Towards the end of last year, the UK Home Office published statutory guidance for organisations on the impending failure to prevent fraud offence. The offence will mean that large organisations risk being found criminally liable for the fraudulent activities of people associated with the business.

We previously reported on the government’s announcement to introduce the new offence, the scope of offences captured and who would be affected. Following publication of government guidance, Andrew Northage and Jocelyne Girgis from our Regulatory & Compliance team provide an update on the offence, what defences are available and what it means for your business.

The offence

A large organisation, as defined in section 201 of the Act, will be liable for failing to prevent fraud if a person associated with the business commits a specified fraud offence with the intention of directly or indirectly benefitting the organisation or its clients.

• Associated persons: the definition follows that of previous failure-to-prevent offences: “any person who performs services for or on behalf of the relevant organisation“. This captures officers, directors, employees and agents, but excludes those providing services to the organisation, such as lawyers and accountants. Suppliers of goods to the organisation are also excluded.
• Specified fraud offences: the offence applies to the fraud and false accounting offences the government considers most relevant to large corporations, as set out in Schedule 13 to the Act. Offences include fraud by false representation, failing to disclose information, abuse of position, participation in a fraudulent business or obtaining services dishonestly, fraud arising from false accounting or statements by company directors, fraudulent trading, and cheating the public revenue.
• Organisational benefit: the benefits resulting from fraudulent activity can be received directly or indirectly and may be financial or non-financial in nature. However, since fraud can be committed before any benefit is received, it’s enough that an organisation was an intended beneficiary of fraud. The intention to benefit the organisation doesn’t have to be the sole or dominant motivation for the fraud.
• Territorial scope: government guidance confirms that the new fraud offence won’t have the same extra-territorial reach as the failure to prevent bribery offence. It will only apply where one of the acts which was part of the underlying fraud offence took place in the UK, or the gain or loss occurred in the UK.
• Penalties: the offence can be prosecuted by the Crown Prosecution Service and the Serious Fraud Office in England and Wales, the Crown Office and Procurator Fiscal Service in Scotland, and the Public Prosecution Service in Northern Ireland. The offence sits alongside existing law, which means that individuals responsible for committing fraud may be prosecuted while organisations may also be prosecuted for failing to prevent it. If convicted, the organisation may receive a fine.

The defence

An organisation will have a defence if it can demonstrate that it had in place ‘reasonable fraud prevention procedures’ at the time the fraud was committed. Where there’s a prosecution, it will be a matter for the court to decide whether the fraud prevention procedures in place were reasonable in the circumstances.

Government guidance provides 6 principles which underpin the reasonable prevention procedures defence:

• Top level commitment: senior management are responsible for fraud prevention and detection. Such responsibilities include communicating and enforcing the organisation’s position on fraud prevention, making sure a comprehensive framework is in place, providing training and resourcing, leading by example and encouraging an open reporting culture.
• Risk assessment: fraud and economic crime risk assessments must be dynamic, documented and reviewed on a regular basis. As it’s not always possible to anticipate fraud risks, guidance encourages those conducting risk assessments to rely on information sources including data analytics, previous audits, sector-specific information and relevant enforcement actions.
• Proportionality of risk-based prevention procedures: a fraud prevention plan should be prepared to address fraud risks faced by an organisation specific to the nature, scale and complexity of its activities.
• Due diligence: any due diligence procedures should be proportionate and relevant to the specific corporate offence and identified risk.
  
• Communication and training: internal and external training provision is an important tool for making sure an organisation’s policies and procedures are communicated and embedded in business practice. For individuals in high-risk business functions, it may be necessary to tailor the training to meet adequacy requirements.
• Monitoring and review: frequently revisiting fraud detection and prevention procedures will enable the quick identification of lax controls and allow for timely process improvements to be made. Monitoring processes should encompass the detection of fraud, any investigations and the effectiveness of preventative measures already in place.

What does it mean for your business?

As raised in the government’s 2023 Fraud Strategy, fraud offences constitute around 40% of all crime in England and Wales. A wider range of fraud offences means that the new failure to prevent fraud offence will, by default, have a more significant impact on affected businesses than its bribery and tax evasion predecessors.

Prosecutors are likely to have an increased appetite to investigate and charge the new offence. We also expect regulators to step up their enforcement activity. For example, see our recent article on the fines being issued against financial institutions as the Financial Conduct Authority ramps up its financial crime control enforcement efforts.

Businesses should be fully aware of the risks and use the transition period to make sure their fraud defences are adequate by:

1. Conducting a risk assessment to check that anti-fraud policies, systems and controls are effective.
2. Reviewing and revising policies, guidance and training materials.
3. Updating agreements with third parties so that contractual provisions cover outward fraud.
4. Considering whether existing due diligence checks are effective in picking up potential red flags.
5. Building effective fraud auditing and monitoring processes.
6. Putting in place an effective whistleblowing facility for reporting fraud.

As developments progress in the lead up to the new offence, our Regulatory & Compliance team will continue to monitor the landscape to provide you with updates. Please keep an eye out for our next briefing covering the scope of large organisations affected by the change and the extent to which subsidiaries and smaller businesses may be impacted.

Failure to prevent fraud: How we can support you

Please contact Andrew or Jocelyne if you have queries about any of the points raised in this briefing or would like further advice, assistance or training in relation to the risks and prevention of fraud.

Our Regulatory & Compliance and Commercial Dispute Resolution specialists are experienced in dealing with all aspects of fraud prevention and cure. We help clients with the provision of staff training and preparation of policies and procedures to prevent, mitigate and respond to fraud. If the worst does happen, we can deal urgently and effectively with internal investigations and advise on an appropriate strategic response.