21 August 2023
What is the new legislation?
The Economic Crime and Corporate Transparency Bill has passed the House of Lords with a number of important amendments. It now includes in effect two new corporate offences, with some confusion as to what will finally be adopted, namely:
- failure to prevent fraud;
- failure to prevent fraud and money laundering.
It is not clear whether this second offence would replace the first one, is intended as a separate offence, or was included in the Bill separately for consideration of the Commons. Neither is it clear how this offence would impact on and interact with the existing anti-money laundering regulations, particularly in respect of ‘non-regulated’ entities (which may now run the same risk as regulated entities).
Both stipulate that an organisation will be criminally liable if a person associated with the organisation (such as an employee or agent) commits fraud (or fraud and money laundering) for the benefit of the organisation or of any person who receives services from the organisation. Similar to the corporate offence in the Bribery Act, the organisation’s only defence is that at the time of the offence it had reasonable prevention procedures in place.
The stated aim for the new legislation is to deliver a number of reforms and additional powers – in particular to Companies House – to tackle economic crime and improve transparency over corporate entities. Police-recorded fraud in the year ending September 2022 increased by 22% compared with the previous year. Fraud is now the most frequently reported crime in the UK, representing more than 40% of offences reported to police. The new failure to prevent fraud offence is intended to help protect victims of fraud and reduce fraud-related crime by driving a culture change within organisations to improve their fraud prevention procedures, and hold organisations accountable should they profit from the fraudulent actions of employees or agents.
How will the ‘failure to prevent’ offence operate?
Whilst there is still time for changes to be made to the Bill, the most important change post-Lords is that the ‘large organisation’ threshold (i.e. more than 250 employees, and/or more than £36 million turnover, and/or more than £18 million in total assets) has been abolished. The threshold came in for some criticism and this change was largely expected.
Under the current version, any ‘relevant body’ (defined as a body corporate or partnership, wherever incorporated) will be guilty of the offence if:
- a specified fraud offence (listed in a schedule to the Bill) is committed by an associate, for the benefit of the organisation or of a person for whom the associate provides a service on behalf of the organisation; and
- the organisation did not have reasonable fraud prevention procedures in place.
In respect of the actual commission of the specified fraud, the so-called ‘identification doctrine’ currently makes it tough to successfully prosecute corporates for economic crime, since a ‘directing mind and will’ of the corporate needs to be proven for a conviction. The courts give this a narrow interpretation – it generally means prosecutors need to prove the directors (or someone delegated by the board) directed proceedings, which could be challenging in large and complex organisations. The Bill has now widened the ambit of the doctrine to include senior managers, which should make the job easier.
If convicted of the failure to prevent offence, the organisation could receive an unlimited fine, even if the organisation (and the associate) is based overseas.
All UK corporates – whatever their size – will now be captured by the offence, meaning it is expected that counter-fraud measures should be high on the agenda to protect any business and its customers from fraud risk.
Which types of fraud offences are in scope?
The specified fraud offences in scope (for both failure to prevent fraud and failure to prevent fraud and money laundering) are those most likely to be relevant to corporations and are listed in Schedule 13 of the Bill. The types of fraud scenarios captured will include incidents where employees:
- Take part in dishonest sales practices where individuals are convinced to invest money into investment schemes based on deliberately misleading information.
- Hide important information from consumers or investors, for example where financial statements are intentionally misrepresented to make an organisation’s financial performance appear better than it actually is, such as inflating revenues, understating expenses or overstating assets.
- Deceive and make misleading statements to consumers concerning the positive environmental impact of an organisation’s product.
- Take part in dishonest practices in financial markets, such as insider trading, market manipulation and pump-and-dump schemes (artificially inflating the price of a security by making false or misleading statements then selling shares at the inflated price causing the price to crash).
As set out above, in all of these cases, even if the organisation itself didn’t instruct its employees to mislead or deceive consumers, establishing criminal liability against the organisation is likely to be easier under the proposed legislation.
What might be considered ‘reasonable’?
As the position in respect of the ‘second’ offence – failure to prevent fraud and money laundering – and how it will interact with the existing anti-money laundering framework for the regulated sector is unclear, we will address reasonable measures to prevent fraud only, and (when clarified) update this post as necessary.
The Bill stipulates that an organisation will not be guilty of the offence if it can prove that at the time of the offence it had reasonable procedures in place to prevent fraud and money laundering. This is a continuation of the current ‘failure to prevent’ principles in UK law, which recognises two strict liability corporate criminal offences: failure to prevent the facilitation of tax evasion; and failure to prevent bribery. In both cases, the only defence for an organisation is to demonstrate that it had ‘reasonable procedures’ or ‘adequate procedures’ in place respectively to prevent the offence.
Under the new failure to prevent fraud and money laundering offences in the Bill, the organisation will be criminally liable if it cannot prove that it had procedures in place to prevent fraud (and money laundering) that may reasonably be expected of it, given all the circumstances. It should be noted that the Bill also provides for a defence of circumstances where the risk of fraud is so low that it would be considered reasonable not to have fraud prevention procedures in place. When relying on this position, however, the organisation would be prudent to consider a documented risk-based approach necessary to justify its decision-making process.
Whilst guidance as to what might constitute ‘reasonable procedures’ will likely be released when the Bill is adopted into UK legislation, in considering the failure to prevent legislation already in place, the following should be areas of focus for any organisation captured by the offence:
- Formal fraud risk assessments should be conducted periodically to identify and measure areas within the organisation susceptible to fraud. Some areas may require further proactive testing and training to ensure that there are effective, proportionate risk-based procedures in place. The fraud risk assessment should feed into the annual fraud strategy which defines the areas of focus for that year.
- A regularly reviewed anti-fraud policy should be in place which outlines the organisation’s approach to fraud, responsibilities and tone from the top. The policy should be widely publicised, internally and externally, and supported by a response plan to be implemented when incidents occur, and aligned to the organisation’s annual strategy for combating fraud.
- Provide periodic and effective anti-fraud training for all employees as well as bespoke training for key risk areas such as finance, procurement and HR/recruitment. Training and other communications should include a statement from senior managers explaining their stance on fraud and demonstrating the ‘tone from the top’.
- Ensure that there are confidential and clearly defined reporting routes, supported by a sound whistleblowing policy and process, with a feedback mechanism where appropriate. The organisation should respond quickly to suspected fraud by initiating an investigation, preserving evidence and involving a counter-fraud specialist or law enforcement. Prompt action can help prevent further losses and minimise the impact of fraud.
- The anti-fraud programme in place should be regularly monitored and evaluated for effectiveness and updated when necessary.
We should know in the near future what the final wording of the Bill is, and hopefully the current confusion will be cleared up when the proposed Lords amendments are considered by the Commons (scheduled for 4 September). In whatever form, the new corporate failure to prevent fraud (or fraud and money laundering) offence will require all organisations to revisit their approach to how they prevent fraud being committed by employees or agents: the proposed legislation may potentially have a drastic impact on the risk environment of UK organisations small and large. This impact will no doubt be compounded by the addition of either the existing or a new money laundering regulatory framework, if government decides to go down that route.
In the meantime, a fraud risk assessment and effective risk-based approach are fundamental in establishing a proportionate anti-fraud programme and procedures that would be considered ‘reasonable’ to prevent fraud. If the organisation is in any doubt that its anti-fraud programme would satisfy the requirements of the new legislation, now would be the time to conduct a fraud risk assessment and consider what additional policies, procedures and controls should be incorporated to mitigate fraud risk.