Transnational Legal Liability Assessment: Criminal and Civil Exposures for Breach of Vulnerability Disclosure Programs

Due to Exegy in-house attorney Patrick Sellers stating the following “companies are not obligated to pay bounties even if the report identifies a genuine issue;” on a submission to the Illinois ARDC, which you can see here under item g.ii

https://drive.google.com/file/d/17B8JkmewzqzgwdqltsR2ql5pW4nDUS7z/view?usp=drivesdk

I decided to ask Google Gemini to do a deep research on the following

If a Delaware corporation in the USA that has a headquarters in Saint Louis, MO set up a bug bounty program for not just outside parties but also their own employees to use for helping disclose flaws and vulnerabilities in their system and code.

What kind of charges could the officers and the people involved in this bounty program be charged with in all the following countries and states they are in. If they believe they did not have to pay out on genuine bounties

Remember this is only about if the bounty submitted to them is genuine.

Missouri, USA

New York, USA

Chicago, USA

Belfast, Ireland

Paris, France

Montreal, Canada

Makita, Philippines

Google Gemini Deep Research returned the following

Transnational Legal Liability Assessment: Criminal and Civil Exposures for Breach of Vulnerability Disclosure Programs

I. Introduction and Jurisprudential Framework

The Unilateral Contract Model in Cybersecurity

The legal architecture of a "bug bounty" program—wherein a corporation invites external security researchers and internal employees to identify vulnerabilities in exchange for monetary compensation—rests fundamentally on the principles of the unilateral contract. Unlike bilateral contracts, which involve a mutual exchange of promises between parties (a promise for a promise), a unilateral contract consists of an offer that calls for acceptance through performance. In this context, the corporation (the offeror) publishes a vulnerability disclosure policy that acts as a standing offer to the world or a specific class of individuals. The terms are set: if a researcher (the offeree) successfully identifies a qualifying flaw and reports it according to the guidelines, the contract is formed and executed simultaneously.

Legal scholars and practitioners in the domain of digital contract law emphasize that the offeror in a unilateral contract can only breach the agreement after the offeree has performed. Once the researcher has invested the time—often hundreds of hours—and delivered the "consideration" (the vulnerability report), the corporation’s obligation to pay becomes absolute. The refusal to pay on a "genuine bounty"—a submission that meets the technical criteria of the program—transforms the issue from a mere operational decision into a breach of contract. However, when this refusal is predicated on a belief that payment is optional, or if the program was established with no intention of honoring valid claims, the liability transcends civil torts and enters the realm of criminal fraud, theft of services, and statutory wage theft.

The "Authorization" Paradox and the CFAA

A critical dimension of this legal landscape is the concept of "authorization" under statutes like the Computer Fraud and Abuse Act (CFAA) in the United States and similar laws globally. Bug bounty programs function as a "safe harbor," granting researchers prospective authorization to access systems that would otherwise be off-limits. When a corporation refuses to pay a researcher who has operated within the scope of this authorization, they not only breach the contract but potentially weaponize the CFAA. Recent jurisprudence, such as the United States v. Sullivan case, highlights the tension between retroactive authorization and criminal liability. If a corporation attempts to revoke authorization or deny the validity of the work to avoid payment, they risk accusations of inducing researchers to incriminate themselves or, conversely, of obtaining valuable security services through fraudulent misrepresentation.

This report provides an exhaustive analysis of the liabilities facing a Delaware corporation headquartered in Missouri that refuses to honor its bounty obligations. The analysis distinguishes between two classes of victims: external researchers, whose claims generally fall under commercial fraud and theft of services statutes; and internal employees, whose claims trigger aggressive wage theft and labor protection laws. The jurisdictional scope encompasses Missouri, New York, Illinois, Northern Ireland, France, Canada (Quebec), and the Philippines.

II. United States Jurisdiction: The Headquarters and Major Hubs

The United States legal system presents a fragmented but potent array of liabilities. While Delaware law governs the internal affairs of the corporation (fiduciary duties, shareholder rights), the criminal and trade practice liabilities are governed by the state where the conduct occurs or the effects are felt.

A. Missouri: The Operational Headquarters

As the physical headquarters of the corporation, Missouri law dictates the primary exposure for deceptive trade practices and the conduct of corporate officers.

1. Deceptive Business Practices and Consumer Fraud

The refusal to honor the terms of a public bug bounty program implicates the Missouri Merchandising Practices Act (MMPA). The MMPA is a broadly construed consumer protection statute designed to preserve the integrity of the marketplace. It expressly prohibits "any deception, fraud, false pretense, false promise, misrepresentation, unfair practice or the concealment, suppression, or omission of any material fact in connection with the sale or advertisement of any merchandise".

While "merchandise" typically refers to goods, the statute defines it to include "any object, ware, good, commodity, intangible, real estate, or service". By soliciting the "service" of vulnerability reporting from the public (researchers), the corporation is engaging in trade or commerce. If the corporation establishes the program with the belief that they do not have to pay, they are making a "false promise" in connection with the advertisement of a commercial exchange.

Criminal Liability Elements: Under Section 570.140 of the Missouri Revised Statutes, a person commits the offense of Deceptive Business Practice if, in the course of engaging in a business, occupation, or profession, they recklessly use materially false or misleading statements to promote the sale of property or services.

• The Act: Promoting the bug bounty program creates a public image of security and reliability (promoting the corporation's services). If this promotion relies on the "false promise" of rewards that are never intended to be paid, the officers responsible may be charged with a Class A misdemeanor.

• The Intent: The statute criminalizes the reckless making of false statements. If the officers knew the budget was insufficient or intended to use "discretion" clauses to deny valid claims systematically, this satisfies the reckless standard.

Civil Class Action Risk: Missouri is a historically active jurisdiction for consumer class actions under the MMPA. Section 407.025 authorizes civil actions to recover damages for these deceptive practices. If the corporation systematically denies payments to multiple researchers, these individuals can form a class, alleging a pattern of unfair practices. Unlike simple fraud, which requires proving specific intent, the MMPA covers "unfair practices," which can include subtle, misleading conduct designed to exploit the researchers' labor.

2. Filing False Documents and Corporate Fraud

If the corporation’s officers execute financial documents, reports, or compliance filings that misrepresent the liabilities owed to researchers (i.e., failing to book the accrued bounties as accounts payable), they risk liability under Section 570.095: Filing False Documents.

• Felony Exposure: A person commits this offense if they file a document with a government entity or financial institution with the intent to "defraud, deceive... or negatively impact financially" another party.

• Application: If the corporation submits financial statements to a bank or the Secretary of State that omit the "debt" owed to researchers to make the company appear more solvent, this constitutes a Class D Felony.

3. The "Worker's Compensation Fraud" Analogy

While Missouri generally treats unpaid wages as a civil matter, the state is aggressive regarding fraud in employment-adjacent benefits. Under Section 287.128, it is unlawful for an employer to "knowingly and intentionally refuse to comply with known and legally indisputable compensation obligations with intent to defraud". While this specific statute applies to worker's compensation, it establishes a prosecutorial mindset: the intentional withholding of legally owed compensation is a species of fraud. A creative prosecutor could argue that the refusal to pay internal employees for bug bounties (a "compensation obligation") with the intent to save money mirrors the conduct criminalized in the worker's comp arena.

4. Emerging Legislative Threats: Wage Theft Criminalization

The legal landscape in Missouri is shifting toward criminalizing wage theft. House Bill 1841, the "Missouri Wage Theft Prevention and Wage Recovery Act," was introduced to make unpaid wages over $5,000 a Class A Misdemeanor and subsequent violations a Class E Felony. The bill defines "final compensation" to include "earned bonuses," which would encompass bug bounties.

• Status: As of May 2024, the bill was referred to the General Laws committee. While not yet enacted, its existence signals legislative intent to close the gap between civil non-payment and criminal theft. If passed, the retrospective application or future conduct of the corporation would be subject to felony prosecution.

B. New York: The epicenter of "Wage Theft as Larceny"

For operations or employees based in New York, the corporation faces the most severe criminal exposure in the United States. New York has recently redefined the legal understanding of unpaid compensation, moving it from a regulatory infraction to a serious felony.

1. The 2023 Penal Law Amendment: Wage Theft is Grand Larceny

In September 2023, New York amended its Penal Law to explicitly include "wage theft" within the definition of Larceny (Section 155.05).

• The Statute: Section 155.05(2)(f) states that a person obtains property by wage theft when they hire a person to perform services and fail to pay wages.

• Aggregation of Claims: Crucially, the amendment allows prosecutors to aggregate non-payments across an entire "workforce" into a single count of larceny. The "workforce" is defined as a "group of one or more persons who work in exchange for wages".

• Application: If the corporation owes ten different researchers/employees $2,000 each, the prosecutor treats this not as ten small claims, but as a single $20,000 theft.

• Felony Thresholds:

• Grand Larceny in the Fourth Degree (Class E Felony): Theft exceeding $1,000.

• Grand Larceny in the Second Degree (Class C Felony): Theft exceeding $50,000.

• Grand Larceny in the First Degree (Class B Felony): Theft exceeding $1,000,000. This carries a maximum sentence of 25 years in prison.

2. Bounties as "Wages" or "Earned Bonuses"

The corporation may attempt to argue that bug bounties are "discretionary bonuses" and thus exempt from wage theft laws. New York Labor Law, however, makes a sharp distinction between "purely discretionary" bonuses (not wages) and "earned" bonuses.

• Discretionary: A bonus is discretionary if it is not tied to specific criteria and depends solely on the employer's whim (e.g., a holiday gift).

• Earned: A bonus is "earned" if it is linked to specific events or productivity, such as closing a sale or, in this case, finding a vulnerability.

• Legal Conclusion: Because the bug bounty program outlines specific requirements for valid submissions and specific compensation tiers, the bounties are "earned bonuses." Consequently, they are "wages" under NY Labor Law. Withholding them is not merely a breach of contract; it is the criminal theft of the employee's property.

3. Personal Liability of Shareholders (Section 630)

New York law pierces the corporate veil uniquely regarding employee compensation. New York Business Corporation Law Section 630 provides that the ten largest shareholders of a privately held corporation are jointly and severally personally liable for all debts, wages, and salaries due to any of its employees for services performed in New York.

• Implication: Even if the corporation is insolvent or refuses to pay, the top shareholders (often the founders or VC firms) can be sued personally for the unpaid bounties owed to NY-based employees. This liability is absolute and does not require proving fraud.

C. Chicago (Illinois): Theft of Services and Statutory Damages

Illinois law presents a dual threat: aggressive criminalization of "theft of services" and punitive civil damages that accrue monthly.

1. Criminal Theft of Labor or Services

Under 720 ILCS 5/16-3, a person commits theft when they knowingly obtain the temporary use of property, labor, or services of another which are available only for hire, by means of threat or deception.

• Deception: The act of soliciting bug reports (labor/services) through a published program with no intention of paying constitutes "deception." The corporation "obtained" the service (the knowledge of the vulnerability) and used it (to patch the system) without compensating the provider.

• Felony Classification:

• If the value of the services exceeds $500, it is a Class 4 Felony.

• Aggravating factors, such as the use of an access device or previous convictions, can escalate the charge.

• Venue: Illinois courts have broad discretion regarding venue. In People v. Bochenek, the court ruled that identity theft/fraud can be prosecuted where the victim resides. This means the corporation can be charged in Chicago if the researcher resides there, regardless of the HQ location.

2. The Illinois Wage Payment and Collection Act (IWPCA)

For employees, the IWPCA provides a mechanism that is punitive in nature.

• 5% Monthly Damages: Under 820 ILCS 115/14, any employee not timely paid wages (which includes "wage supplements" like bonuses) is entitled to recover the underpayment plus damages of 5% of the underpayment for each month it remains unpaid. This penalty continues to accrue until paid, creating a rapidly ballooning liability for the corporation.

• Criminal "Willful Refusal": The IWPCA is not just civil. Section 14(a-5) states that any employer who willfully refuses to pay wages with the intent to "annoy, harass, oppress, hinder, delay or defraud" is guilty of a crime.

• Class B Misdemeanor: For amounts under $5,000.

• Class A Misdemeanor: For amounts over $5,000.

• Felony: A subsequent violation within two years constitutes a Class 4 Felony.

• Officer Liability: The statute explicitly applies to "any agent of an employer" who knowingly permits the violation , exposing the CISO and HR directors to personal criminal charges.

III. International Jurisdictions: The Global Fraud Landscape

The corporation’s liability extends beyond US borders, interacting with legal systems that often have lower thresholds for "fraud" and stricter definitions of "loyalty" in business.

D. Belfast, Northern Ireland (United Kingdom)

Northern Ireland, operating under the Fraud Act 2006 (which applies broadly across the UK), has abandoned the complex "deception" standards of the past in favor of a simpler, more encompassing "False Representation" model.

1. Fraud by False Representation (Section 2)

The primary criminal exposure in Belfast is Fraud by False Representation under Section 2 of the Fraud Act 2006.

• Elements of the Crime:

1. Dishonesty: The defendant acted dishonestly according to the standards of ordinary decent people.

2. False Representation: A representation is false if it is untrue or misleading, and the person making it knows that it is, or might be, untrue or misleading.

3. Intent to Gain/Loss: The defendant intended to make a gain for themselves (getting security data for free) or cause a loss to another (the researcher’s unpaid time).

• Application to Bug Bounties: The bug bounty program terms constitute a "representation" that payment will follow a valid submission. If the corporation accepts the submission but refuses payment based on a "belief" they don't have to pay (despite the terms), they are making a false representation. The "implied" representation that they are a paying customer is also captured under Section 2(4).

• Penalty: On conviction on indictment, the maximum sentence is 10 years imprisonment.

2. Liability of Company Officers (Section 12)

The Fraud Act 2006 contains a "piercing" provision that presents a catastrophic risk to corporate officers. Section 12 (Liability of Company Officers) states that if a fraud offense is committed by a body corporate with the consent or connivance of a director, manager, or secretary, that individual is also guilty of the offense and liable to be punished accordingly.

• Connivance: This legal standard includes "turning a blind eye." If a director knows that the security team is refusing valid payouts to save budget and does nothing to stop it, they are guilty of connivance. This liability is personal and criminal.

E. Paris, France

French law imposes a rigorous duty of good faith (bonne foi) in commercial and labor relations. The non-payment scenario triggers liabilities under the Penal Code that protect both "trust" and "labor."

1. Escroquerie (Fraud) vs. Abus de Confiance (Breach of Trust)

• Escroquerie (Article 313-1): This is the act of deceiving a natural or legal person to determine them to hand over funds, valuables, or provide a service. If the corporation used the bounty program as a "manoeuvre frauduleuse" (fraudulent maneuver) to trick researchers into working for free, this is Escroquerie. Punishment: 5 years imprisonment and a €375,000 fine.

• Abus de Confiance (Article 314-1): This offense involves the misappropriation of funds, valuables, or property that were entrusted to a person on the condition that they be returned or used for a specific purpose.

• The Asset: A vulnerability report is intellectual property. It is "entrusted" to the company for the purpose of verification and payment.

• The Misappropriation: If the company uses the report to patch the vulnerability (thereby consuming the value of the asset) but refuses to pay the agreed price, they have misappropriated the property entrusted to them. Punishment: 3 years imprisonment and a €375,000 fine.

2. Travail Dissimulé (Concealed Work)

For employees, or external researchers who could be reclassified as de facto employees due to the regularity of their work, non-payment triggers the offense of Travail Dissimulé.

• The Offense: It is a crime to intentionally mention fewer hours on a pay slip than were actually worked. If an employee spends 50 hours finding bugs under the promise of a bounty, and the company refuses to pay (and thus fails to report these hours/earnings to social security), the crime is committed.

• Consequences:

• Criminal: Up to 3 years imprisonment and a €45,000 fine for individuals; €225,000 for the legal entity.

• Civil: The employee is automatically entitled to a lump-sum indemnity equal to 6 months of salary.

• Administrative: The URSSAF (social security) will reassess all unpaid social contributions on the estimated value of the work, often with 40% penalties.

3. Personal Liability of Corporate Officers

French courts are uncompromising regarding officer liability. In a landmark 2020 ruling, the Cour de Cassation held that an intentional criminal offense committed by a corporate officer is a "personal act" separable from their corporate functions.

• Implication: This means the officer cannot hide behind the company’s insurance or assets. They are personally liable for the fines and damages owed to the victim, and the company is prohibited from reimbursing them.

F. Montreal, Canada (Quebec)

Quebec presents a hybrid legal environment, combining the federal Criminal Code of Canada with the provincial Civil Code of Quebec (CCQ).

1. Criminal Fraud (Section 380)

Under the Criminal Code of Canada, Section 380(1) criminalizes defrauding the public or any person of property, money, or service by deceit, falsehood, or "other fraudulent means".

• "Other Fraudulent Means": Canadian courts interpret this phrase broadly to include conduct that is not strict deceit but is "dishonest" by the standards of reasonable people. Refusing to pay a valid debt (the bounty) when the service has been irreversibly rendered constitutes "other fraudulent means" if the intent was to deprive the victim of compensation.

• Penalties:

• Indictable Offense: If the value exceeds $5,000, the maximum term is 14 years imprisonment.

• Aggravating Factors: Section 380.1 mandates that courts consider the "magnitude, complexity, duration or degree of planning" as aggravating factors. A structured, automated bug bounty program is inherently complex and planned.

2. Directors' Liability for Wages

• Federal Liability: Under the Canada Business Corporations Act, directors are jointly and severally liable for up to 6 months of unpaid wages if the corporation fails to pay.

• Quebec Civil Code (Stipulation for Another): The legal structure of the bounty in Quebec is governed by Article 1444 CCQ (Stipulation for Another) or the general binding nature of offers. The offer to pay the bounty is a stipulation for the benefit of the researcher. Once the condition is met, the beneficiary has a direct right of action against the promisor.

• Monetary Penalties: The Commission des normes, de l'équité, de la santé et de la sécurité du travail (CNESST) can impose administrative monetary penalties on employers who fail to pay wages, ranging from hundreds to thousands of dollars per violation, and can pursue directors personally.

G. Manila, Philippines

The Philippines jurisdiction poses the most immediate physical threat to the officers due to the criminalization of what Western jurisdictions might consider civil debt, under the doctrine of Estafa.

1. Estafa (Swindling) - Article 315, Revised Penal Code

While the Philippine Constitution prohibits imprisonment for non-payment of debt, it allows imprisonment for Estafa—which is debt contracted through fraud or deceit.

• The Elements: Estafa requires (1) deceit/abuse of confidence, (2) resulting in damage/prejudice, (3) intent to gain.

• The Critical Distinction: If the corporation borrowed money or contracted a service intending to pay but later failed due to insolvency, it is civil debt. However, if the corporation solicited the services (bug reports) with deceit (i.e., representing they had a bounty program when they had no intention of paying, or using false pretenses to induce the work), it is Estafa.

• Article 315(2)(a): Using a fictitious name or false pretenses to deceive. The "false pretense" here is the existence of a bona fide bounty program.

• Penalty: The penalty depends on the amount defrauded. Recent laws have adjusted the thresholds, but significant amounts still carry long prison terms.

2. Syndicated Estafa: The "Non-Bailable" Nightmare

If the fraud involves five or more persons (e.g., the Board of Directors and C-Suite acting in conspiracy) and results in the misappropriation of funds or solicitation of funds/investments from the public, it may be charged as Syndicated Estafa under PD 1689.

• Risk: Syndicated Estafa is a non-bailable offense punishable by life imprisonment (Reclusion Perpetua). While typically applied to investment scams, the solicitation of "services" from the general public via the internet falls into a grey area that aggressive prosecutors utilize.

3. Officer Liability and Double Indemnity

• Criminal Liability: Since a corporation cannot be jailed, the Philippine Revised Penal Code imputes liability to the officers who directed the act. Officers who participated in the fraud or were the "moving spirit" behind the non-payment are personally criminally liable.

• Wage Liability: Under RA 8188 (Wage Rationalization Act), officers can be fined and imprisoned for non-payment of mandated wages. Furthermore, employees are entitled to double indemnity (payment of double the unpaid amount) in certain wage violation cases.

IV. Comparative Data Analysis

The following tables synthesize the legal exposure across the seven jurisdictions.

Table 1: Primary Criminal Exposures for Corporate Officers

Table 2: Financial and Civil Liability Multipliers

V. The "Discretion" Defense: A Legal Dead End

The corporation will likely attempt to rely on the standard "Terms of Service" defense, arguing that the program rules state payments are "at the sole discretion of the company". Legal analysis suggests this defense will fail in the face of the criminal statutes outlined above.

1. The Good Faith Covenant

In all jurisdictions (particularly the US, UK, and France), commercial contracts contain an implied covenant of good faith and fair dealing. A "discretion" clause allows a company to judge the quality of a submission (e.g., is it a duplicate? is it severe?); it does not grant the right to arbitrarily deny payment for a submission that objectively meets the published criteria. Exercising "discretion" to defraud a researcher of their earned reward is evidence of bad faith, which supports the mens rea (intent) required for fraud convictions.

2. Performance-Based Acceptance

Under the unilateral contract theory (US/Canada/UK), the contract is formed upon performance. Once the researcher finds the bug, the "discretion" to form the contract is gone; the obligation to pay has crystallized. Courts in New York and Quebec generally hold that if the benefit (the vulnerability report) is accepted and used, the obligation to pay the quantum meruit (value of services) is absolute, rendering "discretion" clauses unconscionable or void regarding the payment itself.

VI. Conclusion and Strategic Outlook

The analysis indicates that the corporation's belief that they "did not have to pay out on genuine bounties" is not merely a mistaken interpretation of contract law—it is a potential admission of criminal intent.

For External Researchers: The refusal to pay constitutes Deceptive Business Practice in Missouri, Theft of Services in Illinois, and Fraud by False Representation in the UK and Canada. The "discretion" defense offers minimal protection against statutes designed to punish the fraudulent inducement of labor.

For Internal Employees: The exposure is catastrophic. In New York, the officers face Grand Larceny charges for wage theft, with the ability of prosecutors to aggregate claims into serious felonies. In France, they face Travail Dissimulé charges that pierce the corporate veil. In the Philippines, the specter of Estafa presents a non-bailable risk of imprisonment.

The "Domino Effect": A criminal charge in one jurisdiction (e.g., a "Wage Theft" indictment in NY) establishes the "fraudulent intent" required to prosecute in others (e.g., Estafa in the Philippines or Fraud in the UK). The officers involved are not shielded by the corporate structure; statutes in NY (Shareholder Liability), UK (Section 12), and France (Personal Fault) specifically target the individuals who authorized or connived in the non-payment scheme. The corporation faces not only civil restitution but potential dissolution, massive punitive damages, and the incarceration of its leadership.

Works cited

1. Unilateral Contract: Definition, Examples & Guide 2025 - HyperStart CLM, https://www.hyperstart.com/blog/unilateral-contract/ 2. What is a Unilateral Contract? - Icertis, https://www.icertis.com/contracting-basics/what-is-a-unilateral-contract/ 3. Unilateral vs. Bilateral Contracts: Key Differences, Examples, and Legal Insights - Sirion, https://www.sirion.ai/library/contract-management/unilateral-vs-bilateral-contract/ 4. Legal Perspectives on Bug Bounty Programs and Vulnerability Disclosure - Steele Fortress, https://steelefortress.com/fortress-feed/legal-perspectives-on-bug-bounty-programs-and-vulnerability-disclosure-2 5. A Court Ruling on Bug Bounties Just Made the Internet Less Safe - Infosecurity Magazine, https://www.infosecurity-magazine.com/opinions/court-ruling-bug-bounties-internet/ 6. Consumer Protection | Attorney General Office of Missouri, https://ago.mo.gov/divisions/consumer/ 7. Revised Statutes of Missouri, RSMo Section 407.020 - MO.gov, https://revisor.mo.gov/main/OneSection.aspx?section=407.020 8. 8 Things You Need to Know About The Missouri Merchandising Practices Act - Bell Law, https://bell-law-kc.com/8-things-you-need-to-know-about-the-missouri-merchandising-practices-act/ 9. Revised Statutes of Missouri, RSMo Section 570.140, https://revisor.mo.gov/main/OneSection.aspx?section=570.140 10. Missouri Deceptive Trade Practices Laws - Business Law, https://businesslaw.uslegal.com/deceptive-trade-practices-laws/missouri-deceptive-trade-practices-laws/ 11. 2024 Missouri Revised Statutes :: Title XXVI - Trade and Commerce :: Chapter 407 - Merchandising Practices - Justia Law, https://law.justia.com/codes/missouri/title-xxvi/chapter-407/ 12. Two years since MMPA reform: How has it changed Missouri consumer litigation?, https://news.mobar.org/two-years-since-mmpa-reform-how-has-it-changed-missouri-consumer-litigation/ 13. Missouri Merchandising Practice Act (MMPA) - HD Trial Lawyers, https://hdtriallawyers.com/mmpa/ 14. Revised Statutes of Missouri, RSMo Section 570.095 - MO.gov, https://revisor.mo.gov/main/OneSection.aspx?section=570.095 15. Revised Statutes of Missouri, RSMo Section 287.128 - MO.gov, https://revisor.mo.gov/main/OneSection.aspx?section=287.128 16. Statute: What are the penalties under the law for workers′ compensation fraud? - FAQs for Missouri Department of Labor, https://molabor.uservoice.com/knowledgebase/articles/283187-statute-what-are-the-penalties-under-the-law-for 17. New Workers' Comp Fraud Law Penalties | Webster & Carlton, https://www.webstercarlton.com/blog/2019/february/new-workers-comp-fraud-law-penalties/ 18. HB 1841 -- WAGE COMPLAINTS AND PAYMENTS SPONSOR: Unsicker This bill establishes the "Missouri Wage Theft Prevention and Wag, https://documents.house.mo.gov/billtracking/bills241/sumpdf/HB1841I.pdf 19. HOUSE BILL NO. 1841 - Missouri House of Representatives, https://documents.house.mo.gov/billtracking/bills241/hlrbillspdf/3460H.01I.pdf 20. HB 1841 - Missouri House of Representatives, https://house.mo.gov/BillDocumentMobile.aspx?year=2024&code=R&bill=HB1841 21. New York Makes Wage Theft a Criminal Larceny in New Amendment to Its Penal Law, https://www.laboremploymentlawblog.com/2023/09/articles/labor-and-employment/new-york-makes-wage-theft-a-criminal-larceny-in-new-amendment-to-its-penal-law/ 22. Wage Theft In New York Is Now Criminal Larceny - Hodgson Russ LLP, https://www.hodgsonruss.com/newsroom/publications/Wage-Theft-In-New-York-Is-Now-Criminal-Larceny 23. Wage Theft Now A Form Of Larceny In New York, https://www.wagehourlitigation.com/2023/09/wage-theft-now-a-form-of-larceny-in-new-york/ 24. New York State Makes 'Wage Theft' a Crime - Fox Rothschild LLP, https://www.foxrothschild.com/publications/new-york-state-makes-wage-theft-a-crime 25. Enforceability of Employee Bonuses in New York - LegalMatch, https://www.legalmatch.com/law-library/article/enforceability-of-employee-bonuses-in-new-york.html 26. Fact Sheet #56C: Bonuses under the Fair Labor Standards Act (FLSA), https://www.dol.gov/agencies/whd/fact-sheets/56c-bonuses 27. Protecting New York Employee: The Urgent Need for the Wage Payment Integrity Act - NELA/NY, https://nelany.com/news_manager.php?page=28564 28. What Officers and Directors Need to Know about Personal Liability for Unpaid Wages | Akin, https://www.akingump.com/en/insights/alerts/what-officers-and-directors-need-to-know-about-personal-liability-for-unpaid-wages 29. Employer FAQs on Liquidity Concerns in Light of the SVB Crisis | Fisher Phillips, https://www.fisherphillips.com/en/news-insights/employer-faqs-liquidity-concerns-svb-crisis.html 30. 720 ILCS 5/16-3, https://www.ilga.gov/legislation/ilcs/fulltext.asp?DocName=072000050K16-3 31. 720 ILCS 5/ Criminal Code of 2012. - Illinois General Assembly, https://www.ilga.gov/legislation/ILCS/details?MajorTopic=&Chapter=&ActName=Criminal%20Code%20of%202012.&ActID=1876&ChapterID=53&ChapAct=720+ILCS+5%2F&SeqStart=36900000&SeqEnd=39600000 32. Theft of Labor or Services | Aurora Criminal Defense Attorney - The Law Offices of David Lee, https://www.davidleelegal.com/practice-areas/criminal-defense/theft-crimes/theft-of-labor-or-services/ 33. Illinois Statutes Chapter 720. Criminal Offenses § 5/16-1. Theft - Codes - FindLaw, https://codes.findlaw.com/il/chapter-720-criminal-offenses/il-st-sect-720-5-16-1/ 34. CH 48 Theft And Other Property Offenses - Office of the State Appellate Defender, https://osad.illinois.gov/content/dam/soi/en/web/osad/publications/digest-by-chapter/ch-48-theft-and-other-property-offenses.pdf 35. Wage Payment and Collection Act Penalties - Illinois Department of Labor, https://labor.illinois.gov/laws-rules/fls/wpca-penalties.html 36. 820 ILCS 115/14, https://www.ilga.gov/Documents/legislation/ilcs/documents/082001150K14.htm 37. 820 ILCS 115/ - Illinois Wage Payment and Collection Act. - Justia Law, https://law.justia.com/codes/illinois/chapter-820/act-820-ilcs-115/ 38. Fraud Act 2006: Fraud by false representation - Practical Law - Thomson Reuters, https://uk.practicallaw.thomsonreuters.com/7-602-0946?transitionType=Default&contextData=(sc.Default) 39. The Fraud Act | Counter Fraud and Probity Services (CFPS), https://cfps.hscni.net/information/the-fraud-act/ 40. Fraud Act 2006 - Legislation.gov.uk, https://www.legislation.gov.uk/ukpga/2006/35 41. Fraud Act 2006 - UNODC Sherloc, https://sherloc.unodc.org/cld/uploads/res/document/gbr/2006/fraud_act_2006_html/Fraud_Act_2006.pdf 42. Fraud Act 2006 | The Crown Prosecution Service, https://www.cps.gov.uk/prosecution-guidance/fraud-act-2006 43. Changes over time for: Section 12 - Fraud Act 2006, https://www.legislation.gov.uk/ukpga/2006/35/section/12 44. Fraud Act 2006 - Explanatory Notes - Legislation.gov.uk, https://www.legislation.gov.uk/ukpga/2006/35/notes/division/5/12 45. White collar - criminal offences - Bélot Malan & Associés, https://bmavocats.com/en/white-collar-crime/ 46. Financial Crime in France: Overview - Debevoise, https://www.debevoise.com/-/media/files/pdf/financial-crime-in-france-overview.pdf?la=en&hash=2EC580063845D6AB0259DD0CE209CB27 47. Business Crime Laws and Regulations Report 2026 France - ICLG.com, https://iclg.com/practice-areas/business-crime-laws-and-regulations/france 48. Corporate officer's criminal and civil liability and delegations of authority: Vade mecum and modus operandi - Soulier Bunch - Strategic Lawyering, https://soulierbunch.com/en/corporate-officers-criminal-and-civil-liability-and-delegations-of-authority-vade-mecum-and-modus-operandi/ 49. French Court: Corporate Liability for Corrupt CEOs - Jones Day, https://www.jonesday.com/en/insights/2020/02/french-court-corporate-liability-for-corrupt-ceos 50. Criminal Code ( RSC , 1985, c. C-46) - Department of Justice Canada, https://laws-lois.justice.gc.ca/eng/acts/c-46/section-380.html 51. How is “Fraud” governed in Canada? - Shim Law, https://shimlaw.ca/how-is-fraud-governed-in-canada/ 52. Offences and Criminal Case Summaries under the Bankruptcy and Insolvency Act (BIA) and the Criminal Code - Innovation, Science and Economic Development Canada, https://ised-isde.canada.ca/site/office-superintendent-bankruptcy/en/protecting-public/offences-and-criminal-case-summaries-under-bankruptcy-and-insolvency-act-bia-and-criminal-code 53. Criminal Code - R.S.C., 1985, c. C-46 (Section 380.1) - Laws.justice.gc.ca, https://laws-lois.justice.gc.ca/eng/acts/c-46/section-380.1.html 54. Director Liability – Employment Standards Non-Compliance, https://complianceworks.ca/blog/director-liability/ 55. Directors Liability (PRB 99-44E), https://publications.gc.ca/Collection-R/LoPBdP/BP/prb9944-e.htm 56. ccq-1991 - Civil Code of Québec, https://www.legisquebec.gouv.qc.ca/en/document/cs/ccq-1991/20170616 57. Annotated Civil Code of Québec (updated on 2025-10-20) Section 1383, https://ccq.lexum.com/w/ccq/en#!fragment/sec1383 58. Stipulation for Third Parties - PSP Legal, https://psplegal.ca/en/expertise/stipulation-for-third-parties/ 59. PENALTIES AND INTERESTS - Employer's Guide - CNESST, https://www.cnesst.gouv.qc.ca/sites/default/files/documents/penalties-and-interest_0.pdf?cid=1723558120 60. Workplace Protections in Quebec - Éducaloi, https://educaloi.qc.ca/en/capsules/workplace-protections-in-quebec/ 61. Estafa Case Against a Company in the Philippines, https://www.respicio.ph/commentaries/estafa-case-against-a-company-in-the-philippines 62. Can Failure to Pay Installments Be Estafa? Philippine Rules on Debt and Criminal Fraud, https://www.respicio.ph/commentaries/can-failure-to-pay-installments-be-estafa-philippine-rules-on-debt-and-criminal-fraud 63. Estafa vs Civil Debt: Defenses, Payment Arrangements, and Avoiding Criminal Liability, https://www.respicio.ph/commentaries/estafa-vs-civil-debt-defenses-payment-arrangements-and-avoiding-criminal-liability 64. Concern Regarding Non-Payment of Debt and Potential Estafa Charge - respicio & co., https://www.respicio.ph/dear-attorney/concern-regarding-non-payment-of-debt-and-potential-estafa-charge 65. New Penalties for Estafa or Swindling - Law Firm in Philippines, https://ndvlaw.com/new-penalties-for-estafa-or-swindling/ 66. Corporate Fraud 100K Criminal Liability Philippines - respicio & co., https://www.respicio.ph/commentaries/corporate-fraud-100k-criminal-liability-philippines-1 67. G.R. No. 249606 - ALICIA O. FERNANDEZ, ANTHONY JOEY S. TAN, REYNALDO V. CESA, AND ERGARDO V. MARTINEZ, PETITIONERS, vs. PEOPLE OF THE PHILIPPINES, RESPONDENT.D E C I S I O N - Supreme Court E-Library, https://elibrary.judiciary.gov.ph/thebookshelf/showdocs/1/68454 68. G.R. No. 234818 - THE PEOPLE OF THE PHILIPPINES, PLAINTIFF-APPELLEE, V. FELIX AQUINO, ACCUSED-APPELLANT, IRIS AQUINO (DECEASED), ELEANOR MACABBALUG (AT-LARGE), GENALYN NASOL (AT-LARGE), ARTURO DELGADO, JR. (AT-LARGE), PEARL MILITAR (AT-LARGE, https://elibrary.judiciary.gov.ph/thebookshelf/showdocs/1/64853 69. Employer Liability for Unpaid Wages in the Philippines: Penalties and Remedies, https://www.respicio.ph/commentaries/employer-liability-for-unpaid-wages-in-the-philippines-penalties-and-remedies 70. White Hat Hackers and Unpaid Bounties: What Are Your Legal Rights?, https://www.simonattorneys.com/blog/white-hat-hackers-and-unpaid-bounties-what-are-your-legal-rights 71. Legal Class Action Against HackerOne : r/bugbounty - Reddit, https://www.reddit.com/r/bugbounty/comments/1jzy6o6/legal_class_action_against_hackerone/ 72. A Researcher's Guide to Some Legal Risks of Security Research - Cyberlaw Clinic, https://clinic.cyber.harvard.edu/wp-content/uploads/2020/10/Security_Researchers_Guide-2.pdf