Despite what we see in the media, most businesses do not set out to deliberately break the law. Exceptions usually fall into two categories — self-styled “disrupters” (think Uber and the taxi laws) and gamers who shave expensive compliance costs from the front end and gamble either that no harm will result or that the short-term gains will outweigh the costs of detection and punishment down the track.
But legitimate businesses — including large and well-established businesses with vast compliance systems and budgets — do break the law dispiritingly often. Explanations range from poor regulatory design and lax enforcement, through individual or corporate greed and hubris, to what the 2003 Canadian documentary, The Corporation, characterised as the inherent psychopathy of the business corporation. Wherever we sit along that spectrum, solutions to the problem of corporate lawlessness can seem elusive.
The latest assault on the problem is the Australian Law Reform Commission (ALRC) inquiry into corporate criminal responsibility. The inquiry was called by Attorney-General Christian Porter in April 2019; its Discussion Paper 87 was released in November 2019; and the final report to government is due on 30 April 2020. The ALRC review is the latest of numerous reviews on aspects of corporate behaviour and regulation conducted in the past three decades, including the ASIC Enforcement Review Taskforce in 2017 and the Royal Commission into misconduct in the Banking, Superannuation and Financial Services Industry in 2019.
The ALRC’s specific focus is on how Commonwealth criminal laws deal with corporate misconduct and the ways in which they might be altered to create more effective deterrence and appropriate accountability.
As part of its preliminary work, the ARLC reviewed 25 Commonwealth statutes directed squarely at business conduct, ranging from the Agricultural and Veterinary Chemicals (Administration) Act 1992 (Cth) to the Work Health and Safety Act 2011 (Cth). These include the banking, corporations, consumer and competition, environmental, and tax laws. Across those statutes, it identified 2898 criminal offences as potentially applicable to corporations, of which almost 80 per cent attract substantial penalties.
The ALRC inquiry addresses a range of conceptual challenges that arise when we subject an artificial, rather than natural, legal person to the criminal law. Traditionally concerned with both conduct and motive, criminal law imposes liability only where both are present in the same person. It exerts its coercive pressure on the body (deprivation of life or liberty) and soul (ostracism and shame) of the defendant, not just their hip pocket. These challenges inform the ARLC terms of reference, which include examining the optimal relationship between civil and criminal forms of corporate regulation, sentencing principles, and individual liability for corporate conduct.
The terms of reference also require the ALRC to revisit the thorny problem of “attribution”. This answers the legal question of when and how the wrongful acts or omissions of individuals or teams acting within or for the corporation should be treated as criminal acts or omissions of the corporation itself.
As the ALRC observes: “There are currently multiple methods of attributing criminal and civil liability to a corporation. Part 2.5 of the [Commonwealth] Criminal Code attempted to provide a single innovative and comprehensive method, however, the evidence… demonstrates a preference for alternative statutory methods.” In fact, across the 25 statutes reviewed by the ALRC, 16 expressly exclude the corporate criminal responsibility regime adopted in 1995 in Part 2.5 of the Criminal Code and instead adopt a different methodology.
For more than 85 per cent of offences likely to be committed by a corporation, attribution of liability is based on a methodology described by the ALRC as the TPA — Trade Practices Act 1974 (Cth) — model. The model is a form of direct — rather than vicarious — liability that deems the conduct and state of mind of certain individuals to be the conduct and state of mind of the corporation. These individuals may include directors, officers and agents and those acting at their direction.
The TPA model predominates in Commonwealth law, but there is not one statutory approach. Within the model, the ALRC found “Attribution varies slightly from statute to statute and there is inconsistency as to whether a due diligence defence applies.” It operates in addition to, rather than instead of, the common law method of attribution, which is different again.
“There are currently multiple methods of attributing criminal and civil liability to a corporation.” Australian Law Reform Commission inquiry
Alternative methods of attribution lead to uncertainty as to the circumstances in which a corporation is liable. Where conduct is caught by multiple legislative regimes, there is a risk of different liability for the same conduct. The ALRC points to the example of extended warranties, which may be subject to the financial services, corporations and consumer statutes. The ALRC says that: “Though each of these statutes contain similar attribution methods, the provisions are not identical and circumstances are conceivable whereby the attribution method might result in corporate liability under one Act, but not another.”
To address the problem, the ARLC proposes there “should be a single method for attributing criminal (and civil) liability to a corporation for the contravention of Commonwealth laws, pursuant to which the conduct and state of mind of persons (individual or corporate) acting on behalf of the corporation is attributable to the corporation, and a due diligence defence is available to the corporation”.
The ALRC proposal parts company with the United Kingdom, Canada and New Zealand, which have recently favoured a model of corporate liability known as “failure to prevent”. This model creates a separate offence under which a corporation is liable if certain specified offences (including bribery and tax evasion) are committed by a natural person who is relevantly connected to the corporation, and the corporation failed to exercise due diligence or to take reasonable measures to prevent the offence. Failure to prevent is not an attribution method — it is a standalone offence.
The ALRC rejected this approach, arguing: “Being convicted of a failure to prevent offence imposes a lower level of culpability than being directly responsible for the offence, because attribution means the corporation itself is criminally responsible for the offence, not just for failing to prevent someone else committing it.” Another significant difference between the two approaches is that the ARLC model would apply to all Commonwealth criminal offences, not just those to which it is selectively applied.
It is tempting to view the ALRC inquiry as a lawyers’ picnic, but it is important for business. Attribution is at the foundation of corporate criminal liability; the fact that something so fundamental is not addressed coherently points to broader problems with the state of Australian business law. The ALRC’s thoughtful examination of the issue is welcome. However, extending attribution, and therefore the potential for corporate criminal liability with all that entails for shareholders, beyond that of our peer economies needs careful consideration.