, not title) commits an offence within their authority. ECCTA also introduces a strict liability failure-to-prevent-fraud offence for large organisations lacking reasonable prevention procedures.
• And as a further enhancement to risk, the forthcoming Crime and Policing Bill (expected 2026) will extend this senior manager attribution to ALL criminal offences, potentially encompassing environmental breaches, data protection violations, health and safety failures, competition issues, modern slavery, and harassment. Without a general "reasonable procedures" defence (though mitigation is possible), companies face prosecution for senior-level misconduct, even if it is rationalised internally as a strategic necessity.
• The interplay of objective dishonesty and expanded attribution creates a "compliance time bomb," amplifying risks through easier prosecutorial pathways, reduced moral relativism, and a multiplier effect on personal, corporate, reputational, and regulatory exposures.
• Examples include a finance director approving inflated accounts or an operations executive breaching environmental laws.
• To mitigate, organisations should
• Strengthen their cultures, policies, and oversight to align decisions with objective societal standards and
• Document principled restraint in internal records.

LONG READ

INTRODUCTION

• The definition of dishonesty in English criminal law has evolved in recent years.
• At the same time, the rules governing when a company is criminally liable for the actions of its senior people are being rewritten by the Crime and Policing Bill.
• These two developments are unfolding against a backdrop of growing prosecutorial appetite for individual accountability in corporate crime.
• Taken together, these developments matter far more to compliance officers and senior managers than they might initially appear to.
• The redefinition of dishonesty as an objective lowers the conceptual threshold for criminal liability.

• And extending that liability directly into boardrooms is:-
• THE ECONOMIC CRIME AND CORPORATE TRANSPARENCY ACT 2023 (ECCTA) AND
• THE FORTHCOMING CRIME AND POLICING BILL

CRIMINAL  STANDARDS OVER THE YEARS

Two-stage test in R v Ghosh.

• For 35 years, the criminal law on dishonesty was governed by the two-stage test in R v Ghosh.
• Juries were asked
• First, whether the conduct was dishonest by the standards of ordinary, reasonable people.
• If it was, they then had to consider whether the defendant realised that ordinary, reasonable people would regard it as dishonest.
• That second limb introduced a subjective safeguard.
• It allowed defendants to argue that
• They did not appreciate that their conduct crossed a moral line.
• In commercial contexts, this sometimes translates into arguments about industry norms, market practice, or the internal culture of a sector.

Ivey v Genting Casinos dismantled R v Ghosh.

• The Supreme Court’s decision in Ivey v Genting Casinos dismantled R v Ghosh.
• Although technically a civil case about cheating at baccarat, the court reformulated the test for dishonesty in unequivocal terms.
• Two limbs are not:-
• The court must first determine the defendant’s actual knowledge or belief as to the facts.
• They must then apply the standards of ordinary decent people to those facts.
• Importantly,
• There is no requirement that the defendant appreciated that their conduct was dishonest by those standards.

Ivey governs criminal cases - In 2020, the Court of Appeal in R v Barton and Booth.

• In 2020, the Court of Appeal in R v Barton and Booth confirmed that Ivey governs criminal cases.
• Ghosh is no longer the law.
• To prove dishonesty today, t
• The jury must still consider the defendant’s knowledge or belief about the facts,
• But once those facts are established, dishonesty is judged purely by the objective standards of ordinary decent people.
• Whether the defendant personally appreciated that their conduct was dishonest is no longer relevant.

The laws - Dishonesty in corporate crime

• Dishonesty sits
• At the heart of fraud offences under the Fraud Act 2006 and
• At the centre of the common law offence of conspiracy to defraud.
• These offences are often used in complex commercial cases, particularly where statutory frameworks do not neatly capture the wrongdoing.
• Under the post-Ivey test,
• A senior executive who knowingly signs off on misleading accounts, structures a transaction to conceal risk, or
• Approves aggressive revenue recognition, cannot defend themselves by pointing to competitive pressure or industry practice.
• If the jury concludes that ordinary decent people would regard the conduct as dishonest, that is enough.
• In some corporate environments, where wrongdoing is frequently framed as “strategy” or “market necessity”, the removal of the subjective limb narrows the space for moral relativism and increases the risk of liability.

The next shift: corporate attribution under ECCTA

• The redefinition of dishonesty would be significant in its own right, but it becomes more potent when combined with the structural changes introduced by ECCTA.
• Before ECCTA, prosecutors had to prove that the “directing mind and will” of a company committed the offence.
• In large organisations, this was notoriously difficult as decision-making is diffuse and accountability often becomes diluted.
• ECCTA replaces that restrictive doctrine for a wide range of economic crimes.
• If a “senior manager” commits a listed offence within the actual or apparent scope of their authority, the corporation is liable.
• The definition of a senior manager focuses on influence and decision-making, not job title.
• ECCTA also introduced a new failure-to-prevent-fraud offence. Large organisations can now be strictly liable if an associated person commits fraud, intending to benefit the organisation, and reasonable prevention procedures were not in place.

The Crime and Policing Bill: a broader horizon

• The Crime and Policing Bill, expected to pass in 2026, goes further.
• The bill is likely to extend the senior manager attribution test beyond economic crime to all criminal offences
• If enacted in its current form, this would mean that when a senior manager commits any offence within the scope of their authority, the organisation is deemed guilty of that offence as well.
• This could have profound implications for compliance, as
• Environmental offences,
• Data protection breaches,
• Competition violations,
• Health and safety failings,
• Modern slavery offences, and
• Even certain forms of harassment
• All the above could expose the company to prosecution if committed by a senior manager acting within their remit.
• There is no general “reasonable procedures” defence for the attribution rule itself.
• The existence of policies and training may mitigate the sentence.
• It does not necessarily prevent liability.
• What makes this expansion a potential time bomb is how the Crime and Policing Bill could interact with the modern test for dishonesty.
• When corporate liability can be fixed through the conduct of a senior manager acting within scope, and dishonesty is judged by objective societal standards rather than the individual’s own view of their conduct, it becomes much harder to rely on internal justifications to defend questionable decisions.
• Explanations that something was commercially necessary, aligned with market practice, or approved at a senior level do not answer the legal question.
• The court will not ask whether the board thought the conduct was acceptable. It will ask whether ordinary decent people would regard it as dishonest on the facts as the defendant understood them.

The compliance time bomb: where dishonesty and attribution meet

• Consider a senior finance director deliberately signs off on accounting practices that make the company’s financial results look more stable or stronger than they really are, especially just before telling the market important information. Under the modern dishonesty test, the question would not be whether the director thought this was “normal practice.”
• It would be whether ordinary decent people would consider approving such treatment dishonest, given what the director knew about the true financial position.
• Under the Ivey test,
• If ordinary, decent people would consider it dishonest, the director faces personal exposure.
• Under ECCTA,
• The company may also be criminally liable if the offence falls within the listed economic crimes.
• If the proposed expansion under the Crime and Policing Bill comes into force,
• The attribution principle would extend beyond economic crime.
• That means the same logic would apply even if the misconduct were charged under a different criminal framework, such as misleading statements under financial services legislation or other regulatory offences.
• The company could be deemed guilty simply because a senior manager committed the offence within their actual or apparent authority. In practice, this removes much of the protective distance that once separated individual misconduct from corporate criminal liability.

The Crime and Policing Bill would extend that risk to non-financial crimes.

• A senior operations executive knowingly permits waste-disposal practices that breach environmental law to reduce costs.
• The conduct may be rationalised internally as operational pragmatism.
• If it involves dishonesty or a reckless breach of statutory duties, the organisation could face prosecution based solely on the executive’s role. T
• hat is, if the offence is not already a strict liability offence.
• Or imagine a senior IT leader authorising intrusive data scraping from a competitor’s platform, aware that it likely breaches computer misuse legislation.
• Even if framed as competitive intelligence, the objective standard applies.
• Would ordinary decent people regard it as dishonest?
• If so, the individual faces criminal exposure.
• Under the expanded attribution test, so does the company.

The financial crime risk multiplier

• The removal of the subjective dishonesty limb places greater emphasis on how decisions are actually made.
• Prosecutors and juries will look at emails, incentive structures, board minutes, and internal messaging.
• They will ask whether the culture encouraged aggressive boundary pushing or principled restraint.
• This increases financial crime risk in three distinct ways.
• First, the objective dishonesty test removes a potential line of defence. Industry norms no longer provide meaningful protection if the conduct is objectively dishonest.
• Second, corporate attribution is easier. Under ECCTA, prosecutors no longer need to identify the company's singular directing mind. A senior manager’s conduct may suffice.
• Third, the Bill increases the likelihood that misconduct at the senior level will result in corporate prosecution, which, in turn, increases scrutiny and potential exposure for individuals under existing offences.
• The combination of these elements creates a multiplier effect.

• A dishonest decision by a senior manager can now generate personal criminal exposure, corporate prosecution, reputational damage, and potentially regulatory consequences. Firms need to have a strong plan in place to mitigate these growing risks.

Conclusion

• The interplay of objective dishonesty and expanded attribution creates a "compliance time bomb," amplifying risks through easier prosecutorial pathways, reduced moral relativism, and a multiplier effect on personal, corporate, reputational, and regulatory exposures.
• Examples include a finance director approving inflated accounts or an operations executive breaching environmental laws.
• To mitigate, organisations must strengthen cultures, policies, and oversight to align decisions with objective societal standards, emphasising evidence of principled restraint in internal records.

Source

• https://tinyurl.com/492xujee