Proposed UK failure to prevent fraud offence: What do you need to do now?

What is the offence going to look like?

The new offence will make an organisation liable if it fails to prevent a specified fraud offence (see details below) from being committed where: (i) an employee or agent commits the fraud; and (ii) the fraud is intended to benefit the organisation. 

Importantly, the offence will have a defence of "reasonable procedures" to prevent fraud. This means it will effectively require organisations to review and enhance their anti-fraud systems and controls to cover fraud committed for their benefit by employees or agents, although the government has stated that there may be circumstances where it is reasonable for an organisation to have no fraud prevention procedures in place. The government has announced that it will produce specific guidance providing organisations with information about what reasonable procedures will look like in due course (akin to the UKBA adequate procedures guidance).

Who will the offence apply to?

The offence will apply to all “large” bodies corporate and partnerships. This means that in addition to businesses, large not-for-profit organisations such as charities will also be in scope, as well as incorporated public bodies. The restriction to “large” organisations only is an attempt to ensure that the administrative burden of implementing policies and procedures is proportionate and is only imposed on larger organisations. Similarly, individuals will not be within the scope of the failure to prevent fraud offence.

In order to be considered “large” an organisation must meet two of the three following criteria: 

• more than 250 employees;
• more than £36 million turnover; and 
• more than £18 million in total assets.

These criteria build on those in the Modern Slavery Act 2015 (the MSA) (which applied the £36 million turnover requirement). Whilst the current guidance does not specify whether the above criteria must be satisfied within the UK, or globally, we would expect these to be global criteria to mirror the MSA. 

Although the exact jurisdictional scope remains unclear, the new offence will also apply to organisations and employees who are based overseas where an employee or agent commits a fraud offence under UK law or which targets UK victims. This appears to be slightly different from the jurisdictional scope of the UKBA (which focuses on organisations carrying on a business in the UK).

What types of fraud will this capture?

There has been continuing debate as to which types of fraud offence should be included in the new "failure to prevent" fraud offence. The proposed offence captures the fraud and false accounting offences which the government considers are most likely to be relevant to large corporations. These are:

• fraud by false representation (section 2, Fraud Act 2006)
• fraud by failing to disclose information (section 3, Fraud Act 2006)
• fraud by abuse of position (section 4, Fraud Act 2006)
• obtaining services dishonestly (section 11, Fraud Act 2006)
• participation in a fraudulent business (section 9, Fraud Act 2006)
• false statements by company directors (Section 19, Theft Act 1968)
• false accounting (section 17, Theft Act 1968)
• fraudulent trading (section 993, Companies Act 2006)
• cheating the public revenue (common law)

The types of conduct that could be caught are broad. Offences could arise out of warranties and representations made in transaction documents, prospectuses, annual reports, and insurance claims.  According to Home Office Guidance conduct caught will include “dishonest sales practices, false accounting and hiding important information from consumers or investors” and “dishonest practices in financial markets”.  

The cheating the public revenue element of this new offence may also cross over with organisations’ existing obligations under the failure to prevent tax evasion offences introduced under the Criminal Finances Act 2017 and so it may be possible for organisations to build on existing procedures already in place in this regard.

Impact of the new offence

The "failure to prevent" model will make it easier to prosecute organisations compared to the current position, in which an organisation will only be held liable for fraud where a "directing mind and will" has been directly involved. In practice, it has been very difficult to attribute liability for fraud to organisations, particularly large global groups.

The move towards a failure to prevent offence will increase the chance of prosecutions against organisations. This includes an increased risk of private prosecutions being brought by individuals who are victims of fraud.

We also envisage an increase in the number of organisations entering into deferred prosecution agreements (DPAs) in relation to failure to prevent fraud, effectively settling the case without any formal requirement to admit criminal liability. Once the offence is in force, organisations which identify conduct covered by the new offence will have to consider carefully the risks and benefits of a DPA, particularly given the risk of parallel civil claims.

What do organisations need to do now?

As a first step, organisations should consider whether any existing fraud risk assessment covers outward fraud in sufficient detail or otherwise needs to be revised.  The risk assessment should be reviewed by reference to fraud issues the organisation and/or its peers have encountered. As highlighted above, there are a broad range of potentially complex offences covered and therefore risk assessments will need to be wide ranging. Based on the results of their risk assessment, organisations should ensure that their anti-fraud policies, systems and controls manage the risks identified effectively, including:

• anti-fraud policies and procedures that mitigate outward fraud committed for the benefit of the organisation;
• training, including tailored training for those in higher risk positions;
• due diligence both in respect of transactions for clients and contracts (e.g. for suppliers), particularly on third party agents given the offence will apply to the acts of agents acting on the organisation’s behalf;
• ensuring contractual provisions cover outward fraud;
• putting in place effective audit and monitoring processes in relation to fraud; and
• ensuring regular internal review of systems and controls.