A new “failure to prevent fraud” offence has been introduced as part of the Economic Crime and Corporate Transparency Act (the Act).
The Act has received Royal Assent, and although timing for implementation is unclear, it is expected that the new offence could come into force during early 2024.
This forms part of broader reforms of UK corporate criminal liability (which also replaces the “directing mind and will” test for corporate criminal liability with a new “senior managers” test which is likely to make prosecuting organisations for criminal offences much easier more generally (for more detail please see here)). This change to the corporate criminal liability will come into effect in December of this year.
Coupled with the renewed focus of the Serious Fraud Office, Financial Conduct Authority (FCA) and other authorities on the prevention of fraud, this offence is expected to significantly shift the landscape for organisations carrying on a business in the UK, in a similar way to the impact of the UK Bribery Act (the UKBA) more than a decade ago. In particular, it shifts the focus from organisations as victims of fraud (inward fraud) to make it easier for organisations to be prosecuted for fraud committed by employees or third parties that the organisation benefits from (outward fraud). It also requires many organisations to make significant changes to fraud compliance programmes in order to prevent a wide range of fraud offences.
What is the offence?
The new offence makes an organisation liable if it fails to prevent a specified fraud offence (see details below) from being committed where: (i) an employee or agent commits the fraud; and (ii) the fraud is intended to benefit the organisation or a person to whom services are provided on behalf of the organisation.
Importantly, the offence has a defence of “reasonable procedures” to prevent fraud. This means it effectively requires organisations to review and enhance their anti-fraud systems and controls to cover fraud committed for their benefit by employees or agents, although the government has stated that there may be circumstances where it is reasonable for an organisation to have no fraud prevention procedures in place.
Who does the offence apply to?
The scope of application of the new offence has been a subject of debate. Whilst the House of Lords argued that the offence should apply to all organisations, regardless of their size, the House of Commons repeatedly pushed back on this. As a result, the new offence only applies to ‘large organisations’. The threshold for this would be met where an organisation satisfies two or more of the following conditions in the financial year preceding the year of the offence: (i) more than 250 employees: (ii) more than GBP 36 million turnover; and / or (iii) assets of more than GBP 18 million.
In practice, however, smaller organisations will still have to consider putting in place, or reinforcing, their anti-fraud procedures – given that they may be the ‘associated person’ of a large organisation, meaning the large organisation will require them to have in place reasonable procedures to prevent fraud.
The new offence also applies to organisations and employees who are based overseas where an employee or agent commits a fraud offence under UK law or which targets UK victims. This is different from the jurisdictional scope of the UKBA (which focuses on organisations carrying on a business in the UK), and is likely to be more unpredictable: jurisdictional scope will hinge on the facts of the case in question.
What types of fraud does this capture?
The offence applies to the fraud and false accounting offences which the government considers are most likely to be relevant to large corporations. These are:
- fraud by false representation (section 2, Fraud Act 2006)
- fraud by failing to disclose information (section 3, Fraud Act 2006)
- fraud by abuse of position (section 4, Fraud Act 2006)
- obtaining services dishonestly (section 11, Fraud Act 2006)
- participation in a fraudulent business (section 9, Fraud Act 2006)
- false statements by company directors (Section 19, Theft Act 1968)
- false accounting (section 17, Theft Act 1968)
- fraudulent trading (section 993, Companies Act 2006)
- cheating the public revenue (common law)
The types of conduct that could be caught are broad. Offences could arise out of warranties and representations made in transaction documents, prospectuses, annual reports, and insurance claims. Crucially, there would have to be dishonest intent for an offence to be committed. According to Home Office Guidance conduct caught will include “dishonest sales practices, false accounting and hiding important information from consumers or investors” and “dishonest practices in financial markets”.
The cheating the public revenue element of this new offence may also cross over with organisations’ existing obligations under the failure to prevent tax evasion offences introduced under the Criminal Finances Act 2017 and so it may be possible for organisations to build on existing procedures already in place in this regard.
Impact of the new offence
The “failure to prevent” model will make it easier to prosecute organisations compared to the current position, in which an organisation will only be held liable for fraud where a “directing mind and will” has been directly involved. In practice, it has been very difficult to attribute liability for fraud to organisations, particularly large global groups.
The failure to prevent offence will increase the chance of prosecutions against organisations. This includes an increased risk of private prosecutions being brought by individuals who are victims of fraud.
We also envisage an increase in the number of organisations entering into deferred prosecution agreements (DPAs) in relation to failure to prevent fraud, effectively settling the case without any formal requirement to admit criminal liability. Once the offence is in force, organisations which identify conduct covered by the new offence will have to consider carefully the risks and benefits of a DPA, particularly given the risk of parallel civil claims.
What do organisations need to do now?
The Government has announced that it will produce specific guidance providing organisations with information about what reasonable procedures will look like in due course (akin to the UKBA adequate procedures guidance). This has not yet been published. Whilst the precise form of the guidance is unclear, in our view this should be detailed and tailored to sectors, so as to highlight particular fraud risks that may be faced in each sector and provide detailed examples of red flags. This will considerably assist organisations in conducting their risk assessments and tailoring their policies and procedures. The Government will also likely need to clarify how, for regulated firms, this will interact with existing financial crime processes required.
Pending guidance being published and as a first step, organisations should consider whether any existing fraud risk assessment covers outward fraud in sufficient detail or otherwise needs to be revised. The risk assessment should be reviewed by reference to fraud issues the organisation and/or its peers have encountered. As highlighted above, there are a broad range of potentially complex offences covered and therefore risk assessments will need to be wide ranging and incorporate input from a number of different functions within an organisation. Organisations should make sure that the individuals tasked with conducting a risk assessment and putting in place procedures have a sufficient understanding of the offences covered: it is therefore important that legal and compliance are closely involved to ensure the nuances of the offences are addressed both in the risk assessment itself, and in policies and the procedures to implement them.
Based on the results of their risk assessment, organisations should ensure that their anti-fraud policies, systems and controls manage the risks identified effectively, including:
- anti-fraud policies and procedures that mitigate outward fraud committed for the benefit of the organisation;
- training, including tailored training for those in higher risk positions. Given the complexities, case studies will be really important in policies and training to ensure individuals fully understand where offences may arise;
- financial controls should be reinforced and tailored to ensure that any potential red flags are picked up and investigated, and four-eye checks are required;
- due diligence both in respect of transactions for clients and contracts (e.g. for suppliers), particularly on third party agents given the offence will apply to the acts of agents acting on the organisation’s behalf. Where possible we would suggest integrating fraud due diligence with existing processes (for example anti-bribery and corruption due diligence processes already in place);
- ensuring contractual provisions cover outward fraud;
- putting in place effective audit and monitoring processes in relation to fraud, and in particular for third parties. Medium and high risk third parties should be monitored more closely and on a more regular basis. As for due diligence processes, we would recommend that fraud monitoring and review processes are built in to existing procedures; and
- ensuring regular internal review of systems and controls, and a clear tone from the top. Fraud should be an agenda item at Board and Senior Management level to ensure this is prioritised and given the appropriate oversight.
Failure to prevent money laundering
Whilst there was discussion of expanding the failure to prevent fraud offence to include money-laundering offences, on 4 September 2023 the House of Commons voted against this proposal.
Other reforms to tackle economic crime and improve transparency
Other changes have been introduced through reforms to the role of Companies House. For more information on these, please see our article here.