The Economic Crime and Corporate Transparency Act 2023 (the “Act”) sees the creation of a new corporate criminal offence of “failure to prevent fraud”. It has been introduced as part of the Government’s campaign to reduce fraud which now accounts for 41% of all crime in the UK. In this article we will identify the key components of the offence and assess how businesses can best prepare for its introduction.
Summary
- The new legislation creates a corporate criminal offence of “failure to prevent fraud” for which organisations may be prosecuted and subject to an unlimited fine.
- The fraud must be for the organisation’s benefit – but what does this mean?
- Individuals within companies can already be prosecuted for committing, encouraging or assisting fraud but will not be held individually liable for failure to prevent fraud under this legislation.
- Reasonable fraud prevention procedures will provide organisations with a defence, however guidance on what constitutes “reasonable” is yet to be published.
- Research shows that corporates are under prepared for the changes.
The Government states that: “Under the new offence, an organisation will be liable where a specified fraud offence is committed by an employee or agent, for the organisation’s benefit, and the organisation did not have reasonable fraud prevention procedures in place. It does not need to be demonstrated that company bosses ordered or knew about the fraud.”
The vision behind the new “failure to prevent fraud” offence is to drive cultural change towards improved fraud prevention, and to hold organisations accountable if they profit from the fraudulent actions of their agents or employees.
The results of a recent “Fraud prevention and response survey” carried out by Foot Anstey [1] reveal that 45% of businesses have had to act due to fraud caused by an employee or contractor in the last 12 months. Yet only 47% of those businesses surveyed have anti-fraud policies in place, with 54% providing training for staff on fraud and only 20% of businesses having a salaried, dedicated fraud prevention role in place.
Which organisations are affected?
The offence applies to all large corporate bodies, subsidiaries and partnerships. This means that in addition to businesses, large not-for-profit organisations such as charities are also in scope, as well as incorporated public bodies.
The offence applies to all sectors, but will only affect organisations meeting two of the three following criteria:
- More than 250 employees
- More than £36 million turnover
- More than £18 million in total assets
We understand this threshold will be kept under review and may be amended in the future. It is understood that the government wished to prevent small and medium enterprises from being disproportionately burdened by the requirements of fraud prevention. However, research shows that businesses of all sizes are vulnerable. Foot Anstey’s recent “Fraud prevention and response survey” [2] identified that within the businesses that have had to act on fraud within the last 12 months:
- 47% are large organisations (250 people plus)
- 53% are companies with 50-249 employees (therefore not caught by the Act)
- 20% are small companies with 1-9 employees (also not caught by the Act)
There is a danger that by exempting SME businesses (which constitute 99.9% of the business population in the UK [3]), the opportunity to drive cultural change will be missed as there will be no incentive for such businesses to invest in fraud prevention. Given the pervasive nature of fraud, this is concerning.
As the Government could easily amend these thresholds, it may be prudent for SMEs to also be aware of the new offence and to introduce or review current fraud prevention measures.
What types of fraud are covered?
The failure to prevent fraud offence captures the fraud and false accounting offences most likely to be relevant to corporations, namely:
- fraud by false representation (section 2 Fraud Act 2006)
- fraud by failing to disclose information (section 3 Fraud Act 2006)
- fraud by abuse of position (section 4 Fraud Act 2006)
- obtaining services dishonestly (section 11 Fraud Act 2006)
- participation in a fraudulent business (section 9, Fraud Act 2006)
- false statements by company directors (Section 19, Theft Act 1968)
- false accounting (section 17 Theft Act 1968)
- fraudulent trading (section 993 Companies Act 2006)
- cheating the public revenue (common law)
The above offences cover a broad range of conduct from false statements in company accounts and other company documents such as sales materials and insurance claims, to mis-selling and rogue trading. It is important to remember that the underlying offence would need to be made out in order for the organisation to be found guilty of “failure to prevent”, and consequently, for many of these offences, dishonesty would need to be proved. Money laundering offences are not included as organisations are subject to separate money laundering legislation and regulated by the Financial Conduct Authority.
To be caught by the Act, the fraud has to be for the benefit of the organisation or a person to whom the associated person provides services on behalf of the organisation. The organisation will not be guilty of the offence of failure to prevent fraud where the organisation itself was, or was intended to be, a victim of the fraud. The “benefit” can be direct or indirect but this is not further defined. However, the Explanatory Notes to the Lords Amendments [4] suggest that “benefit” is not restricted to financial benefit. Furthermore, it is said that the requirement for an intent to benefit the organisation, is broader than the requirement in the offence of failure to prevent bribery in the Bribery Act 2010, section 7, which requires the intention to “obtain or retain business” or to “obtain or retain a business advantage” for the organisation. [5]
How can businesses prepare for the new legislation?
It is likely that the Government will publish guidance on what might constitute “reasonable fraud prevention procedures” in the first quarter of 2024. The offence will not come into force before the guidance has been issued, however we do not know exactly when commencement of the offence will be and therefore, businesses should already be reviewing their compliance programmes and considering what changes might need to be implemented.
The Government guidance on fraud prevention procedures is likely to be similar to that issued in the wake of the Bribery Act 2010. That guidance was governed by six principles as follows:
- Proportionate procedures – procedures should be proportionate to the risk faced by the organisation and to the nature, scale and complexity of its commercial activities.
- Top-level commitment – there should be a commitment to prevention procedures by top-level management fostering a culture within the organisation in which bribery (or in this case fraud) is never acceptable.
- Risk assessment – assessment should be periodic, informed and documented.
- Due diligence – due diligence procedures should be applied taking a proportionate and risk-based approach in respect of those who perform or will perform services for or on behalf of the organisation.
- Communication (including training) – prevention procedures should be embedded and understood throughout the organisation and form part of both internal and external communication.
- Monitoring and review – ongoing monitoring and review of procedures and making improvements where necessary.
Businesses will need to conduct a review of their commercial activities and consider and identify where the risk for fraud arises and where responsibility for management of such risk lies. This will form an integral part of the risk assessment process. It is likely that due diligence of employees and agents will need to be carried out periodically, and particularly when employees or agents are given additional access or responsibility.
Tenet has long advocated for a top-down approach in creating workplace cultures that limit the risk of fraudulent behaviour. Tenet’s White Paper – Leading to Loss discusses the link between leadership, culture and fraud in more detail and considers the setting of ethical standards above the base-level set by the law in order to drive positive behaviours. Given the emphasis on top-level commitment in the Government’s Bribery Act guidance, the influence of senior management on behaviours and outcomes cannot be overstated.
As with the fraud landscape in general, education is key, and the success of fraud prevention procedures will rely upon clear and user-friendly communication and training. Reviewing and drafting such procedures is only half of the story; employees and agents need to be made aware of their existence, content and practical implications, and importantly how their role and/or daily tasks fit in to the overall process.
Conclusion
Although fraud is not a new risk, research shows that businesses continue to lack in terms of fraud prevention choosing a reactive rather than a preventative approach. This has led to Government action to force the hand of those organisations that fall within this new legislation. The message to those businesses who are yet to address fraud prevention within their organisation is “fail to prepare and prepare to fail”. Commencement of the new offence is just around the corner…
Should you require advice regarding fraud prevention policies or if you consider that you are a victim of fraud, please do not hesitate to get in touch at hello@tenetlaw.co.uk – we will be happy to help.
For more information about this article please contact the author: Esther Phillips
[1] Foot Anstey Prevent Fraud Report October 2023
[2] Foot Anstey Prevent Fraud Report October 2023
[3] According to Government statistics, at the start of 2022, large businesses (i.e. those with 250 employees or more) constituted 0.1% of the total business population of the UK
[4] Explanatory Notes relate to the Lords Amendments to the Economic Crime and Corporate Transparency Bill as brought from the House of Lords on 10 July 2023 (Bill 346) para 181
[5] Ibid para 182