The Legacy of Lehman: economic crime and the global financial crisis

This article is part of our series marking the 10 year anniversary of the collapse of Lehman examining today's issues from the perspective of Lehman and Lehman's legacy.

Executive summary

In the wake of the 2008 financial crisis there has been a proliferation of instruments available to prosecutors dealing with economic crime. Financial institutions’ exposure to criminal liability has increased commensurately. However, it is still not clear that the criminal law has expanded sufficiently in order to capture some of the conduct of financial markets participants subsequently regarded by many as criminal. Moreover, there is significant risk that legislators have been fighting past battles while future crises, and behaviour worthy of criminal sanction arising within these, may not be so well accounted for.


Ten years on from the financial crisis the extent to which economic crime played a role in causing it remains in dispute. But there is little doubt that a very significant amount of white-collar crime - including market manipulation, fraud and money laundering - was revealed by the crisis when the tide went out. However, whilst there were successful headline prosecutions – most notably that of Bernie Madoff - ten years on from the worst financial crisis in living memory, only one senior banker in the United States has gone to prison in relation to his conduct in the heat of that crisis (Kareem Serageldin of Credit Suisse). In the UK, none has gone to prison.

Historically this is unusual. In the US, following the crash in 1929, the head of the New York Stock Exchange was incarcerated. The 1980s savings product scandals in the US led to 1,100 prosecutions including those of top executives at failed banks. Following the Nasdaq bubble bursting in the late 1990s and early 2000s, corporate accounting scandals led to top executives at WorldCom, Enron, Qwest and Tyco being imprisoned and, ultimately, the prosecution and collapse of Arthur Andersen. Prosecutors in the UK have historically been less prolific. But there remain plenty of examples of such conduct being punished through the criminal justice system including famous cases relating to Barings Bank, Polly Peck and BCCI.

Many reasons have been suggested for this supposed failure to punish criminality.  One of the most common was that, in 2008, the state simply did not have the legal mechanisms available to deal with conduct that proliferated prior to 2008 and has since been regarded by some as criminal. It should be noted that it is exceptionally difficult to pin down and translate that public outcry into a clear understanding of what precisely the criminal acts were in the financial crisis that could not be dealt with under the existing criminal law.

Regardless, the financial crisis and subsequent recriminations have completely changed the political context in which such rules are determined and created significant impetus for the extension of the criminal law. Since 2008 criminal law has expanded markedly and its enforcement globally has been increasingly dramatic and international. The result is a regulatory minefield for many businesses.

The Market Abuse Regime

Market abuse and insider dealing have been a key focus in the years since the financial crisis and remain a focal point for the Financial Conduct Authority (FCA) as part of its anti-financial crime agenda. The Market Abuse Regulation (MAR), which came into force on 3 July 2016, was introduced following a review of the EU’s 2003 Market Abuse Directive conducted in light both of the financial crisis of 2008 and the subsequent LIBOR and EURIBOR scandals.

MAR made insider dealing, unlawful disclosure, market manipulation and attempted manipulation civil offences and extended the previous UK market abuse framework to new markets, new platforms and new behaviours. The UK opted out of implementing the accompanying European Directive on Criminal Sanctions for Market Abuse. However, criminal insider dealing has long been an offence under Part V of the Criminal Justice Act 1993, and criminal market manipulation, in a response to the financial crisis and subsequent scandals, was legislated for as a criminal offence under sections 89-91 of the Financial Services Act 2012.

The broader market abuse regime has had an effect in both criminal and civil law. The next criminal prosecution for insider dealing, involving a former bank compliance officer, is currently in the offing. On the civil front there have been a number of enforcement cases under the pre-MAR regime, including the high-profile case against Tesco which also faced a related criminal prosecution ending with a deferred prosecution agreement (further detail provided here). Whilst there have not yet been any enforcement cases in the UK under MAR since it took effect in July 2016, the FCA has plenty of investigations in the pipeline.

The focus of the FCA’s regulatory agenda in this area is prevention, which goes to firms’ internal arrangements to prevent financial crime as required by the relevant SYSC rules and Principle 3 for Businesses. The FCA fined Interactive Brokers (UK) Ltd just over £1m in January 2018 for such failings.

However, there remain questions as to the effectiveness of the regime in securing convictions. The FCA opened 84 insider trading cases in 2017, surpassing its previous record of 70 in 2016, but conviction rates remain low. A January 2018 Freedom of Information request by the Times showed that the FCA has prosecuted just eight cases of insider trading in the past five years, securing 12 convictions, despite its own research suggesting almost a fifth of takeovers are preceded by suspicious share price movements.

Failure to prevent offences

The difficulty of securing convictions in economic crime is a common theme and is particularly acute in relation to corporate liability. Under English law, in order to establish corporate criminal liability, the mental element of the offence must generally be attributable to “the directing mind and will” of the company.  Therefore, the person (or persons) who are criminally responsible must be sufficiently senior, usually close to or at board level, who “speak and act as the company”.

One consequence of this is that it is much harder to prosecute a large complex corporation such as a global investment bank than a small firm, as the board is inevitably further removed from wrongdoing.

However, one legislative route - the imposition of criminal liability on organisations for a “failure to prevent” - has been implemented in the UK to alleviate the difficulty of prosecuting large companies. The Bribery Act 2010 and the Criminal Finances Act 2017 have made it possible to prosecute a company whose employees or other “associated persons” commit bribery or facilitate tax evasion where that company does not have (as appropriate) adequate or reasonable prevention procedures in place that are designed to prevent such conduct. 

To date this regime has not impinged upon the type of criminal conduct revealed during the heat of the crisis but it is likely to expand further. The Sanctions and Anti-Money Laundering Bill contains a failure to prevent money laundering offence. Potentially more significantly, there have been calls for and, in early 2017, a governmental call for evidence on an all-encompassing corporate offence of failing to prevent economic crime such as fraud, false accounting and money laundering when committed on behalf or in the name of companies. Whilst progress on this front has stalled, the introduction of such a broad offence would have major ramifications for corporate governance requirements in all businesses.

Money laundering and SARs

Many have alleged that money laundering, through the balance sheets of major international banks, was a common occurrence during the financial crisis. Indeed, there were suggestions in following years that some banks only survived due to the liquidity provided by a surge in the laundering of drug money. Regardless of whether these were true, violations of money laundering rules have certainly led to fines being imposed on a large number of international banks by national regulators across the globe.

Since 2008, the money laundering rules applicable in the UK (and Europe) have gone through a number of iterations and been strengthened considerably. The EU’s Fourth Money Laundering Directive came into force in the UK on 26 June 2017 and will be further amended by the Fifth Money Laundering Directive which entered into force on 09 July 2018 (and must be implemented by January 2020). Such rule changes, together with a hardening in attitudes to enforcement, has led to an increasingly hostile climate towards entities said to be complicit in money laundering (in particular through the imposition of increasingly severe fines). This in turn has arguably caused the explosion in the number of suspicious activity reports (SARs) made in the UK, which have doubled between 2007-2008 and 2016-2017. This has had a concomitant effect on the regulatory burden on UK banks, which say that they spend at least £5bn annually on core financial crime compliance, including enhanced systems and controls and recruitment of staff.

It has been suggested that, as currently implemented, the money laundering reporting scheme is not working. Some industry estimates suggest that many banks have anywhere between 75 - 90 percent false positive rates across their monitoring systems. The breadth of the money laundering regulations and the consequences for getting it wrong have led to banks engaging in defensive reporting and to enforcement agencies struggling with a significant number of low-quality reports. The Law Commission is currently considering the reform of the SARs regime for just these reasons.

Tax evasion

The financial crisis was not caused by and did not cause tax evasion. However, in the period since the crisis, changes in the political climate have led to a movement towards greater tax transparency and accountability for tax affairs across Europe (and beyond). Institutions in a position to facilitate criminal or unethical conduct are clearly in the authorities’ cross-hairs.

In the UK, this has been reflected in the introduction of a failure to prevent the facilitation of tax evasion offence (as above) and the adoption of increasingly aggressive enforcement strategies. Companies and individuals are increasingly being named, shamed, investigated and prosecuted, and non-transparent jurisdictions are being blacklisted. The effect of this on business has been magnified by the, at times deliberate, blurring of the line between evasion and avoidance with the result that tax avoidance as well as tax evasion has become a key part of the international anti-corruption agenda.


The last ten years have seen many jurisdictions, including the UK, aligning their approach to enforcement on models that are now tried and tested. In particular deferred prosecutions agreements (DPAs) are firmly established in the UK having spread from the USA to a wide range of jurisdictions including Singapore, France, Australia and Canada. The availability of these DPAs in some ways mirrors the advance of the “failure to prevent” regime by providing extra tools to prosecutors trying to establish corporate liability for economic crime and by placing companies’ focus clearly on compliance and, where that is absent, self-reporting and co-operation.

Cooperation has widely been seen to be key in the approach taken by enforcement agencies. The Serious Fraud Office has taken an increasingly aggressive stance on cooperation over the last few years. In particular by requiring high levels of cooperation from a company seeking a DPA, in challenging claims to privilege over internal investigations materials and in demanding that firms allow the SFO to shape investigations.

The focus on compliance and, in its breach, on cooperation places huge costs on companies. This is particularly evident in the financial sector where it is estimated that major international banks are now spending between $900m and $1.3bn a year each on financial crime compliance. This is clearly a significant burden. However, in light of the expansive and aggressive approach taken globally by enforcement agencies, it is unsurprisingly viewed as unavoidable, both by the individuals with potential personal liability and by the banks themselves who have to date been fined upwards of $342bn since the financial crisis.


Despite a public outcry, there have been very few successful prosecutions in the financial services industry in the decade since Lehman fell. Public and political confidence in the sector might have been far more quickly restored had there been public accountability.

Unfortunately, it is not altogether clear that the laws introduced to date would have markedly changed that reality. Even though compliance burdens have increased markedly, hopefully making the system safer in the process, it remains very difficult to prosecute large, complex companies of any kind or their senior employees for economic crimes of the type revealed by the financial crisis which are carried out in the course of their business.

For that reason there remains considerable impetus behind further reform - perhaps the introduction of a general “failure to prevent economic crime” offence, though that proposition has a number of disadvantageous elements (see our response to the government’s call for evidence here). There is a perception amongst many that, in the absence of such sweeping provisions, it will remain very difficult to prosecute a company on the basis of supposed criminal wrongdoing of the sort revealed by the crisis.

Moreover, there is a significant risk that the spotlight placed on financial services in the last decade has dimmed the focus placed on other, growing areas of criminal conduct that are not so well accounted for. Most significant of all may be the increasing importance, and vulnerability, of data in the modern economy where cybercrime has become the most prevalent and damaging type of fraud in the UK.

For more information on the ongoing fight against financial crime see our articles on anti-money laundering, the increasing importance of data and cybersecurity, bribery, insider dealing and market manipulation, sanctions, tax evasionanti-trust and anti-cartel and enforcement.

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.