Sydney Law Review
Three Recent Royal Commissions: The Failure to Prevent Harms and Attributions of Organisational Liability
There is increasing international recognition of the widespread harms caused by large organisations (including corporations) and the seeming absence of attributions of criminal liability to those organisations. Recent Australian Royal Commissions have shown long-term systemic harms and crimes inflicted within and by large organisations and yet the criminal law’s account of responsibility within and of organisations remains weak. Criminal legal doctrine has failed to develop a coherent, persuasive and pragmatic means of attributing culpability for harms caused by large organisations. This failure is due to a failure to conceive of organisations as responsible in and of themselves. To examine the weakness of the criminal legal response, this article focuses on recent reforms by the United Kingdom (‘UK’) and proposed reforms in Australia to develop a form of omissions liability by criminalising organisational failure to prevent. The UK model focuses on a specific predicate offence (such as bribery), but this article argues that the predicate offence can and should be extended more broadly to systemic failure to prevent breach of duty of care. To this end, this article considers the findings of three different Australian Royal Commissions to argue how and why the failure to prevent can be sufficiently blameworthy to justify and require the attribution of criminal liability and sanctions.
Criminologists have long pointed to the financial and physical harms caused by large organisations and the relative dearth of attributions of criminal liability to those organisations. Recent Australian Royal Commissions have shown long-term systemic harms and crimes inflicted within and by large organisations. Despite widespread condemnation of these organisations and the harms that they have inflicted, a criminal legal response to organisational failures has been largely absent. It is only since the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (‘Banking Royal Commission’) that regulators have shown greater willingness to pursue criminal actions against banking organisations. Although the Royal Commission into Institutional Responses to Child Sexual Abuse (‘Child Sexual Abuse Royal Commission’) was tasked with investigating institutional responses, no reforms were suggested for the prosecution of institutional failings, and there has been no criminal legal response to organisational failures to protect and prevent the abuse of children. Similarly, despite a scathing assessment in the interim report of the Royal Commission into Aged Care Quality and Safety (‘Aged Care Royal Commission’), there was no consideration of the role of the legal system in aged care. This absence of a structural criminal legal response reflects academic literature that has long pointed to the disjunction between social and moral denunciation of organisational malfeasance and the ostensible criminal legal impunity of these organisations.
The absence of any criminal legal response to organisational malfeasance is in accordance with long-term academic recognition about problems the criminal justice system has in conceptualising and imposing corporate responsibility. The findings of the Royal Commissions have given stark insight into Veitch’s argument about the legally structured irresponsibility of organisations — the larger an organisation, the more capable it is of causing systemic harms, and yet the less likely it is to be held criminally liable. Criminal legal doctrine has failed to develop a coherent, persuasive and effective means of attributing responsibility for harms caused by large organisations at a time when we are increasingly dependent upon them. The Royal Commissions have repeatedly shown large organisations causing widespread, on-going, systemic harms and a failure of the criminal justice system to adequately respond, demonstrating the acute need to construct a persuasive and pragmatic account of corporate liability.
This article focuses on the United Kingdom’s (‘UK’) development of a form of omissions liability by criminalising the failure to prevent. Under the UK model, the offence occurs if the organisation fails to prevent a bribery or tax evasion offence by an employee and cannot show it had in place adequate procedures to prevent the bribery or tax evasion. That is, the UK model requires a specific predicate offence (of bribery or tax evasion) as the foundation for organisational culpability. An offence modelled on the UK bribery offence was introduced into the Australian Senate in December 2019 under the Crimes Legislation Amendment (Combatting Corporate Crime) Bill 2019 (Cth) (‘CLACCC Bill 2019)’. This article proposes extending the UK model of failure to prevent so that instead of requiring proof of a specific predicate offence, an organisation can and should be liable for the systemic failure to prevent breach of legal duty of care. To this end, the article considers the findings of three different Australian Royal Commissions to argue how and why the failure to prevent can be sufficiently blameworthy to justify and require the imposition of criminal sanctions. This approach is partly based on the pragmatic recognition, voiced by Fisse in relation to corporate criminal law reform, that ‘criminal liability based on blameworthiness is more likely to induce respect for the law and willingness to comply’, and by extension, is more likely to induce regulators to investigate, prosecute and enforce. There is also a normative argument that criminal law requires culpability. It is a distinctively moral institution that expresses right and wrong, backed by governmental sanctions. This is in accordance with an expressive account of criminal law, whereby state actions communicate values about what society values and condemns. On this account, the failure of the criminal justice system to prosecute organisations for systemic harms communicates that these harms are just a cost, albeit unfortunate, of doing business.
The three Royal Commissions considered in this article examined very different industries. The terms of reference for each Royal Commission include a requirement to consider systemic issues and responses to any findings of systemic failings. The Child Sexual Abuse Royal Commission commenced in 2013 and continued until the end of 2017. The Royal Commission’s final report detailed serious long-term systemic failures to prevent and adequately respond to child sexual abuse by many different types of institutions that have contact with children. The Banking Royal Commission commenced in December 2017 and the final report of Commissioner Hayne was tabled in Parliament in February 2019. The terms of reference included investigation of conduct, practices, behaviour or business activities by financial services entities which might have amounted to misconduct or fallen below community standards and expectations. The Commission was also tasked with investigating the adequacy of existing laws and policies of the Commonwealth, internal systems and forms of industry self-regulation, and regulators to identify, regulate and address misconduct and to meet community standards. The Banking Royal Commission found widespread evidence of criminality and malfeasance. The Aged Care Royal Commission was established in October 2018 and is due to provide a final report by late February 2021. The Terms of Reference of the Aged Care Royal Commission include an inquiry into the quality of aged care services, the extent of substandard care being provided, ‘the causes of any systemic failures, and any actions that should be taken in response’. The Aged Care Royal Commission published an interim report in October 2019 entitled Neglect.
The idea of combining the findings of these three different Royal Commissions for the purpose of analysis is unusual. Corporate law reform and scholarship frequently focus on discrete areas. For example, the Child Sexual Abuse and Banking Royal Commissions have proposed reforms specific to their topic areas. The inquiry of the Australian Law Reform Commission (‘ALRC’) into Australia’s corporate criminal responsibility regime primarily focused on financial crimes, as shown by the commissions and inquiries to which it referred, the examples of offences and the proposed law reform. Likewise, although the proposed CLACCC Bill 2019 is aimed at ‘combatting corporate crime’, its target is financial crimes. Many physical harms are primarily considered through the lens of health and safety law, while environmental harms form their own niche. There are difficulties in combining these disparate areas, particularly the risk of trivialising harms through superficial analysis by attempting to cover too much ground. However, this approach is highly original and has the advantage of avoiding piecemeal reforms and instead focuses on a commonality that links organisations operating across the spectrum — that is, harms caused by organisational breach of legal duty. It contributes to the conceptualisation of organisations as legal agents that can and should be held responsible for harms caused.
All three Royal Commissions discussed in this article emphasise the long-term, systemic harms caused by organisations across time. Each provided reports or pointed to the sheer number of inquiries that have previously unearthed and reported harms caused in the same areas and yet the same harms have continued to be inflicted in the same areas. Their findings show a historic failure by regulators and the criminal justice system to adequately protect against, and respond to, harms or offences in and by organisations. The harms have also occurred against a backdrop of weak, underfunded, overworked regulators — which, in turn, has led to a lack of criminal prosecution at the peak of the regulatory pyramid.
This article draws upon the reports of the Child Sexual Abuse, Banking and Aged Care Royal Commissions to show that systemic failures of institutions to protect against, and respond adequately to, harms or offences in institutions are culpable and egregious failures in their own right that are worthy of criminal sanctions. It is not a matter of chance that offenders are able to perpetrate crimes many times over many years in specific institutions — they are enabled, or at least not prevented, by the systems, policies and reactions of that specific institution. These institutions can be described as criminogenic — they cause or are likely to cause criminal behaviour, by encouraging, tolerating or turning a blind eye to criminal behaviour. Accordingly, the findings of the Royal Commissions demonstrate the urgent need for an extension of models of responsibility beyond those of individual perpetrators to consider the responsibility of the criminogenic organisation itself in inflicting and sustaining crimes. These Royal Commissions, like other public inquiries, encourage and require reflection upon the unsatisfactory criminal legal response to organisational harms. This is particularly so because particular events provide a catalyst for corporate criminal law reform. The failure of the criminal justice system to respond to systemic failures of large organisations requires us to think imaginatively and broadly about organisational culpability. The absence of a general theory of corporate liability has long been recognised — the corporate law theorist Celia Wells has pointed to the lack of any ‘blueprint or underpinning design’ of corporate criminal liability. This article aims to contribute to a general theory of corporate liability that recognises organisations (including corporations) as specific legal subjects of the 21st century. In order to analyse the efficacy of this general approach, this article will explore two key themes throughout: first, the enforceability of the proposed failure-to-prevent offence (a pragmatic account); and second, whether the offence establishes the blameworthiness of the organisation (a normative account). This article draws upon philosophies of wickedness to argue that systemic failure can and should be regarded as sufficiently culpable to justify criminal sanctions.
Part II of this article outlines contemporary models of corporate liability, that of nominalism and realism, to situate the UK failure-to-prevent offence. Part III applies the requirement of a foundational offence in the UK failure-to-prevent offence to findings of the Child Sexual Abuse, Banking and Aged Care Royal Commissions. Part IV draws on Royal Commission findings to demonstrate the ways in which organisations are sites of specific risk and the failure to develop reasonable procedures to prevent breach of legal duty can be attributed to organisational or systemic failure. Part V argues that the offence of failure to prevent satisfies both the practical and normative tests.
Despite the lack of any general theory, for the purpose of analysis, approaches to corporate criminal liability can be divided according to whether the corporation is viewed as a collective in name only (that is, nominalist) or whether the corporation is regarded as an autonomous legal agent (that is, realist). This section outlines the different models and associated legal doctrine in Australia as a way of contextualising the failure-to-prevent offence in the UK and the proposed failure to prevent bribery offence in the CLACCC Bill 2019.
The dominant model of corporate criminal liability, nominalism, dates from the 19th century and privileges the classic criminal legal subject — the flesh and blood individual. On this account, corporations are artificial entities made up of nothing more than a collective of individuals and, as such, can only act through living persons. This is a form of ‘methodological individualism’ as it is based on the assumption that all social action can only be explained through the actions of individuals — that is, corporations do not commit crimes, people do. According to the nominalist account, it is farcical to suggest that corporations are capable of acting and/or having intentions except through the natural persons who constitute the corporate enterprise. To this end, various approaches have been adopted to attribute the actions and intentions of individuals to the corporation. One approach that the courts have adopted is the ascription of corporate responsibility for the actions of an employee through the concept of vicarious liability. Under this principle, a corporation can be liable for actions or omissions committed by an agent in the course, or during the scope, of employment. In Australia and the UK, there has been limited application of vicarious liability, compared with the United States.
The dominant approach for ascribing corporate criminal liability in Australia is through identification theory, which requires proof that the ‘directing mind’ of the corporation has acted with the requisite fault, as expounded in Tesco Supermarkets Ltd v Nattrass. This approach is based on an anthropomorphic conception of the company, where only those persons invested by proper authority with managerial powers and responsibility are regarded as the head or brains of the company. The ‘state of mind’ of this ‘directing mind’ is treated by law as the state of mind of the organisation, which enables criminal liability to be imposed on a corporation for offences that require mens rea. The principle requires that the prosecution prove that the directing mind of a corporation knew of the criminal actions and possessed the necessary mens rea.
Identification theory has not met with much practical success, to the extent that it has been labelled an ‘obstacle’ to corporate conviction. It is highly restrictive and artificial, and fails to grapple with the reality of contemporary corporations. Specifically, the theory works better with small, owner-managed companies, but tends to insulate large corporations from criminal liability. The ‘directing mind’ model distorts decision-making in large corporations as it is difficult to determine who the directing mind is, and whether they are in command of what the organisation does. This is because modern corporations distribute authority in many ways that generate more than one directing mind and will. The identification principle specifies that only staff and officers who are very high up in the corporate hierarchy can represent the directing mind of the corporation. Such a person or people must be responsible for the supervision of corporate activities and the design of corporate policies at the highest level. Larger organisations are capable of inflicting greater systemic harms, and yet the larger an organisation is, the more difficult it is to establish the directing mind and that they had the necessary mens rea.
Nominalist theories of corporate criminal liability also fail to reflect organisational culpability. These approaches require proof of fault of a representative of the corporation, but they do not establish organisational fault, only that a particular representative was at fault. Identification theory fails to capture circumstances where there is no underlying individual fault, but there is corporate culpability. Nominalist accounts focus on individuals’ actions or omissions and are unable to conceptualise organisational failure. For example, the Herald of Free Enterprise public court of inquiry found that there was a ‘disease of sloppiness’ at every level of the corporate hierarchy, but charges of corporate negligence against the directors and of corporate manslaughter against the company (P&O) failed because no one individual was negligent.
Nominalist accounts fail to engage with the most common way in which organisations cause harm; namely due to failure by the organisation as a whole, rather than individual culpability, particularly at the executive level. This is shown in each of the Child Sexual Abuse, Banking and Aged Care Royal Commission reports, which all too commonly highlight a lack of knowledge or care, despite being recognised as sites of risk for particular offences. Organisations can be structured in such a way that malfeasance, and concerns about it, are unlikely to reach upper management — this means that the directing mind will lack the necessary criminal intent. This entrenched ignorance may be by design in order to avoid culpability under existing common law doctrine, but may also be a practical result of the diffusion of responsibility and authority in large, complex organisations.
This weakness of identification doctrine is demonstrated in the Banking Royal Commission case-study analysis of Rabobank’s loans to the Brauers. In summary, the Brauers owned a farm and had been customers of Rabobank since 2004 and had a credit limit of $1 million with Rabobank. In 2009, the Brauers had rented out their property and relocated overseas. They were emailed by their loan manager who advised them that a neighbouring property was on the market. Although the Brauers had not previously been looking to purchase, they expressed interest and the loan manager valued the property. He then advised the Brauers that they could borrow extra money and later use undrawn funds from their original loan to stock the farms with cattle on their return. The loan manager prepared a credit submission to Rabobank’s credit department. In September 2009, a representative from the credit department emailed the loan manager flagging problems with the credit submission, including that the proposed gearing was high and that ‘serviceability was very hard to get a grip on’. The credit report also noted that the assumptions about cattle numbers and prices were either wrong or debateable and no allowance had been made for living expenses. The loan manager emailed the Brauers that day, but did not communicate the concerns of the credit department as to whether they would be able to meet the debt. The Brauers accepted the loan and purchased the neighbouring property. Upon their return the Brauers were introduced to a different Rabobank employee who was to be their new loan manager, Mr Brady, who in contrast with email communications by their previous loan manager, stated that finance to restock the farm would only be available if the Brauers repaid $3 million within two years. After their property flooded and the Australian Government banned live export of cattle to Indonesia, the Brauers were unable to repay the $3 million and their interest rate was increased by 4% above the standard rate. After mediation, the Brauers sold the farm, but lost more than $1 million in the process.
Although the regional manager, Mr James, initially asserted that Rabobank had not engaged in any misconduct, upon reflection he agreed that contrary to the written terms of the loan, the loan manager’s emails gave an impression that further funds would be available for livestock purchases. The bank also had not revealed the credit department’s concerns to the Brauers that they would be unable to service the debt even in the best of circumstances. There were no internal systems requiring the communication of the credit department’s concerns to the customers. Nor were there any policies or systems in place to ensure that credit department queries or concerns were attended to prior to loan approval. The Royal Commission found that in the Brauers’ case, the loan should not have been approved. Rabobank also did not have systems to militate against conflicts of interest. There was no separation of internal appraisal of property values from the function of loan origination and security valuation. These tasks were accomplished by the loan manager who was ‘incentivised’ to write loans, and there was no internal appraisal of his or her assessments. Moreover, Rabobank employees who undertook valuations had not been specifically trained. The Australian Prudential Regulation Authority (‘APRA’) and Ernst and Young (as auditors) made recommendations in 2009 and 2011, requesting Rabobank to review its valuation policies and to separate loan valuations from the loan originator, as there was a risk of overvaluation by the loan originator, whether deliberately or in error. Despite recommendations by Ernst and Young and APRA, Rabobank did not separate loan origination from security valuation until 2014.
This case study shows the deficiencies of identification theory. The Brauers’ loan manager would not be sufficiently senior to be regarded as the ‘brain and nerve centre’ of the bank. The absence of any oversight or review of the loan manager’s practices — from loan origination, to valuation, and email promises — militated against more senior staff, the directing mind, becoming aware of systemic issues. Rabobank’s senior executives were physically and mentally remote from the operations that created the opportunity for malfeasance. The Rabobank example demonstrates how identification doctrine may lead an organisation to have an ambivalent relationship with knowledge — the more that they know about their practices and procedures the more able they will be to predict and prevent misconduct, but also the more likely a prosecution will be successful. Identification theory may actually have the perverse consequence of discouraging auditing — the less executives know, the better in terms of common law doctrine. The Royal Commission found that Rabobank had inadequate systems and procedures and ‘difficulties in internal controls and management systems’. Drawing on the findings of the Royal Commission, I would argue that Rabobank had a responsibility to put procedures in place to train staff in valuations, ensure valuations were independent, and that credit department recommendations were addressed and communicated to customers. This lack of procedures, training and auditing meant that Rabobank had failed to discharge its legal duty of care to customers and also ensured that senior executives (and staff) were unaware of any problems with the lending process. This failure was not due to specific individuals, rather it was the very policies and systems (or lack thereof) in place that militated against awareness or knowledge, in and of themselves reflecting a lack of care by the organisation.
In contrast to the dominant nominalist approach, realist theories assert that corporations are more than just the sum of their parts and that they are capable of being autonomous legal actors. This realist approach is reflected in the Child Sexual Abuse, Banking and Aged Care Royal Commissions, where the Royal Commissions and media referred to harms caused and malfeasance by specific organisations such as AMP (financial services company), the National Australia Bank (‘NAB’), the Oakden Facility (a nursing home), and the Catholic Church. It might be argued that labelling corporations in this way is simply a matter of linguistic convenience, but does not reflect the reality of organisational responsibility. However, realist theorists assert that an organisation can have its own discrete responsibility, beyond the aggregation of the responsibility of individuals. The realist approach is informed by studies of collectives and organisational behaviour that show organisations and collectives often develop an identity that is independent of, and transcends, the specific individuals who control or work within the organisation.
Offences informed by realist theories have been introduced by statute to address perceived shortcomings of the common law in Australia. Australian corporate culture provisions in the Criminal Code Act 1995 (Cth) sch 1 (‘Criminal Code’) pt 2.5 reflect a realist approach. The Code applies to bodies corporate in the same way as it applies to individuals, but modifications have been developed to reflect differences between corporations and individuals. Section 12.3(1) of the Criminal Code states that ‘if intention, knowledge or recklessness is a fault element of an offence, that fault element must be attributed to the body corporate that expressly, tacitly or impliedly authorised or permitted the commission of the offence’. Subsections 12.3(2)(c)–(d) are radical in their conceptualisation and attribution of fault elements for offences committed by corporations based on the concept of corporate culture. Body corporate authorisation or permission can be established expressly or through a ‘corporate culture’ that tolerated or led to the commission of the offence or failure to create or maintain a ‘corporate culture’ that would not tolerate or would lead to the commission of the offence. Corporate culture is defined in the Criminal Code s 12.3(6) as ‘an attitude, policy, rule, course of conduct or practice existing within the body corporate generally or in the part of the body corporate in which the relevant activities takes place’. ‘Corporate culture’ is intended to encompass situations where the actual practices of an organisation differ from its formal or written rules.
The corporate culture provisions are widely regarded as ‘innovative’, and providing ‘arguably the most sophisticated model of corporate criminal liability in the world’. The provisions reflect a realist or ‘holistic’ approach aiming to capture the blameworthiness of the corporation as an entity — it does not rely on the actions or omissions of an individual, but instead considers the organisation as a whole. While the corporate culture provisions are successful in terms of providing a realist normative account, in practice the concept of corporate culture has rarely been employed in corporate prosecutions. Colvin and Argent have summarised some of the criticisms of corporate culture that have militated against its success, such as the failure of the regulations to reflect a more nuanced understanding of corporate culture from an organisational theory perspective, and ask whether corporate culture can ever be regulated. The provisions are specifically excluded from operating in other corporate legislation including the Corporations Act 2001 (Cth) and the Competition and Consumer Act 2010 (Cth), greatly reducing the likelihood of prosecution and, accordingly, judicial interpretation of the provisions.
The UK has introduced an alternative (but related) realist approach to corporate liability, that of failure-to-prevent offences. The Bribery Act 2010 (UK) (‘Bribery Act (UK)’) provides that an organisation will be guilty of a failure-to-prevent offence unless it can prove that it had adequate procedures to prevent bribery. The UK followed up with a failure to prevent facilitation of tax evasion offence in the Criminal Finances Act 2017 (UK), with a defence of ‘reasonable’ procedures to prevent the conduct. The Joint Committee on Human Rights has since recommended a new corporate offence of failure to prevent human rights abuses and the Ministry of Justice has argued in favour of creating a new corporate offence of failure to prevent economic crime. The failure to prevent bribery offence has enjoyed some practical success. As at 1 March 2020, seven corporations had been prosecuted by the Serious Fraud Office under s 7 of the Bribery Act (UK). Of these, one pleaded guilty, five involved Deferred Prosecution Agreements and one was contested (resulting in the conviction of the dormant company of failing to prevent bribery).
In March 2019, the Select Committee on the Bribery Act 2010 tabled a report to the House of Lords. The Select Committee has argued that the offence is ‘remarkably successful’ in terms of prosecution but also encourages the prevention of harms by those most capable of preventing it — the organisation itself (that is, by deterrence). The practical success (in terms of prosecution) of the failure-to-prevent offence in the UK reflects the reality that many of the harms caused by large organisations are due to omissions; that is, the failure to prevent harms or breaches of legal duty. I will now consider the failure-to-prevent offence in Australia in relation to the Child Sexual Abuse, Banking and Aged Care Royal Commissions in terms of how the offences might work in practice, but also how and why the offence establishes culpability of the organisation.
The failure-to-prevent offence in the UK requires the individual commission of a specific substantive, predicate or foundational offence. In the UK, this requires that an employee or agent associated with the corporation committed bribery or facilitated the evasion of taxes. For those harms analysed by the Child Sexual Abuse Royal Commission, the foundational offence committed by an employee or agent associated with the institution would draw upon the cohort of existing child sex offences — including underage sex, grooming and failure to report. Given that institutions that care for children are recognised as sites of risk for child sexual abuse, there are already guidelines in place and mandatory reporting of grooming and underage sex. Fulfilment of legal duties of care is (ostensibly) attached to accreditation and funding (although the Royal Commission noted the relative absence of enforcement).
Likewise, aged care providers that receive government funding must comply with duties and responsibilities under the Aged Care Act 1997 (Cth). The foundational offence could include a breach of the existing legal duty of care that should be provided to consumers. Alternatively, a standalone offence of failure to prevent elder abuse could be created. The World Health Organization has defined elder abuse as ‘a single, or repeated act, or lack of appropriate action, occurring within any relationship where there is an expectation of trust which causes harm or distress to an older person’ that may be ‘financial, physical, psychological and sexual... [and] can also be the result of intentional or unintentional neglect.’ The Aged Care Royal Commission Interim Report found many quality and safety issues that would amount to elder abuse including inadequate prevention and management of wounds, poor continence management, dreadful food and hydration, high incidence of assaults, and common use of restraints. For the purpose of this analysis, I will focus on the use of restraints as an example of elder abuse as the foundational offence. There are different definitions of restraints within Australia reflecting the ‘challenges in conceptualising and identifying restraint in practice’. New national standards were introduced from July 2019, defining restraint as any practice, device or action that interferes with a consumer’s ability to make a decision or restricts a consumer’s free movement. Despite a global trend promoting ‘restraint free’ environments in aged care, the Aged Care Royal Commission Interim Report notes that ‘restrictive practices are common in Australia.’ Examples of physical restraint include the removal of a mobility aid for ‘safety’, clasping a person’s hands or feet to stop them moving, applying restraints or lap belts, locking over-bed or chair tray tables, seating residents in chairs with deep seats that the resident cannot stand up from, and confining a person. Chemical restriction is the prescription of psychotropic medication exceeding reasonably expected clinical needs of the people receiving care. Aged care facilities are recognised as sites of risk for elder abuse including restraint. There is a legal duty of care and mandatory reporting — from July 2019 it has been mandatory for residential care service providers to provide data on three quality indicators including physical restraints to the Australian Government Department of Health. In addition, psychotropic medicines are prescribed and/or controlled. Despite this, the organisational breach of legal duty of care has not been enforced in the criminal justice system.
The Banking Royal Commission highlighted a great deal of malfeasance and criminality by financial institutions such as home loans that people could not afford, fees for no service, sale of ‘zombie’ (or worthless) insurance, and charging fees to people who have died. For the purpose of this analysis, I will focus on fees for no service as an example of banking criminality. Fees for no service is the charging of fees for financial advice that is not provided or not provided in full and, on a basic interpretation, fees for no service are fraud. Commissioner Hayne stated that fees for no service could be prosecuted under s 1041G of the Corporations Act which specifies that it is a civil and criminal offence for a company, or individual within it, to engage in ‘dishonest conduct’ relating to a financial product or service. Financial institutions are recognised as sites of risk for financial malfeasance and crime. As with the other Royal Commissions, guidelines, duties of care and mandatory reporting are already in place, they just do not seem to be enforced.
A practical issue in relation to the development of a failure-to-prevent offence in Australia is that it requires a predicate offence if the UK prototype is followed. All three Royal Commissions highlighted widespread wrongdoing. There are advantages to having specific offences as these put organisations on notice to develop policies and practices in response to specific risks. Creating a standalone offence, like the failure to prevent bribery, expresses that certain offences are sufficiently wrongful in and of themselves that organisations have a legal responsibility to prevent them, and the failure to have adequate procedures in place to prevent specific offences is culpable. However, leaving aside the Child Sexual Abuse Royal Commission, which was specifically focused on sexual abuse and grooming, it is difficult to isolate the offences uncovered by the other Royal Commissions. The malfeasance unveiled in the Aged Care and Banking Royal Commissions is broad and varied. An alternative route would be to base the predicate offence upon breaches of (organisational) legal duty. In all of the examples above, organisations had pre-existing legal duties of care with regard to specific risks and mandatory reporting of breaches of these legal duties. There are clear ways in which organisations can transgress the law; that is, by failing to fulfil a legal duty. Accordingly, an offence of failure to prevent a breach of legal duty by organisations could be created. While basing the failure-to-prevent offence on a breach of legal duty may appear to draw the offence too broadly, the organisation would then have an opportunity to argue a defence (considered below in Part IV).
The key way in which the offence of failure to prevent incorporates notions of organisational blameworthiness (or lack thereof) is by giving an organisation the opportunity to defend itself. The defence allows an organisation to establish a lack of culpability; that is, that the failure to prevent the offence was not due to an absence of reasonable or adequate procedures on the organisation’s part. Under the Bribery Act (UK), it is a defence for an organisation to prove that it had in place adequate prevention procedures. The Criminal Finances Act 2017 (UK) provides a defence that, when the UK tax evasion facilitation offence was committed, it had in place reasonable prevention procedures. Unlike with the Bribery Act (UK) there is no need for the organisation to receive, or be intended to receive, benefit. Proof of benefit, or the intention of benefit, would confirm a link between the associated person’s actions and the corporation. However, in light of the findings by the Royal Commissions, I would argue in favour of removing the benefit requirement in relation to failure-to-prevent offences. For example, child sexual abuse is not in the interest of an organisation caring for children. In relation to elder abuse, there may be indirect ways in which elder abuse is to the benefit of an organisation, for example, malnutrition or understaffing to save money, but it is more straightforward to argue that malnutrition and understaffing is due to organisational failure rather than attempting to identify and prove nefarious motives by management. The Banking Royal Commission highlighted wrongdoing that was for the benefit of the organisation (such as fees for no service and financial advisers acting against the interests of clients in favour of selling in-house products), but other malfeasance was not in the interests of the bank (bribery, minimal deposits in children’s bank accounts, and many fees for no service were of benefit to the financial adviser, not the bank). Accordingly, the requirement of benefit to the organisation is tangential to, or misleading from, the key question of whether the organisation itself was culpable.
Guidance about the new offences and the types of risk-based procedures that a company can put in place to limit the risk of representatives criminally bribing or facilitating tax evasion has been published for both UK offences, using the same principles for both offences (‘UK Guidelines’). The requirements of the six principles are considered and explained in some detail and they are followed by case studies explaining how the principles might apply in different hypothetical situations. The UK Guidelines specify that an organisation should establish proportionate procedures, top-level commitment, risk assessment, due diligence, communication and monitoring and review. The Guidelines are consistent with a situational crime prevention approach, which recognises that situations can influence or provide an opportunity for criminal behaviour, but also provide behavioural cues and structures to discourage criminal behaviour. This accords with arguments by realists that corporate culture or ethos can have a major impact on how employees behave — encouraging and discouraging, rewarding and punishing.
The UK Guidelines and concepts of situational crime prevention are consistent with the arguments of the Select Committee on the Bribery Act 2010 that the failure-to-prevent offence puts the onus of responsibility on those most capable of preventing the harms. The defence provides organisations with an incentive and opportunity to avoid criminal liability by implementing appropriate internal procedures and policies and embedding risk assessment in their organisations. The Child Sexual Abuse, Banking and Aged Care Royal Commissions have each highlighted the relevance of the UK Guidelines to meeting duties of care and preventing offences. As noted above, in all three Royal Commissions, the organisations had already been recognised as sites of risk for particular crimes and malfeasance. In addition, specific duties that had already been imposed on these organisations were not met.
The Child Sexual Abuse Royal Commission published reports about findings at specific organisations and also summarised various institutional failings in response to child sexual abuse. For example, in terms of the failure-to-prevent defence UK Guidelines, the Royal Commission commented on the lack of top-level commitment to preventing child sexual abuse in schools, stating that failure to respond adequately was due to ‘poor leadership and governance’. This was reflected particularly in cultures that prioritised protecting the school’s reputation, financial interests or particular colleagues over the safety of children. There was an absence of proportionate procedures. The Royal Commission pointed to poor human resource management, which allowed sex offenders to be employed due to the failure to follow internal procedures for recruitment, any of which would have resulted in the offender not having been employed in the first place. The failure to respond adequately, which facilitated ongoing abuse, was due to inadequate complaints processes, investigations and disciplinary actions, which also led to staff failing to meet their obligations to report suspected abuse to external authorities. This was exacerbated by poor recordkeeping and sharing of information. There was frequently also a lack of communication in the form of an absence or lack of implementation of policies and procedures, which failed to provide staff with adequate training as to how to recognise grooming behaviours and child sexual abuse and what to do in response. The Royal Commission reports also pointed to other failures of basic child protection procedures, including the failure to scrutinise suspicious behaviour and permitting unsupervised contact with children.
Similarities in systemic failure have also been highlighted in the ongoing Aged Care Royal Commission. All available literature emphasises that the failure to prevent overuse of restraint is a structural issue:
The reduction of physical restraint requires an operational policy. Elements of such a policy would include: adaptation to environmental factors — for example, architecture, choice of materials; appointment of resource persons; an interdisciplinary approach (including the older persons and their relatives); registration of the use of physical restraint; communication about the policy pursued, and so on.
The emphasis upon operational policy is consistent with the UK Guidelines, requiring top level commitment in terms of architecture, adoption of a prevention policy, training staff in alternatives, monitoring the use of restraints and the regular and targeted review of residents taking psychotropic medication. Physical and social care environments must be designed to be beneficial for people with dementia. Organisational policies and medical reviews need to be implemented and communicated, based on evidence for the management of the behavioural and psychological symptoms of dementia. The use of physical restraints is a collective issue that is usually visible to other staff (and residents) and the use of chemical restraints is prescribed by doctors and administered by staff. The commitment to reduce the use of restraint requires a collective undertaking that facilitates and encourages caregivers to challenge one another about the use of restraint. As with the failure to recognise and report grooming and child sexual abuse, training is key. Workload (another organisational issue) is also key. Even if staff have received training, they may use restraint as a means to manage their workload as alternatives to restraint require skill, time and patience. The overuse of restraint is not solely an individual issue — rather, it is likely to be due to structural and collective reasons that can primarily be addressed at the organisational level. The failure to address the overuse of restraint at the organisational level is criminogenic; that is, it perpetuates crimes of elder abuse.
Likewise, the Banking Royal Commission highlighted systemic failures. It was clear that organisations such as AMP, NAB, the Commonwealth Bank of Australia (‘CBA’), Westpac (bank and financial services provider), and MLC (financial services provider) had charged members fees for no service and had remuneration models that created conflicts of interest. Despite the risk of dishonesty, there was: an absence of processes to prevent and detect misconduct; failure by the entity to respond in a timely and sufficient way to misconduct; and slow/false mandated reporting of the offending. Almost all of these systemic failures worked to the benefit of the banks and financial service providers. Fees for no service was endemic and undetected and/or not adequately responded to by the organisations for many years. For example, it was not until the Banking Royal Commission that it became apparent that NAB had charged more than 200,000 customers millions of dollars in fees, even though it had not provided them with any advice. Many accounts were not linked to any advisor, but were still charged fees for advice. Concerns about fees for no service were raised as early as August 2015, with NAB creating a risk event in its internal ‘event management system’ in September 2015 and noting that the Australian Securities and Investments Commission (‘ASIC’) and APRA should be notified of the breaches. The Boards of NAB entities NULIS and MLC Nominees were advised that fees for no service were potential breaches in December 2015. In December 2017, a paper was presented at the NULIS Board meeting entitled Risk Review of ASF Controls. The paper found that controls to prevent, monitor and review fees for no service were ineffective overall and at times non-existent. The paper proposed that a top-level commitment to prevent fees for no service was required, and that executive management should remediate the control environment. This expression of the need for organisational reform from the top-down is consistent with the UK Guidelines on the defence of reasonable procedures.
One important aspect of the defence of reasonable procedures is that it broadens the timeframe of analysis to consider not only past practice, but also how the corporation responds to wrongdoing. What kind of program of reform, compensation and discipline does the organisation implement in response to discovering malfeasance? For example, the Banking Royal Commission found that despite a legal duty to do so, NAB demonstrated a failure to respond in an effective and timely manner. There was a failure to report breaches to ASIC in a timely and accurate manner. In addition:
Rather than remediate promptly at that time, management and senior executives took steps to negotiate an outcome with ASIC that would minimise the financial and reputational fall-out for the NAB Group. NAB was unwilling to acknowledge that this behaviour was wrong.
NAB also tried to minimise any amounts that it would have to repay.
The same could apply to other types of harms. Indicators of organisational failure would include long-term harms and the nature of the response of the organisation to those harms. For example, Knox Grammar School was the subject of a scathing report in the Child Sexual Abuse Royal Commission due to its failure to adequately respond to allegations of abuse from the 1970s until 2012. At the time, child sexual abuse was covered up and not reported to police, and offending staff were retained and protected or given positive references when they left the school. In contrast, according to media reports, in 2019 a staff member who was found with child abuse material on his phone was reported to the headmaster who immediately contacted the police and stated to parents: ‘We will not hesitate to contact police and remove staff who fail to follow our code of conduct and the law.’ This response can be compared to the report in the media of the headmaster of a different private school who expressed no support for children who reported grooming offences, choosing instead to give a favourable character reference for the offender (while the Royal Commission was ongoing). This shows a clear difference in organisational responses. One seeks to prevent child sexual offences, while the other has the effect of facilitating or condoning child sexual abuse.
This analysis highlights the ways in which an organisation can be criminogenic in its failure to prevent or discourage crime. Good corporate culture in the form of policies and procedures can discourage and prevent wrongdoing, while bad corporate culture might tolerate, permit or encourage malfeasance. In each institution that was examined by the Royal Commissions, it is not an accident that offending behaviour occurred for long periods of time in specific organisations (and not in others). The offences were not one-off tragic ‘accidents’ but were due to the structural failures for which an institution can and should be responsible. A failure by an organisation to meet the requirements of the UK Guidelines establishes the ways in which the organisation is criminogenic.
An essential factor in the likelihood of success of prosecution of the failure-to-prevent offence is that it imposes a ‘reverse burden defence’. That is, the harm caused would be treated as an offence committed by the organisation unless and until the organisation proved otherwise. This approach was recommended as long ago as 1993 by Fisse and Braithwaite based on the concept of ‘reactive fault’. It assists with the likelihood of successful prosecutions because it circumvents evidentiary challenges. The defence requires corporations to prove that it had existing or had developed adequate or reasonable or proportionate measures to prevent the commission of the crime. The difficulty is that the reverse burden defence undermines a key tenet of the criminal law — the presumption of innocence. In a series of decisions, the UK and Canadian courts have held that the presumption of innocence is infringed in such a case, but that the infringement may be justified or proportionate, depending on the circumstances. A cogent argument can be made that there is no need for mechanistic application to organisations of rules and procedures that were constructed around natural persons. Procedural protections such as the requirement that the prosecution negate defences beyond a reasonable doubt were constructed to protect individuals from the arbitrary exercise of power of the State, and there are defences at common law and under statute that individuals accused are required to prove on the balance of probabilities. The argument about the power dynamic of the State against individuals does not apply, particularly to large organisations, some of which have profits greater than state gross domestic products. In addition, organisations cannot be imprisoned and, unlike human beings, have no inherent rights to exist. The defence of adequate or reasonable procedures affords a defence to organisations, gives them fair opportunity to avoid causing harms, and provides strong encouragement to organisations to monitor and review their policies, procedures and responses to serious risks identified in their undertakings. It does not require defendant organisations to prove lack of guilt, only the presence and use of adequate/reasonable procedures. It also allows organisations to exonerate themselves by pointing to their compliance procedures and policies: given the opacity of organisations, it is more appropriate for the organisation than for the prosecution to collect such information and to prove details of internal policies and procedures and substantive practices within the organisation. Accordingly, the reverse onus of proof imposes a compliance incentive upon organisations that operate in areas that are recognised as generating specific risks, that they can and should attempt to prevent.
The foregoing section has outlined the ways in which the failure-to-prevent offence achieves the potential for practical success in responding to the types of offences most commonly committed by large organisations — those due to omission or failure. The key question I will explore now is whether the failure-to-prevent offence satisfies a normative account; that is, is an organisation sufficiently blameworthy for failing to prevent harm?
Two related arguments can be marshalled to justify the criminalisation of failure to prevent: the harmful consequences and the blameworthiness of the failure/s. A key justification for imposing a legal duty is to protect against the harms potentially caused by the breach. The harm principle, as famously stated by JS Mill, provides a basis for limiting and permitting state intervention: ‘The only purpose for which power can rightfully be exercised over any member of a civilized community, against his will, is to prevent harm to others.’ On this basis, criminalisation is justified through the (potential) harmful consequences. Harmful consequences remain a foundation for many offences including regulatory offences (such as food adulteration and dangerous driving), but also those with serious penalties such as involuntary manslaughter where legal culpability is due to causing death, with minimal to no intentional wrongdoing required for culpability. Feinberg defines ‘harm’ as a lasting or significant set-back to a person’s interests. There is no doubt that the breach of duties of care highlighted in the Child Sexual Abuse, Banking and Aged Care Royal Commissions were harmful. The Child Sexual Abuse Royal Commission devoted a great deal of time to recording the devastatingly harmful consequences of child sexual abuse and grooming. In terms of physical and chemical restraint of the elderly, all the evidence asserts that it does more harm than benefit. The use of restraints not only breaches fundamental rights of the elderly but can seriously undermine physical and psychological health. Restraints increase agitation, discomfort and anxiety. Meanwhile, fraud by the banks resulted not only in material loss to many customers, but also in stress, suicides, and loss of retirement plans. Commissioner Hayne also argued that malfeasance by the banks was harmful to the economy as it undermined trust in financial institutions. The corporate law theorist David Uhlmann has, accordingly, argued that conviction communicates the State’s intolerance of incidences of massive harms. The flipside is that the failure to convict communicates tolerance by the State of these harms, as if the harms were an unfortunate part of doing business.
While the pattern of blameworthiness of harmful consequences provides a powerful foundation for criminalisation, it seems counterintuitive to hold a person (or an organisation) responsible for something that they failed to do, because the dominant model of culpability is that a person cannot, and should not, be held responsible unless they intentionally or knowingly did the wrong thing. The moral philosopher, Mary Midgley, has labelled this the ‘positive model’ of wickedness. There are two aspects to this model of wickedness: first, action; and second, intention or knowledge. The emphasis that only positive action can be culpable is reflected in concerns voiced by critics that organisations should not be held criminally liable for failure to prevent. This is based on arguments that criminal legal doctrine generally is reluctant to criminalise omissions — whether by individuals or organisations. Despite these arguments, an accused can be held liable for omissions in the majority of criminal offences, provided a legal duty to act has been established. All the institutions considered in case studies in the Child Sexual Abuse, Banking and Aged Care Royal Commissions had legal duties to protect the people in their care, and to act with honesty and in the best interests of their members, and, in most of the case studies, the organisations failed to fulfil these duties in the long term. The criminalisation of omissions is particularly appropriate for organisations that choose to work in areas that are regulated. Moreover, criminal responsibility for the breach of legal duties is a common trope of corporate law. Directors owe a legal duty to the company, and the breach of this duty may result in criminal liability. Specific legislative schemes impose duties upon corporations and directors including occupational health and safety, environmental and tax duties. In all of these offences, liability derives from a failure to meet a duty of care — a duty of care that the corporation is subject to as a consequence of undertaking the provision of specific goods and services.
The second assumption of the positive model of wickedness is that a person acted intentionally or knowingly. Criminal legal doctrine reflects this ‘positive account’ of wickedness in its assertion of the dominance of subjectivist accounts of culpability to establish fault. Indeed, the High Court of Australia has held in favour of an assumption of mens rea or subjective blameworthiness as a general principle of criminal law doctrine. This model of culpability aims to ensure that outcomes that were accidental or unintended are not criminalised. The High Court argued against holding legal subjects liable in the absence of subjective culpability due to a concern for ‘luckless victims’ and the perceived severity of convicting an accused in the absence of any ‘fault’ on his or her part. The difficulty is that in many contemporary organisations, particularly large, complex, multinationals, knowledge is diffused. Organisational structures may themselves militate against any capacity to prove knowledge or intention. In fact, as argued above, nominalism may encourage organisations to diffuse knowledge in order to avoid corporate liability. The positive model of wickedness fails to adequately deal with the ways in which organisations are most likely to cause harm. We need to draw upon alternative models of wickedness to recalibrate the accidents, collateral damage and harms that organisations are the most capable of preventing as failings which are sufficiently blameworthy to justify criminal sanctions.
There are alternative accounts of wickedness that assert that failure or absence can be sufficiently blameworthy. In fact, despite passionate judicial statements asserting the requirement of subjective culpability, there are many offences at common law and under statute that do not require or impose minimal requirements of subjective culpability. This reflects Kirby J’s assertion that subjective intention does not enjoy a ‘monopoly on moral culpability’. Philosophies of wickedness point to alternative models of culpability. Midgley has argued that we should resuscitate the classic model of wickedness — a negative account. The subjective model of culpability remains necessary — there are corporations that have criminal models of business. However, the positive model is insufficient to cope with the likely causes of harm by large organisations in the 21st century. In many cases of systemic harms, it is the lack of knowledge and care, and/or the failure of policies and procedures, that is culpable. The negative account provides an alternative model of wickedness. The theologian Augustine stated ‘Evil has no positive nature; but the loss of good has received the name “evil”’. For Augustine, evil is not a ‘thing’, but a corruption and warping of that which is good. The negative account conceives of evil as privation, something missing, dearth or failure. The negative model of wickedness provides a philosophical foundation for the conception of organisational failure as culpable. Organisations are most likely to inflict systemic harms due to a failure to prevent and a failure to adequately respond to harms. The negative model of culpability provides a means to redefine ‘responsibility practices’, emphasising that it is this failure to act that has caused the systemic harms, and it precisely this failure that is culpable. The defence of reasonable procedures provides organisations with an opportunity to prove that the harmful consequences caused by (agents of) the organisation were not due to the failures of the organisation. As shown above, the institutions that were subjects of each of the Child Sexual Abuse, Banking and Aged Care Royal Commissions would not have been able to point to reasonable procedures to protect against those harms for which they had a legal duty of care. These organisations were not ‘luckless victims’ and under the classic model of wickedness their failures would be sufficiently culpable to justify and require criminal sanctions.
The findings of each of the Child Sexual Abuse, Banking and Aged Care Royal Commissions demonstrate that a realist approach to corporate criminal accountability is vital. Despite the widespread harms recorded in each of the Royal Commissions, the criminal justice system has failed to engage with organisational fault. In light of the increasing dominance of, and reliance upon, large, complex organisations, reframing our notions of organisations and attributions of culpability is an urgent challenge for the 21st century. Rather than regarding harms as sad accidents, collateral damage or tragedies, criminal law needs to recalibrate these harms as crimes that could and should have been prevented. All the evidence from the Royal Commissions highlight that particular harms occurred with impunity within specific organisations, often for years at a time. These organisations can and should be regarded as criminogenic — by encouraging, permitting, facilitating or failing to prevent crimes. The criminal justice system needs to develop a realistic account of the organisation as a legal actor.
This article has proposed that the UK offence of failure to prevent should be extended broadly to a failure to prevent breach of legal duties by organisations. The failure-to-prevent model enshrines existing legal duties of care at the centre of organisational models to ensure that the responsibility for meeting these duties of care is an integral part of doing business. Corporate law theorists have long argued that corporations are externalising machines, where only certain costs and benefits are taken into account, while others are excluded. Criminalising corporate conduct and failures repudiates false valuations embodied in corporate wrongdoing, whereby harms are regarded as an unfortunate and unlucky side effect of doing business. Holding organisations responsible for failures to prevent clarifies for what harms we expect corporations to be responsible. The Child Sexual Abuse, Banking and Aged Care Royal Commissions have highlighted that existing legal duties of care and mandatory reporting have not resulted in reform to corporate practices. There are difficulties associated with the failure-to-prevent offence. The offence does not resolve the myriad ways in which corporations can and do inflict harm. However, it goes some way towards recognising the systemic breach of legal duty by many corporations causing widespread harms in a way which is practical and also justifies and requires attributions of criminal blameworthiness.
 Professor, Faculty of Law, University of Technology Sydney, New South Wales, Australia. Email: Penny.Crofts@uts.edu.au; ORCID iD: https://orcid.org/0000-0002-6018-7159. This research was funded by the Australian Government through a Discovery Early Career Researcher Award (‘DECRA’), project number DE180100577 ‘Rethinking Institutional Culpability: Criminal Law, Philosophy and Horror’. The views expressed herein are those of the author.
 Edwin H Sutherland, White Collar Crime (Dryden, 1949); Cedric Michel, John Cochran and Kathleen Heide, ‘Public Knowledge about White-Collar Crime: An Exploratory Study’ (2016)
65(1– 2) Crime, Law and Social Change 67; Steve Tombs and David Whyte, The Corporate Criminal: Why Corporations Must Be Abolished (Taylor and Francis, 2015); Mihailis E Diamantis, ‘Functional Corporate Knowledge’ (2019) 61(2) William & Mary Law Review 319, 324.
 This article focuses on a broad range of harms caused by large organisations including child sexual abuse, elder abuse and financial crimes. There is some ambiguity about whether some of the organisational harms, such as elder abuse and financial malfeasance, are necessarily criminal — reflecting and reinforcing the absence of prosecution in this area.
 To avoid legal technicalities of the definition of the ‘corporation’ and also in recognition of the culpability of organisations which are not by definition corporations, this article refers to ‘organisations’ throughout to include not only legal ‘corporations’ but also institutions in constructions of organisational criminal liability.
 The Australian Securities and Investments Commission (‘ASIC’) has signalled a willingness to prosecute for corporate malfeasance since the Banking Royal Commission, but has not as yet met with success: see, eg, Sean Hughes (ASIC Commissioner), ‘ASIC’s Approach to Enforcement after the Royal Commission’ (Speech, 36th Annual Conference of the Banking and Financial Services Law Association, 30 August 2019) <https://asic.gov.au/about-asic/news-centre/speeches/asic-s-approach-to-enforcement-after-the-royal-commission/>.
 Penny Crofts, ‘Legal Irresponsibility and Institutional Responses to Child Sex Abuse’ (2016) 34(2) Law in Context 79.
 Royal Commission into Aged Care Quality and Safety, Interim Report: Neglect (Interim Report, October 2019) (‘Aged Care Royal Commission Interim Report’); Joseph Ibrahim and David Ranson, ‘Neglect in Aged Care — A Role for the Justice System?’ (2019) 27(2) Journal of Law and Medicine 254, 254.
 See, eg, John HC Colvin and James Argent, ‘Corporate and Personal Liability for “Culture” in Corporations?’ (2016) 34(1) Company and Securities Law Journal 30. See also Michel, Cochran and Heide (n 1), who have argued that the public lack (accurate) knowledge of white-collar crime and criminal legal responses. Widespread media reporting of Royal Commissions contribute to public knowledge about the extent of harms caused by large organisations and the lack of a criminal legal response.
 See, eg, Brent Fisse and John Braithwaite, ‘The Allocation of Responsibility for Corporate Crime: Individualism, Collectivism and Accountability’  SydLawRw 3; (1988) 11(3) Sydney Law Review 468 (‘The Allocation of Responsibility for Corporate Crime’); Brent Fisse and John Braithwaite, Corporations, Crime and Accountability (Cambridge University Press, 1993); Gregory Gilchrist, ‘The Expressive Cost of Corporate Immunity’ (2012– 2013) 64(1) Hastings Law Journal 1; Neil Gunningham, ‘Negotiated Non-Compliance: A Case Study of Regulatory Failure’ (1987) 9(1) Law and Policy 69; Celia Wells, Corporations and Criminal Responsibility (Oxford University Press, 2nd ed, 2001); Jonathon Clough, ‘Bridging the Theoretical Gap: The Search for a Realist Model of Corporate Criminal Liability’ (2007) 18(3– 4) Criminal Law Forum 267; Eli Lederman, ‘Models for Imposing Corporate Criminal Liability: From Adaptation and Imitation towards Aggregation and the Search for Self-Identity’ (2000) 4(1) Buffalo Criminal Law Review 641.
 Scott Veitch, Law and Irresponsibility: On the Legitimation of Human Suffering (Routledge-Cavendish, 2007) 2.
 Celia Wells, ‘Corporate Responsibility and Compliance Programs in the United Kingdom’ in Stefano Manacorda, Gabrio Forti and Francesco Centonze (eds), Preventing Corporate Corruption: The Anti Bribery Compliance Model (Springer, 2014) 505.
 See Criminal Finances Act 2017 (UK) ss 45–6.
 The proposed amendments under the Crimes Legislation Amendment (Combatting Corporate Crime) Bill 2019 (Cth) (‘CLACCC Bill 2019’) to various Commonwealth Acts are broadly similar to those proposed under the Crimes Legislation Amendment (Combatting Corporate Crime) Bill 2017 (Cth), which lapsed in 2019. A major difference between the UK bribery offence and the proposed Australian offence is that the Australian offence’s broader definition of ‘associate’ of the company draws the liability net more widely that the UK offence: Mark Lewis, ‘Criminalising Corporate Failures to Prevent: Foreign Bribery by Non-Controlled Associates — A Net Cast Too Wide’ (2020) 44 Criminal Law Journal 80, 83–5.
 Brent Fisse, ‘Penal Designs and Corporate Conduct: Test Results from Fault and Sanctions in Australian Cartel Law’  AdelLawRw 25; (2019) 40(1) Adelaide Law Review 285, 287.
 W Robert Thomas, ‘Making Sense of Corporate Criminals: A Tentative Taxonomy’ (2019) 17(SI) Georgetown Journal of Law & Public Policy 775, 792–3.
 Elizabeth S Anderson and Richard H Pildes, ‘Expressive Theories of Law: A General Restatement’ (2000) 148(5) University of Pennsylvania Law Review 1503; Mihailis E Diamantis, ‘Corporate Criminal Minds’ (2016) 91(5) Notre Dame Law Review 2049, 2062.
 ‘Terms of Reference: Letters Patent’, Royal Commission into Institutional Responses to Child Sexual Abuse (Web Page, 13 November 2014) <https://www.childabuseroyalcommission.gov.au/
terms-reference> (‘Child Sexual Abuse Royal Commission TOR’); Letter from Sir Peter Cosgrove to Kenneth Madison Hayne (Register of Patents No 52 Page 67, 14 December 2017) 2–3 <https://financialservices.royalcommission.gov.au/Documents/Signed-Letters-Patent-Financial-Services-Royal-Commission.pdf> (‘Banking Royal Commission TOR’); ‘Terms of Reference’, Royal Commission into Aged Care Quality and Safety (Web Page, 6 December 2018) <https://agedcare.royalcommission.gov.au/about/terms-reference> (‘Aged Care Royal Commission TOR’).
 Child Sexual Abuse Royal Commission TOR (n 16); Royal Commission into Institutional Responses to Child Sexual Abuse (Final Report, December 2017) (‘Child Sexual Abuse Royal Commission Final Report’).
 Royal Commission into Misconduct in the Banking, Superannuation, and Financial Services Industry (Final Report, February 2019) (‘Banking Royal Commission Final Report’).
 Banking Royal Commission TOR (n 16).
 Banking Royal Commission Final Report (n 18) vol 1, ch 1.
 Aged Care Royal Commission TOR (n 16).
 Aged Care Royal Commission Interim Report (n 6). The Commission will provide a Final Report by 26 February 2021.
 Australian Law Reform Commission (‘ALRC’), Discussion Paper: Corporate Criminal Responsibility (Discussion Paper No 87, November 2019) <https://www.alrc.gov.au/publication/
discussion-paper-87/>; ALRC, Corporate Criminal Responsibility (Report 136, April 2020) 29–30 <https://www.alrc.gov.au/publication/corporate-criminal-responsibility/>.
 Work safety is regulated by Commonwealth and state legislation such as the Work Health and Safety Act 2011 (Cth). Many health and safety offences have a similar structure to the proposed failure to prevent a breach of duty offence in the CLACCC Bill 2019 (n 12). For example, under s 32 of the Work Health and Safety Act 2011 (Cth) an organisation can be charged with a category two offence for ‘failure to comply with a health and safety duty’.
 The Commonwealth’s key environmental legislation is the Environment Protection and Biodiversity Conservation Act 1999 (Cth).
 See, eg, Shurlee Swain, ‘History of Australian Inquiries Reviewing Institutions Providing Care for Children’ (Research Report, Autralian Catholic University, October 2014). The UK is currently undertaking an Independent Inquiry into Child Sexual Abuse: see Independent Inquiry into Child Sexual Abuse (Web Page) <https://www.iicsa.org.uk/>. For a summary of aged care inquiries, see House of Representatives Standing Committee on Health, Aged Care and Sport, Parliament of Australia, Report on the Inquiry into the Quality of Care in Residential Aged Care Facilities in Australia (Report, October 2018) ch 1. See also ‘The Royal Commission into Aged Care Quality and Safety: A Quick Guide’, Parliament of Australia (Web Page, 18 September 2019) <https://www.aph.gov.au/About_Parliament/Parliamentary_Departments/Parliamentary_Library/pubs/rp/rp1920/Quick_Guides/RoyalCommissionAgedCare>.
 Fisse and Braithwaite, Corporations, Crime and Accountability (n 8). It is beyond the scope of this article to consider the shortcomings of the regulators in this area, but the cultures of the regulators are key, as is a failure to unite the different sectors and consider corporate wrongdoing as a whole.
 See below nn 147–50 and accompanying text.
 See, eg, Victoria Roper, ‘The Corporate Manslaughter and Corporate Homicide Act 2007 —
A 10 Year Review’ (2018) 82(1) The Journal of Criminal Law 48, 48.
 Wells (n 10) 506.
 Max Radin, ‘The Endless Problem of Corporate Personality’ (1932) 32(4) Columbia Law Review 643.
 Eric Colvin, ‘Corporate Personality and Criminal Liability’ (1995) 6(1) Criminal Law Forum 1; Meir Dan-Cohen, Rights, Persons, and Organizations: A Legal Theory for Bureaucratic Society (University of California Press, 1986). Fatal robots are arguably a way in which corporations can act without humans: see, eg, SM Solaiman, ‘Corporate Manslaughter by Industrial Robots at Work: Who Should Go on Trial under the Principle of Common Law in Australia’ (2016) 35(1) Journal of Law and Commerce 21.
 Fisse (n 13); Jennifer G Hill, ‘Corporate Criminal Liability in Australia: An Evolving Corporate Governance Technique?’ (Law and Economics Research Paper No 03-10, Vanderbilt Law School, 2003).
 Amy J Sepinwall, ‘Corporate Moral Responsibility’ (2016) 11(1) Philosophy Compass 3, 3.
 R v Australasian Films Ltd  HCA 11; (1921) 29 CLR 195.
 See New York Central and Hudson River Railroad Co v United States 212 US 481 (1909). For an analysis of the problematic foundations of vicarious liability, see the civil case of Prince Alfred College Incorporated v ADC  HCA 37; (2016) 258 CLR 134. Fisse has argued that Australian cartel law is a species of vicarious liability: see Fisse (n 13). For vicarious liability in the United States, see Lucian E Dervan, ‘Corporate Criminal Liability, Moral Culpability, and the Yates Memo’ (2016) 46(1) Stetson Law Review 111.
  UKHL 1;  AC 153 (‘Tesco v Nattrass’) cited in Hamilton v Whitehead  HCA 65; (1988) 166 CLR 121, 127. The UK has largely reaffirmed the directing mind approach in Attorney-General’s Reference (No 2 of 1999)  EWCA Crim 91;  QB 796. The test was tempered somewhat by the Privy Council expanding the people whose actions and state of mind are attributed to the company in Meridian Global Funds Management Asia Ltd v Securities Commission  UKPC 5;  2 AC 500.
 The directing mind can be more than one person acting collectively, such as a board of directors: see James Chalmers, ‘Corporate Culpable Homicide: Transco Plc v HM Advocate’ (2004) 8(2) Edinburgh Law Review 262. For an analysis of the common law position see Olivia Dixon, ‘Corporate Criminal Liability: The Influence of Corporate Culture’ in Justin O’Brien and George Gilligan (eds), Integrity, Risk and Accountability in Capital Markets: Regulating Culture (Hart Publishing, 2013) 251.
 Solaiman (n 33) 51.
 For judicial criticisms, see Meridian Global Funds Management Asia Limited v Securities Commission  UKPC 5;  2 AC 500, 506–7, 511–12 (Lord Hoffmann); Canadian Dredge & Dock Co v The Queen 1985 CanLII 32 (SCC);  1 SCR 662, 693 (Estey J); Moulin Global Eyecare Trading Ltd v Commissioner of Inland Revenue  HKCFA 22  (Lord Walker of Gestingthorpe). See also Stefan HC Lo, ‘Context and Purpose in Corporate Attribution: Can the “Directing Mind” Be Laid to Rest?’ (2017) 4(2) Journal of International and Comparative Law 349.
 Liz Campbell, ‘Corporate Liability and the Criminalisation of Failure’ (2018) 12(2) Law and Financial Markets Review 57, 59.
 Tesco v Nattrass (n 38).
 Campbell (n 42) 58.
 Brent Fisse, ‘Consumer Protection and Corporate Criminal Responsibility — A Critique of Tesco Supermarkets Ltd v Nattrass’  AdelLawRw 5; (1971) 4(1) Adelaide Law Review 113; Margaret Gilbert, ‘Who’s to Blame? Collective Moral Responsibility and Its Implications for Group Members’ (2006) 30(1) Midwest Studies in Philosophy 94; Lo (n 41).
 Colvin (n 33).
 Department of Transport (UK), The Merchant Shipping Act 1894: MV Herald of Free Enterprise (Report of Court No 8074 Formal Investigation, September 1987) 10.
 R v P&O European Ferries (Dover) Ltd (1990) 93 Cr App R 72.
 Diamantis (n 1) 328.
 This is a summary from Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry: Interim Report (28 September 2018) (‘Banking Royal Commission Interim Report’) vol 2, 388–404.
 Banking Royal Commission Interim Report (n 50) vol 2, 392.
 Ibid 401.
 Ibid 403.
 HL Bolton (Engineering) Co Ltd v TJ Graham & Sons Ltd  1 QB 159, 172 (Lord Denning). See also R v AC Hatrick Chemical Pty Ltd (1995) 152 A Crim R 384.
 Diamantis (n 1) 330.
 Banking Royal Commission Interim Report (n 50) vol 2, 402.
 See, eg, Susanna M Kim, ‘Characteristics of Soulless Persons: The Applicability of the Character Evidence Rule to Corporations’ (2000) 2000(3) University of Illinois Law Review 763; Dan-Cohen (n 33).
 Hill (n 34).
 See, eg, Banking Royal Commission Final Report (n 18) vol 2, 47–62, 151–9; Aged Care Royal Commission Interim Report (n 6) vol 1, 62–3, vol 2, 7–8; Royal Commission into Institutional Responses to Child Sexual Abuse: The Experiences of Four Survivors with the Towards Healing Process (Report of Case Study No 4, January 2015) on the Catholic Church and its responses to abuse.
 John Hasnas, ‘Reflections on Corporate Moral Responsibility and the Problem Solving Technique of Alexander the Great’ (2012) 107(2) Journal of Business Ethics 183.
 Fisse (n 13). See also Alice Belcher, ‘Imagining How a Company Thinks: What is Corporate Culture?’  DeakinLawRw 1; (2006) 11(2) Deakin Law Review 1.
 For example, Gilbert has argued that collective attitudes are distinct from, and cannot be analysed in terms of, an aggregate or sum of individual attitudes: see Margaret Gilbert, Sociality and Responsibility: New Essays in Plural Subject Theory (Rowman & Littlefield Publishers, 2000); Gilbert (n 45). See also John Searle, ‘Collective Intentions and Actions’ in Philip R Cohen, Jerry Morgan, and Martha E Pollack (eds), Intentions in Communication (MIT Press, 1990) 401; Marion Smiley, ‘From Moral Agency to Collective Wrongs: Rethinking Collective Moral Responsibility’ (2010) 19(1) Journal of Law and Policy 171, 201.
 Criminal Code Act 1995 (Cth) sch 1 (‘Criminal Code’).
 Ibid s 12.1(1).
 Ibid ss 12.3 (2)(a) and (b) reflect identification theory from Tesco v Nattrass (n 38), with traditional agency provisions for attributing the state of mind of the ‘directing mind’ to the corporation, while the definition of high managerial agent is consistent with the approach of Meridian Global Funds Management Asia Ltd v Securities Commission  UKPC 5;  2 AC 500. Where conduct is that of a high managerial agent, an organisation can defend itself on the basis that it is able to show that it had adequate corporate management, control or supervision of the conduct per s 12.4(3). See Tahnee Woolf, ‘The Criminal Code Act 1995 (Cth) — Towards a Realist Vision of Corporate Criminal Liability’ (1997) 21(5) Criminal Law Journal 257, 269–70.
 Criminal Code (n 63) ss 12.3(2)(c)–(d).
 Clough (n 8) 283.
 John C Coffee, ‘Corporate Criminal Liability: An Introduction and Comparative Survey’ in Albin Eser, Günter Heine and Barbara Huber (eds), Criminal Responsibility of Legal and Collective Entities (Edition Iuscrim, 1999) 9, 20.
 Jonathan Clough and Carmel Mulhern, The Prosecution of Corporations (Oxford University Press, 2002) 138.
 Karen Wheelwright, ‘Goodbye Directing Mind and Will, Hello Management Failure: A Brief Critique of Some New Models of Corporate Criminal Liability’ (2006) 19(3) Australian Journal of Corporate Law 287.
 The ALRC has identified one prosecution in which the culture provisions have been relied upon: ALRC, Corporate Criminal Responsibility (n 24) 245–6 citing R v Potter (2015) 25 Tas R 213. Lewis argues that compliance culture has been a ‘long-standing area of investigation and enforcement’, demonstrated, for example, by Trade Practices Commission v CSR Ltd (1991) ATPR 41076, 52, 152: Lewis (n 12) 93. For an analysis of the limitations of the corporate culture provisions with regard to foreign subsidiaries, see Radha Ivory and Anna John, ‘Holding Companies Responsible: The Criminal Liability of Australian Corporations for Extraterritorial Human Rights Violations’ (2017) 40(3) University of New South Wales (UNSW) Law Journal 1175.
 Colvin and Argent (n 7). See also Caron Beaton-Wells and Brent Fisse, Australian Cartel Regulation: Law, Policy and Practice in an International Context (Cambridge University Press, 2011). Cf many theorists who argue that organisational culture is a key driver of corporate crime and misconduct: see, eg, Jamie-Lee Campbell and Aja Goritz, ‘Culture Corrupts! A Qualitative Study of Organizational Culture in Corrupt Organizations’ (2014) 120(3) Journal of Business Ethics 291.
 It is beyond the scope of this article to consider whether corporate culture should be retained and expanded more broadly or jettisoned, as recommended recently by the ALRC: see ALRC, Corporate Criminal Responsibility (n 24) 14 (Recommendation 7).
 The proposed Australian offence of failure to prevent bribery is modelled on the UK offence: see CLACCC Bill 2019 (n 12).
 Bribery Act 2010 (UK) s 7 (‘Bribery Act (UK)’). See also Wells (n 10) 508.
 Criminal Finances Act 2017 (UK) (n 11) ss 45(1), (2)(a).
 Joint Committee on Human Rights, Human Rights and Business 2017: Promoting Responsibility and Ensuring Accountability (House of Lords Paper No 153, House of Commons Paper No 443, Session 2016–17) – <https://publications.parliament.uk/pa/jt201617/jtselect/jtrights/443/443.pdf>. See also Ivory and John (n 71).
 Celia Wells, ‘Corporate Failure to Prevent Economic Crime — A Proposal’ (2017) 6 Crim LR 426, 427. Wells argues in favour of extending the failure to prevent offence to other economic crimes.
 ‘Freedom of Information: 2020-040 – Bribery Act 2010’, Serious Fraud Office (UK) (Web Page, 1 March 2020) <https://www.sfo.gov.uk/foi-request/2020-040-bribery-act-2010/>.
 R v Sweett Group plc (Unreported, Southwark Crown Court, 19 February 2016).
 Deferred Prosecution Agreements (‘DPAs’) are agreements reached between the prosecutor and a corporate entity that could be prosecuted for a crime. In the UK, DPAs must be approved by a judge who is persuaded that the DPA is ‘in the interests of justice’ and that its terms are ‘fair, reasonable and proportionate’: see Crime and Courts Act 2013 (UK) sch 17 ss 7–8; ‘Deferred Prosecution Agreements’, Serious Fraud Office (UK) (Web Page) <https://www.sfo.gov.uk/publications/
guidance-policy-and-protocols/deferred-prosecution-agreements/>. For approved DPAs, see, eg, Serious Fraud Office v Airbus SE (Unreported, Southwark Crown Court, 31 January 2020); Serious Fraud Office v Güralp Systems Ltd (Unreported, Royal Courts of Justice, 22 October 2019); Serious Fraud Office v Sarclad Ltd  7 WLUK 211; Serious Fraud Office v Standard Bank plc  11 WLUK 804; Serious Fraud Office v XYZ Limited (Unreported, Royal Courts of Justice, 8 July 2016); Serious Fraud Office v Rolls Royce  1 WLUK 189.
 R v Skansen Interiors Ltd (Unreported, Southwark Crown Court, 21 February 2018); Select Committee on the Bribery Act 2010, The Bribery Act 2010: Post-Legislative Scrutiny (House of Lords Paper No 303, Session 2017–19, 14 March 2019) <https://publications.parliament.uk/pa/
 Select Committee on the Bribery Act 2010 (n 82).
 Ibid 52 .
 Lewis has recently argued that ‘there is still no evidence that it [the bribery offence] has been effective in reducing the prevalence of foreign bribery or improving corporate compliance culture’: Lewis (n 12) 92. He points to the recent Airbus settlement (n 81), which covered extensive bribery that occurred after the enactment of the new failure-to-prevent offence.
 It is argued that the foundational offence supplements intentionality: Ian B Lee, ‘Corporate Criminal Responsibility as Team Member Responsibility’ (2011) 31(4) Oxford Journal of Legal Studies 755, 760–61.
 The offences of child sexual abuse and grooming are considered in depth in the Child Sexual Abuse Royal Commission Final Report (n 17) 194–206.
 Ibid 202.
 Ibid 139.
 World Health Organization, ‘Elder Abuse,’ Ageing and Life-course (Web Page) <http://www.who.int/
 Aged Care Royal Commission Interim Report (n 6) 4–7.
 Royal Commission into Aged Care Quality and Safety: Restrictive Practices in Residential Aged Care in Australia (Background Paper 4, May 2019) 5.
 Quality of Care Amendment (Minimising the Use of Restraints) Principles 2019 sch 1, 1 (definition of ‘restraint’).
 Janet Timmins, ‘Compliance with Best Practice: Implementing the Best Available Evidence in the Use of Physical Restraint in Residential Aged Care’ (2008) 6(3) International Journal of Evidence-Based Healthcare 345.
 Aged Care Royal Commission Interim Report (n 6) vol 1, 193.
 Ibid 196.
 Ibid 194.
 Australian Law Reform Commission, Elder Abuse: A National Legal Response (Report 131,
14 June 2017) 11.
 Aged Care Royal Commission Interim Report (n 6) vol 1, 74.
 Banking Royal Commission Final Report (n 18) vol 1, 9–10.
 The Criminal Code defines obtaining property by deception as ‘the person, by a deception, dishonestly obtains property belonging to another with the intention of permanently depriving the other of the property’: Criminal Code (n 63) s 134.1(1)(a).
 Banking Royal Commission Final Report (n 18) vol 1, 154.
 These duties of care are summarised in Banking Royal Commission Final Report (n 18) vol 1, 9–11.
 In its Corporate Criminal Responsibility report, the ALRC has proposed a defence of due diligence as comparable to the reasonable/adequate procedure defence in the UK: see ALRC, Corporate Criminal Responsibility (n 24) 259–66.
 Bribery Act (UK) (n 75) s 7(2).
 This is a slightly different wording of the Bribery Act (UK) (n 75) and Criminal Finances Act 2017 (UK) (n 11) defences. Campbell has stated that though ‘one could question why the defences were not standardised, it seems to be the case that lobbying from financial institutions provided the driver to adopt reasonableness, as apparently the less onerous standard’: Campbell (n 42) 61.
 See above n 100 and accompanying text.
 HM Revenue & Customs, Tackling Tax Evasion: Government Guidance for the Corporate Offences of Failure to Prevent the Criminal Facilitation of Tax Evasion (Government Guidance, 1 September 2017) <https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/672231/Tackling-tax-evasion-corporate-offences.pdf>. See also Facilitation of Tax Evasion Offences (Guidance About Prevention) Regulations 2017 (UK) SI 2017/876. Guidelines would need to be developed if an Australian offence of failure to prevent breach of legal duty was to be introduced. The Australian Government has also released draft guidance relating to bribery of foreign public officials and the proposed Australian CLACCC Bill 2019: Attorney-General’s Department (Cth), Draft Guidance on the Steps a Body Corporate Can Take to Prevent an Associate from Bribing Foreign Public Officials (Consultation Draft, November 2019) <https://www.ag.gov.au/sites/default/files/2020-03/Draft-guidance-on-adequate-procedures-to-prevent-the-commission-of-foreign-bribery.pdf>.
 The Select Committee on the Bribery Act 2010 recommended clarification of the Guidance — particularly taking into account different sizes of companies and also the issue of reasonable as opposed to adequate procedures: see Select Committee on the Bribery Act 2010 (n 82).
 See above n 108.
 The literature in this area is prolific, but a good summary in application to white collar crime is Michael L Benson, Tamara D Madensen and John E Eck, ‘White-Collar Crime from an Opportunity Perspective’ in Sally S Simpson and David Weisburd (eds), The Criminology of White-Collar Crime (Springer, 2009) 175.
 Pamela H Bucy, ‘Corporate Ethos: A Standard for Imposing Corporate Criminal Liability’ (1991) 75(4) Minnesota Law Review 1095.
 Select Committee on the Bribery Act 2010 (n 82) 52.
 Dervan (n 37).
 See Part III. See, eg, John Braithwaite, ‘The Nursing Home Industry’ (1993) 18 Crime and Justice: A Review of Research 11.
 For a detailed case study of failings, see Crofts (n 5).
 Child Sexual Abuse Royal Commission Final Report (n 17) vol 13 (Schools) 13, 132.
 For example, management failed to follow recruitment procedures such as contacting referees and undertaking police checks: see Royal Commission into Institutional Responses to Child Sexual Abuse: The Responses of the Catholic Archdiocese of Adelaide, and the South Australian Police, to Allegations of Child Sexual Abuse at St Ann’s Special School (Report of Case Study No 9, 4 June 2015) (‘Report of Case Study No 9’).
 For example, the driver of a school bus for children with disabilities was frequently late in dropping off children. It was during this time that he offended against the children: see Report of Case Study No 9 (n 118).
 For example, Swimming Australia and Swimming Queensland allowed unsupervised access to children by swimming coach Scott Volkers even after sexual abuse allegations had been made: see Royal Commission into Institutional Responses to Child Sexual Abuse: Response of Swimming Institutions, the Queensland and NSW Officers of the DPP and the Queensland Commission for Children and Young People and Child Guardian to Allegations of Child Sexual Abuse by Swimming Coaches (Report of Case Study No 15, 14 December 2015). Note that in March 2020 charges against Volkers were permanently stayed: George Roberts and Ashleigh Stevenson, ‘Charges against Swim Coach Scott Volkers Permanently Stayed’, ABC News (online, 11 March 2020) <https://www.abc.net.au/news/2020-03-10/scott-volkers-charges-dropped/12041886>.
 C Gastmans and K Milisen, ‘Use of Physical Restraint in Nursing Homes: Clinical-Ethical Considerations’ (2006) 32(3) Journal of Medical Ethics 148, 151.
 Genise Marquardt, Kathrin Bueter and Tom Motzek, ‘Impact of the Design of the Built Environment on People with Dementia: An Evidence-Based Review’ (2014) 8(1) Health Environments Research & Design Journal 127.
 Juanita L Westbury et al, ‘RedUSe: Reducing Antipsychotic and Benzodiazepine Prescribing in Residential Aged Care Facilities’ (2018) 208(9) Medical Journal of Australia 398.
 Gavin J Andrews and Elizabeth Peter, ‘Moral Geographies of Restraint in Nursing Homes’ (2006) 3(1) Worldviews on Evidence-Based Nursing 2.
 Gastmans and Milisen (n 122).
 Aged Care Royal Commission Interim Report (n 6) vol 1, 205.
 Ibid 207.
 Banking Royal Commission Interim Report (n 50) vol 1, 108–12.
 Ibid 131.
 Ibid 126–31.
 Ibid 111.
 Banking Royal Commission Final Report (n 18) vol 2, 13, 28.
 Ibid 15–16.
 Ibid 16–17.
 Ibid 34.
 Ibid 34–5. In September 2020, the Federal Court of Australia determined the ASIC penalty payable by NULIS and MLC Nominees in relation to fees for no service: Australian Securities and Investments Commission v MLC Nominees Pty Ltd  FCA 1306.
 Ibid 35.
 Fisse and Braithwaite, ‘The Allocation of Responsibility for Corporate Crime’ (n 8) 505.
 Banking Royal Commission Final Report (n 18) vol 2, 60.
 Ibid 47.
 Royal Commission into Institutional Responses to Child Sexual Abuse: The Response of Knox Grammar School and the Uniting Church of Australia to Allegations of Child Sexual Abuse at Knox Grammar School in Wahroonga, New South Wales (Report of Case Study No 23, 13 September 2016) 69–73.
 Ibid 71.
 Nick Dole, ‘Knox Swimming Teacher Charged with Possessing Child Abuse Material’, ABC News (online, 6 August 2019) <https://www.abc.net.au/news/2019-08-06/knox-grammar-teacher-arrested-child-abuse-material/11386954>.
 Louise Milligan, Mary Fallon and Lauren Day, ‘How St Kevin’s College Supported a Child Sex Offender Coach to the Horror of his Student Victim’, ABC News (online, 17 February 2020) <https://www.abc.net.au/news/2020-02-17/st-kevins-college-supported-sex-offender-over-student-victim/11957510>.
 This analysis shows that part of the problem is a failure to report child sex offending. This led to the Royal Commission recommending the creation of an offence of failure to report. The Royal Commission also recommended a failure-to-protect offence by a person in authority: see Royal Commission into Institutional Responses to Child Abuse: Criminal Justice Report — Executive Summary and Parts I-II (Report, 14 August 2017) 50 (Recommendation 33), 56 (Recommendation 36).
 Donald Palmer and Celia Moore, ‘Social Networks and Organizational Wrongdoing in Context’ in Donald Palmer, Kristin Smith-Crowe and Royston Greenwood (eds), Organizational Wrongdoing: Key Perspectives and New Directions (Cambridge University Press, 2016) 203.
 See Gilchrist (n 8); Donald Palmer, Normal Organizational Wrongdoing: A Critical Analysis of Theories of Misconduct in and by Organizations (Oxford University Press, 2012).
 Steven Bittle and Laureen Snider, ‘From Manslaughter to Preventable Accident: Shaping Corporate Criminal Liability’ (2006) 28(4) Law and Policy 470.
 Robert Apel and Raymond Paternoster, ‘Understanding “Criminogenic” Corporate Culture; What White-Collar Crime Research Can Learn from Studies of the Adolescent Employment-Crime Relationship’ in Sally S Simpson and David Weisburd (eds), The Criminology of White Collar Crime (Springer, 2009) 15; Tombs and Whyte (n 1); Penny Green and Tony Ward, State Crime: Governments, Violence and Corruption (Pluto Press, 2004).
 The Criminal Code does not impose a reverse onus of proof on corporations because it would be unfair, particularly where a corporation had been charged with the most serious offences: Explanatory Memorandum, Criminal Code Bill 1994 (Cth) 45.
 Fisse and Braithwaite, ‘The Allocation of Responsibility for Corporate Crime’ (n 8) 511–12.
 Ibid 505–7.
 Wells (n 78) 435.
 Fisse and Braithwaite, Corporations, Crime and Accountability (n 8).
 See Andrew Ashworth and Lucia Zedner, ‘Defending the Criminal Law: Reflections on the Changing Character of Crime, Procedure and Sanctions’ (2008) 2(1) Criminal Law and Philosophy 21, 47–8. See also Davies v Health and Safety Executive  EWCA Crim 2949 (‘Davies’).
 See, eg, R v Lambert  UKHL 37;  2 AC 545; R v Oakes  1 SCR 103.
 Lo (n 41) 367.
 For example, the defence of mental illness is a common law defence that the accused must prove on the balance of probabilities: M’Naghten’s Case  EngR 875; (1843) 10 Cl & Fin 200; 8 ER 718. In New South Wales (‘NSW’), the accused must also prove the defence of substantial impairment of the mind at the time of the act causing death: Crimes Act 1900 (NSW) s 23A(4).
 John C Coffee Jr, ‘No Soul to Damn: No Body to Kick: An Unscandalised Inquiry into the Problem of Corporate Punishment’ (1981) 79(3) Michigan Law Review 386.
 Kim (n 57).
 Ellen S Podgor, ‘A New Corporate World Mandates a “Good Faith” Affirmative Defense’ (2007) 44(4) American Criminal Law Review 1537, 1538.
 TM Scanlon, The Difficulty of Tolerance: Essays in Political Philosophy (Cambridge University Press, 2003) 231–2.
 See, eg, Davies (n 156).
 Hill (n 34).
 Roger Shiner, ‘Corporations and the Presumption of Innocence’ (2014) 8(2) Criminal Law and Philosophy 485; Jeremy Horder, ‘Bureaucratic “Criminal” Law: Too Much of a Bad Thing?’ in RA Duff et al (eds), Criminalization: The Political Morality of the Criminal Law (Oxford University Press, 2014) 101, 124.
 Joel Feinberg, Moral Limits of the Criminal Law Volume 1: Harm to Others (Oxford University Press, 1987); Claudia Card, The Atrocity Paradigm: A Theory of Evil (Oxford University Press, 2002).
 John Stuart Mill, On Liberty (The Floating Press, 1909) 18.
 George Fletcher, Rethinking Criminal Law (Little Brown, 1978) ch 4. Manslaughter by unlawful and dangerous act requires only the mens rea to commit the foundational offence. Manslaughter by criminal negligence requires only that the act or omission was criminally negligent. Both these offences have objective parameters, with the prosecution required to prove, in the case of manslaughter by unlawful and dangerous act, that a reasonable person in his or her position would have realised that his or her act was exposing the victim to an appreciable risk of serious injury: Wilson v The Queen  HCA 31; (1992) 174 CLR 313. In manslaughter by criminal negligence, the prosecution must prove that the accused’s conduct constituted such a great falling short of the standard of care that a reasonable person would have exercised and carried such a high risk of death or grievous bodily harm as to merit criminal punishment: R v Lavender  HCA 37; (2005) 222 CLR 67. Because these are objective standards there is no requirement of knowledge or intention on the part of the accused.
 Feinberg (n 167) 31–64.
 See, eg, Child Sexual Abuse Royal Commission Final Report (n 17) vol 9 (Advocacy, Support, and Therapeutic Treatment Services).
 Gastmans and Milisen (n 122).
 Emma N Bellenger et al, ‘The Nature and Extent of Physical Restraint-Related Deaths in Nursing Homes: A Systematic Review’ (2018) 30(7) Journal of Aging and Health 1042, 1043.
 Adele Ferguson provides an overview of the many different harms caused by banks over the last few decades. See Adele Ferguson, Banking Bad (HarperCollins Publishers Australia, 2019).
 Banking Royal Commission Final Report (n 18).
 David M Uhlmann, ‘The Pendulum Swings: Reconsidering Corporate Criminal Prosecution’ (2016) 49(4) UC Davis Law Review 1235, 1253.
 See, eg, Mary Midgley, Wickedness: A Philosophical Essay (Routledge, 2nd ed, 2001) 13; Susan Neiman, Evil in Modern Thought: An Alternative History of Philosophy (Princeton University Press, 2002).
 Midgley (n 177).
 See Glanville Williams, ‘Criminal Omissions — The Conventional View’ (1991) 107(1) Law Quarterly Review 86.
 Andrew Ashworth, Positive Obligations in Criminal Law (Hart Publishing, 2013).
 See Davies (n 156).
 Jennifer G Hill and Matthew Conaglen, ‘Director’s Duties and Legal Safe Harbours: A Comparative Analysis’ in DG Smith and Andrew S Gold (eds), Research Handbook of Fiduciary Law (Edward Elgar Publishing, 2018) 305; Jason Harris and Anil Hargovan, ‘Still a Sleepy Hollow? Directors’ Liability and the Business Judgment Rule’ (2017) 31(3) Australian Journal of Corporate Law 319.
 See Corporations Act 2001 (Cth) pt 2D.1.
 It has been argued that although subjectivism is claimed as the ideal in criminal law, the exceptions to the rule far outnumber the rule itself: see Alan Norrie, Crime, Reason and History: A Critical Introduction to Criminal Law (Cambridge University Press, 2014).
 He Kaw Teh v The Queen  HCA 43; (1985) 157 CLR 523, 528 (Gibbs CJ) approving the statement in Sherras v De Rutzen  UKLawRpKQB 77;  1 QB 918, 921.
 Andrew Ashworth, ‘Taking the Consequence’ in Stephen Shute, John Gardner and Jeremy Horder (eds), Action and Value in Criminal Law (Clarendon Press, 1993) 107, 123.
 He Kaw Teh (n 185) 530, 534 (Gibbs CJ), 568 (Brennan J).
 Diamantis (n 15).
 Examples in NSW include dangerous driving causing death (Crimes Act 1900 (NSW) s 52A), the majority of drug offences and the involuntary manslaughter offences discussed above: see above n 169 and accompanying text.
 R v Lavender (n 169) 107 . Many criminal law theorists have sought to debunk the dominance of subjective culpability: see, eg, AP Simester, ‘Can Negligence Be Culpable?’ in Jeremy Horder (ed), Oxford Essays in Jurisprudence: Fourth Series (Oxford University Press, 2000) 85; Penny Crofts, Wickedness and Crime: Laws of Homicide and Malice (Routledge, 2013); HLA Hart, Punishment and Responsibility (Clarendon Press, 1968).
 Midgley (n 177).
 Aurelius Augustine, The City of God, (Project Gutenberg eBook, 2014) XI ch 9. See also, Midgley (n 177), who draws upon Aristotle for a secular account of the negative model of wickedness.
 Aurelius Augustine, The Confessions of St Augustine (Edward Pusey trans, Collier, 1961) VI iii 4.
 Peter Cane, Responsibility in Law and Morality (Hart Publishing, 2002) 179.
 Joel Bakan, The Corporation: The Pathological Pursuit of Profit and Power (Simon and Schuster, 2004).
 Dan M Kahan, ‘Social Meaning and the Economic Analysis of Crime’ (1998) 27(2 – Part 2) Journal of Legal Studies 609.
 See Fisse and Braithwaite, Corporations, Crime and Accountability (n 8). See also Paul Almond, Corporate Manslaughter and Regulatory Reform (Palgrave Macmillan, 2013).