National Security and Investment Act 2021 – an expansive approach to liability

Whilst it is anticipated that prosecutions under the National Security and Investment Act 2021 (‘the Act’) will be exceptionally rare, the criminal sanctions set out in it are explicitly framed to create a “sufficiently robust deterrent to ensure compliance.”[1] The provisions punish corporates and individual officers who connive or consent to commit an offence, as well as individual officers who are negligent (s.36). In addition, they are also extra-territorial (s.52), meaning that the scope of liability is particularly wide-ranging.

The National Security and Investment Act 2021 came into force in January this year. It contains provisions that allow the government to intervene in acquisitions that could harm the UK’s national security. Beyond that, it imposes mandatory requirements on those making qualifying acquisitions to notify the government in one of 17 defined sensitive areas of the economy.[2] These areas range from the obviously sensitive where businesses will be accustomed to dealing with, for example, export controls compliance  (e.g. Defence, Artificial Intelligence) to those which may encompass businesses which are not so accustomed (e.g. Transport, Communications).

Offences are committed by those who fail, without reasonable excuse:

• to complete a notifiable acquisition without approval (s.32);
• to comply with an order made under the Act (s.33); or
• to comply with an information notice or attendance notice made under the Act (s.34(1)(a));

or by those who:

• Intentionally or recklessly alter, suppress or destroy any information required by an information notice, or cause or permit its alteration, suppression or destruction (s.34(1)(b);
• Intentionally obstruct or delay the making of a copy of information provided in response to an information notice (s.34(2));
• Supply information that is false or misleading in a material respect to the Secretary of State (or to another person, knowing that the information is be used for the purpose of supplying information to the Secretary of State) in connection with any of the functions of the Secretary of State under the Act, that the person knows to be false or misleading in a material respect or is reckless as to whether this is the case (s.34(3) and (4)); or
• Make unauthorised use of certain information disclosed by the Secretary of state under the Act (s.35).

The provisions are enforced by a number of penalties, set out in the table below (from the Explanatory Note[3]).

Corporate and Individual Liability

In the UK, a corporation is recognised as a distinct legal entity that may be liable to offences if committed by individuals purporting to act in its name. Corporate liability may be established through the so-called “identification principle” which establishes that the acts and state of mind of those who represent the directing mind and will of the company can be imputed to the company itself. Under the identification principle, a company may be found guilty of any of the offences set out in ss.31-35 of the Act.

Section 36 of the Act expands the scope of the offences to provide for individual liability for officers of the company, where an offence is committed by a body (a body corporate, a partnership, or an unincorporated association other than a partnership[4]) defined as follows:

1. in relation to a body corporate,  a director, member of the committee of management, chief executive, manager, secretary or other similar officer of the body, or a person purporting to act in any such capacity,
2. in relation to a partnership, a partner or person purporting to act as a partner,
3. in relation to an unincorporated association other than a partnership, a person who is concerned in the management or control of the body or purports to act in the capacity of a person so concerned.[5]

Such persons will be guilty if an offence is committed with their consent, connivance or neglect, and liable to be prosecuted accordingly. Although there is a preceding requirement that an offence has been committed by a body, the section does not require the body itself to have been convicted, or even prosecuted, as long as it can be proved that the body committed the offence.

Provisions which create liability based on the “consent, connivance and neglect” of officers of an entity can be found in a number of statues, including, for example, the Bribery Act 2010, the Data Protection Act 2018 and the Health and Safety at Work Act 1974. They are intended to focus the minds of officers of the company: whilst a company may be fined, it cannot of course be imprisoned. The fear of the clang of the prison gate is seen as a more effective means of ensuring corporate compliance than a monetary penalty.

Under the Act, responsibility for ensuring compliance with the Act is spread across, not just directors, but also executive functions. Criminal prosecution could therefore follow for, for example, a manager, call her “Manager A” who has not herself engaged in any criminal act, or assented to it, or indeed been aware of it, as long as there is a causal link between such neglect and the commission of the offence (i.e. the offence has been committed by a body due to any neglect on the part of the officer).

Extra-territorial Jurisdiction  

In addition to the broad provisions relating to the mental element of the offence, the Act also provides  extra-territorial application. Continuing a trend towards extra-territoriality that can be found in the Serious Crime Act 2007, the Bribery Act 2010 and the Domestic Abuse Act 2020, section 52 of the Act gives UK prosecutors a global reach. It provides that the offences under ss.32-35 of the Act apply:

(a)  whether the offence is committed in the United Kingdom or elsewhere,

(b)  if the offence is committed by an individual, whatever the nationality of the individual committing the offence,

(c)  if the offence is committed otherwise than by an individual, regardless of whether the body corporate or unincorporated association is formed or recognised under the law of a country or territory outside the United Kingdom.

Returning to Manager A, therefore, she may be liable even if she is not aware of the criminal act of the corporate committed overseas by the body that employs her, and could face prosecution for this in the UK. Where Manager A is based overseas herself, it will be necessary for UK prosecutors to seek her extradition in order to commence a prosecution, however, such a step will not of course be necessary should she be UK based.

The effectiveness of deterrence

The new regime clearly provides some deterrent effect to bodies that might seek to avoid what could be a costly and long-winded process of engagement with the Secretary of State over an acquisition. Experience has shown, however, that an expansive approach to liability is only as effective as the bodies which enforce it. While the legislation purports to provide deterrence, the declaration that prosecutions will be “very rare indeed”[6], coupled with the continued underfunding of prosecutorial bodies may serve to give confidence to the hostile actors that the provisions of the Act seek to deter.

References

FURTHER INFORMATION

For further information on the issues raised in this blog post please contact a member of our criminal litigation team.

ABOUT THE AUTHOR

Rebecca Niblock is a partner in our criminal litigation team. She has significant experience in both domestic criminal litigation and extradition, having acted for defendants in a wide range of criminal matters from serious fraud, money laundering and corruption, to sexual offences and offences involving violence or drugs. Rebecca specialises in cases involving cross-jurisdictional elements. She has successfully defended a large number of persons requested by other states, both inside and outside the EU in extradition proceedings at all levels from the magistrates’ court to the Supreme Court. She also has experience in advising in sanctions cases, and in providing advice to those subject to Interpol red notices and mutual legal assistance requests.