Parent Company Influence Over Group Compliance Policies

Recent judgments by the UK Supreme Court[1] and an earlier English Court of Appeal decision[2] have greatly increased the prospect that parent companies, often multinational corporations (MNCs) with overseas subsidiary operations, will be liable in tort for harm caused by centrally-administered group compliance programs over which they exercise direction, supervision or control. Under these judgments, a parent company may be deemed to have assumed a duty of care to third parties, which could include its subsidiaries' employees or communities where its subsidiaries are operating (often in developing countries). These English cases create a tension between "top-down" efforts by MNCs to ensure effective compliance and their increasing vulnerability to global tort claims. This Insight assesses UK company governance obligations, the adoption of corporate compliance programs, and the degree to which this new case law affects those programs that have been implemented on a group-wide basis.

Corporate Governance and Compliance Programs

English company directors are obliged to protect shareholders' interests as a primary obligation under corporate governance law, whilst also ensuring the long-term success of the companies in which they serve. Under section 172 of the Companies Act 2006, the directors' good faith obligation to promote the success of the company requires them to have regard to the long-term consequences of their decisions, the interests of the company's employees, relationships with suppliers and with customers, and the impact of the decision on community and environment. They must also consider the desirability of maintaining a reputation for high standards of business. This emphasis on broad stakeholder and societal interests, taken with other applicable laws relating to employee health and safety, bribery, antitrust, and environmental liability, has led corporate boards to develop a wide range of compliance programs to prevent regulatory sanctions and reputational damage. 

Compliance programs are directed at all those employees operating within the company whose operational activities may expose the company to risk, and directors are exhorted by regulatory bodies to deliver these on a "top-down" basis to avoid a compliance program that operates at a theoretical level only.[3] A company's culture is seen as being dependent on senior executives and directors publicly expressing their support for and commitment to corporate compliance programs. 

Some regulatory frameworks, particularly the UK anti-bribery regime and competition law, strongly favor centrally-directed compliance programs. Under section 7(2) of the UK Bribery Act 2010, it is a full defense for an organization to prove that, despite a particular act of bribery, it had adequate procedures in place to prevent those associated with it from offering or paying bribes. The UK Ministry of Justice's Guidance sets out six principles for implementing adequate procedures to prevent bribery, one of which is the establishment of "top-level commitment" and a culture across the organization that bribery is unacceptable.[4] Similarly, in the field of UK competition law, the UK Competition and Markets Authority (UK CMA) has stressed the responsibilities of directors in ensuring effective compliance throughout organizations, with directors and senior management having overall responsibility for instilling a commitment to compliance.[5] UK CMA fining guidelines[6]specifically permit a penalty reduction of up to 10 percent for implementation of an effective compliance policy. The CMA guidelines state that directors must seek to ". . . achieve a clear and unambiguous commitment to competition law compliance throughout the undertaking (from the top down) . . . ." Moreover, UK courts have accepted the "single economic unit doctrine" in the context of national and EU competition law: where one shareholder has the ability, through its share ownership and contractual rights, to determine the commercial course of action of the company in which it has invested, they will form a single economic entity or "undertaking,"[7] with all corporate entities comprised within it being jointly and severally liable for any fines. This EU approach, which became part of UK law, has greatly enhanced group-wide exposure for competition law infringements and has induced parent companies to introduce group-wide competition compliance programs.

Piercing the Corporate Veil to Enforce Centralized Compliance Programs 

The doctrine of assumption of direct liability by a parent company can be contrasted with the "corporate veil piercing" theory. Veil piercing undermines the principle of separate corporate legal personality (which normally insulates shareholders from liability for wrongs committed by the corporation) by ceasing to distinguish a company as a legal person, separate from its shareholders. The grounds for piercing the corporate veil have been confined by the UK Supreme Court, in Prest v. Petrodel Resources Ltd.,[8] to a relatively limited number of circumstances; namely where a company is being used to evade a liability that has arisen, e.g., a director circumventing a duty of loyalty by trading through a separate company. The court also may look behind a company to its shareholders where a company is being used to conceal the identity of the real actor. Other circumstances in which the distinct legal personalities of a company and its shareholder may be ignored are where the shareholder and company enjoy a relationship of principal and agency or where the company has acquired funds or assets from the shareholder for no consideration, and they are subject to a resulting trust. These limited grounds for ignoring separate legal personality have been challenged in the context of group corporate compliance liability following the UK Court of Appeal judgment in Chandler v. Cape plc and the recent Supreme Court decisions in Lungowe v. Vedanta and Okpabi v. Royal Dutch Shell Plc.  

In the Chandler case, Cape plc (Cape), the parent company of Cape Products Limited (Cape Products), was held tortiously liable for a defective group safety policy by having created a direct duty of care to Mr. Chandler, an employee of Cape Products. Mr. Chandler had been employed at a site where asbestos was produced, and his exposure to asbestos and subsequent illness was a direct consequence of asbestos dust migrating into his work area. 

The Court of Appeal held that, by taking control over group safety, Cape had assumed a duty of care to those employees who were harmed by the faulty group safety policy. The Court of Appeal stressed that it was not engaged in piercing the corporate veil. Whilst Cape Products had its own works doctor, Cape appointed a group medical adviser who was responsible for the health and welfare of all Cape group companies. The basis for liability was the direct duty Cape had assumed to provide its subsidiary's employees with a safe "system of work." This assumption of liability had arisen because of the knowledge Cape had about the site at which Mr. Chandler was employed, its superior knowledge about the nature and management of asbestos risks, the knowledge it had (or should have had) both that the subsidiary's system of work  was unsafe and that the subsidiary or its employees would rely on the parent company using its superior knowledge for the employees' protection. Arden LJ (giving judgment for the Court) was prepared to consider the degree of intrusion in the subsidiary's activities beyond health and safety practices; the Court should have regard to the companies' wider relationship and interventions in downstream trading operations, including production and funding. 

In the 2019 case of Lungowe v. Vedanta, the UK Supreme Court (in addressing jurisdictional issues) held that it was arguable that the parent company was directly liable to third parties (farmers) injured by the tortious acts of its subsidiary (the release of toxic substances into the community in a region of Zambia). Relevant factors were that Vedanta had published a sustainability report that emphasized how the board of the parent company had oversight over its subsidiaries and was contractually obliged to provide various services to the tortfeasor subsidiary (KCM). Vedanta had provided health, safety, and environmental training across its group companies. It had also provided financial support to KCM, released various public statements emphasizing its commitment to address environmental risks and technical shortcomings in KCM's mining infrastructure, and exercised control over KCM.

In the 2021 Okpabi case, the UK Supreme Court accepted legal argument in proceedings relating to jurisdiction that Royal Dutch Shell (RDS) might owe a duty of care, in light of the following circumstances:

1. RDS taking over the management or joint management of the relevant pipeline activities of its subsidiary, Shell Petroleum Development Company of Nigeria Ltd (SPDC), a Nigerian registered company that operated Nigerian oil pipelines and ancillary infrastructure on behalf of an unincorporated joint venture in which SPDC had a 30% stake;
2. RDS providing defective advice and promulgating defective group-wide safety and environmental policies (which were implemented as of course by SPDC);
3. RDS promulgating group-wide safety and environmental policies and taking active steps to ensure their implementation by SPDC; and
4. RDS holding out that it exercised a particular degree of supervision and control of SPDC.

The English Court of Appeal had left open the possibility that Shell's system of centralized control might be depicted as being simply "as one might expect of best practices that are shared across a business operating internationally."[9] The Supreme Court interpreted the facts differently and overturned the lower court's judgment. 

Many companies have sustainability programs and reports that suggest they do exert centrally-directed control of this type, and the UK Supreme Court was willing to consider board reports, operational practices, and other internal company data to evaluate this potential liability. This doctrine may also have a wider jurisprudential footprint. In the Vedanta case, it was acknowledged that this rule of direct liability was probably applicable in Zambia and the same conclusion was reached with respect to Nigerian law in Okpabi. UK Supreme Court judgments are also persuasive authority in a number of common law jurisdictions.

Perspectives on the Impact of Veranda and Okpabi

In light of recent cases, a parent company may need to balance its responsibilities to stakeholders with the threat of direct tortious claims, by reviewing where the compliance oversight function might best be located within the group and the degree of group uniformity imposed. This necessitates a careful assessment of the risks posed by particular statutory regimes for failure to oversee subsidiaries' compliance programs, weighed against the threat of direct parent tort liability. 

In practice, bribery and other forms of corruption can spread throughout a group of companies, irrespective of where the wrongdoing occurred initially. A foreign subsidiary may be deemed to perform services on behalf of the parent, thereby enmeshing the latter in liability for a corrupt practice,[10] unless the parent company can avail itself of a defense by demonstrating that it had in place adequate procedures to prevent the subsidiary's misconduct under section 7(2) of the Bribery Act. A parent company may therefore wish to play an active role in the creation and implementation of an effective group anti-bribery compliance program. A stronger degree of control or direction also may be required to ensure full compliance with competition law, where any violation by a group company could expose the entire group to the risk of significant fines, calculated by reference to group global sales. Reputational concerns may also be a significant factor in designing the relevant compliance program.

In contrast, parent companies might pursue a less prescriptive and more devolved compliance approach with respect to other areas of potential liability, such as environmental matters. UK headquartered MNCs will need to assess very carefully the degree of control they exert with respect to each group compliance program (together with any associated involvement in downstream group operations), in light of these court rulings.

About the Authors: Paul Hughes is Of Counsel in the Brussels office of Steptoe & Johnson LLP, where his practice focuses on competition law and data protection, with an emphasis on regulatory compliance and enforcement issues.

Alex Melia, Partner in Steptoe's London office, focuses her practice on international financial crime compliance, investigations, and enforcement defense related to the UK Bribery Act, other countries' anti-corruption laws, UK sanctions and export controls and anti-money laundering legislation.