Should we punish managers for taking too much risk? And if so, how?

Based on ‘Criminal Liability of Managers in Europe. Punishing Excessive Risk’, (2019) Hart Publishing

“In retrospect, many firms … took on too much risk and did not have sufficient resources to manage those risks effectively in a rapidly changing environment.” (Written Submission of Morgan Stanley to the Financial Crisis Inquiry Commission, John J Mack, Chairman, January 2010)

Every managerial decision is risky, at least to some extent. Conducting business is impossible without venturing into new territories and even the most ordinary daily choices could turn out to be failures. Excessive risk, however, can be very detrimental as was starkly illustrated by the most recent financial crisis. By criminalising managers’ excessive risk-taking criminal law enters a sphere at the core of business activity. But it also provides for criminal punishment for courses of conduct that can be extremely harmful.

In my new book, ‘Criminal Liability of Managers in Europe. Punishing Excessive Risk’ (Hart Publishing, 2019), I examine existing criminalisation of excessive risk-taking, I analyse whether such criminalisation is desirable and if so, under which conditions.

I argue that two types of criminal offences are legitimate and proportionate:

(1) a general offence of intentional mismanagement. It punishes exposure of the company to excessive risk (or causing a loss) and it may include reckless mismanagement, if the latter is committed for personal interests;

(2) offence(s) enforcing concrete risk-preventing rules. It aims at protecting the interests of the economic system: punishment for breaching some risk-preventing rules may be justified because of the systemic consequences these breaches may entail. It may even be legitimate to criminalise the breach even if committed negligently.

General offence of intentional mismanagement requires further explanations below.

Excessive risk-taking

The crucial context in which criminal liability for excessive risk-taking comes into play is the divide between capital and management, which is the common model of limited companies. Investors entrust their money to professionals who are supposed to manage the company’s affairs in a way that brings profit. The relationship between the company (and the shareholders) and the managers relies on trust that the managers use the assets in the best interest of the company. Managers to whom the company assets have been entrusted are accountable vis-à-vis the investors according to rules provided for by company law, their contracts and rules regulating the particular domain of business.

Most commonly managers who act contrary to the company interests or breach relevant rules would be subject to criminal liability when they cause loss to the company. The question whether excessively risky decisions should be punished irrespective of the loss, can appear in three situations. First, and most typically, it would be the case where an act of mismanagement was detected, but no loss occurred. Secondly, this could be the case when it is impossible to prove the loss according to the relevant standard of proof; and, thirdly, focusing on the excessive risk may be necessary where it is impossible to link the loss to the manager’s act.

These cases will remain at the borderline between causing a loss to the company because of wilful misuse of the company assets and decisions, which are technically correct but which turned out to be failures. The excessively risky decision in this context does not cause loss (at least not yet), but there is a need to demonstrate that the risk was excessive.

It has to be stressed also that it is not the task of criminal law to establish the criteria to decide what is too risky in business. Instead, this is done on the basis of criteria and rules regulating the business domain in question (subsidiarity of criminal law). If it cannot be demonstrated with the required certainty, that the perpetrator exposed the company to excessive risk, then he/she must benefit from the in dubio pro reo rule.

Need for criminal liability?

Excessive risk-taking by managers may be criminalised for several reasons. For instance, excessive risk-taking may create an effective setback to the company interests due to book-keeping rules requiring the inclusion of foreseeable risks and costs related to the depreciation of the value of the endangered assets, resulting in an actual lowering of the value of company’s assets.

But more importantly, there may be a variety of interests worth protecting, which may be infringed by exposing the company to excessive risk: (1) interests of the company as an entity; (2) interests of the shareholders; (3) interests of the stakeholders and of other groups of actors. These interests may differ as to the level of permitted risk. The interests of the company seem to be the best common denominator of the stakes held by these actors, as it can be assumed that they will all benefit from the company’s prosperity. The legislator gives more prevalence to the interests of the shareholders through the rules on consent to acts of the management, without which consent the acts would be considered criminal.

Limitations of criminal liability

The main limitations when deciding on introducing criminal liability stem from the principle of ultima ratio (proportionality) and legal certainty (fair warning). The analysis of the problem in view of the principle of ultima ratio demonstrates the following. Generally other tools – legal (of civil, administrative or company law nature) or extra-legal methods – should be used in the first place in order to contain excessive risk-taking. However, there is a variety of arguments in favour of using criminal law to punish acts that wilfully or recklessly (for personal interests) expose companies to such risks. For instance: from the point of view of managerial conduct, there is no difference if loss occurs (which would be usually criminalised) or if there is just significant risk (created by the manager) that it happens, but for sheer luck it is avoided. Criminal law plays also an important communicative function against blatant abuses and helps balance the information asymmetry between management and shareholders or stakeholders.

As to legal certainty, if excessive risk-taking is to be criminalised, it must be made clear in such a way that managers can avoid criminal liability by abstaining from what is prohibited. The book analyses in details all elements of possible definitions of the offence(s) from that point of view. In particular legislators would need to take decisions as to how to describe the circle of perpetrators (all managers or only the highest level), the conduct and whether to include a requirement of result, with all these decisions having policy implications.

Insights from the comparative analysis

In my book, I examine criminalisation of excessive risk-taking in three legal orders: England and Wales, France and Germany.

All these legal orders contain criminalisation of excessive risk-taking, although often at the margin of other provisions, and presenting significant shortcomings of different nature. These shortcomings affect significantly their possible use to deal with managerial misconduct when concerning too risky business. The analysis revealed that besides various similarities, the three models differ – in legislative or practical ways – as regards key requirements. It is those requirements that shape the scope of criminal liability and will ultimately be decisive for the focus of the prosecution and significantly thwart its use. They also reflect the policy choices as well as criminal law traditions of each system.


In ‘Criminal Liability of Managers in Europe. Punishing Excessive Risk’ (Hart Publishing, 2019), I examine the shortcoming of existing criminalisation models and present a blueprint that could serve rationalising this criminalisation. The book presents a panorama of arguments for a responsible legislator to decide whether and how to criminalise excessive risk-taking, be it a national legislator or potentially also the European one.

In sum, criminal law has been and should be used to contain abuses of companies consisting in exposing them to excessive risk. Yet, legislators should avoid the tendency of attempting to cure all problems by using criminal law. The economy should not be thwarted by unnecessarily burdensome criminalisation, and enough space should be left for human creativity. Risk is an inherent part of business. In order for business to thrive, it must also embrace failure.

Latest posts by Stanislaw Tosza (see all)

Author: Stanislaw Tosza

Stanislaw Tosza is an Associate Professor in Compliance and Law Enforcement and Secretary General of the AIDP at the Faculty of Law, Economics and Finance of the University of Luxembourg

Leave a Reply

Your email address will not be published. Required fields are marked *