Corporate: “Failure to prevent fraud” to be new offence
A new “failure to prevent fraud” criminal offence is to form part of the Economic Crime and Transparency Bill, which is part of the range of measures designed to prevent the abuse of UK corporate structures and battle economic crime.
The new offence
The new offence will make an organisation liable where a specific fraud offence is committed by an employee or agent for the organisation’s benefit, and the organisation did not have reasonable fraud prevention procedures in place. Organisations could face an unlimited fine if convicted in England & Wales; in Scotland this would be limited to the statutory maximum.
This new offence was added via an amendment to the bill and forms part of a range of “failure to prevent” crimes, such as in relation to bribery and tax evasion. Although there are existing powers to fine and prosecute organisations and their employees for fraud (and related offences), the UK Government is keen to close loopholes which have hindered previous prosecutions.
Identification doctrine
The use of “failure to prevent” within the new offence follows on from comments as to the difficulty in using the “identification” doctrine in holding organisations liable. This doctrine at present requires an organisation to be held liable for a criminal offence only where the person concerned at the material time was the “directing mind and will” of the company. This has caused difficulties in prosecutions especially in relation to larger and more complex organisations – see Serious Fraud Office v Barclays plc [2018] EWHC 3055 (QB). Proposals have been made to reform the identification doctrine and include senior managers within the scope of who can be considered as the “directing mind and will” of an organisation.
Types of fraud caught
The Government aims to capture the fraud and false accounting offences that are most likely to be relevant to organisations, in all sectors. At present this includes both common law offences (such as “cheating the public revenue”, conspiracy to defraud, fraud, uttering, embezzlement and theft) and numerous statutory offences (examples include fraud, fraudulent trading, prohibited financial assistance, failing to disclose knowledge or suspicion of money laundering, fraudulent evasion of VAT, and misleading the FCA or PRA).
There is therefore an extensive list of behaviour that could fall foul of this new offence, including in relation to transactions and warranties, dishonest sales practices etc. The offence is also stated to have extraterritorial effect: if fraud is committed under UK law or targets UK victims, the organisation could be prosecuted, even if the organisation (or its employee/agent) is based overseas.
How to avoid liability
There is a defence if the organisation can demonstrate that there are reasonable procedures in place to prevent fraud. This is a change in approach from organisations being viewed as fraud victims, and is intended to drive change without duplicating existing legislation or policy. The Government has advised it will publish guidance as to what prevention procedures will be considered to be enough.
What next?
At the moment the legislation is expected to be in force by the end of next year. Further amendments that have been proposed include an offence of failure to prevent money laundering, though it is not yet clear if this will form part of the legislation. Another aspect to keep an eye on is whether the offence will only target large organisations (i.e. one that meets two out of three of the following criteria: more than 250 employees, more than £36 million in turnover and more than £18 million in assets). This limitation was in the original draft but has been criticised in some circles, given that bribery and tax evasion have no such exemption. However the Government stated (in its factsheet dated 20 June 2023) that this will be kept under review, and the threshold at which organisations can be excluded could be amended in the future if thought necessary. At the last Lords consideration of the bill (10 July 2023), an amendment was suggested to remove the “large organisation” size threshold.
Although we are still waiting for guidance on what constitutes a “reasonable” procedure to prevent fraud, organisations should carry out a risk assessment and be proactive in relation to reviewing their systems, procedures and controls in order to focus on red flag areas. Training, policies and procedures should be updated to manage the risk in relation to all aspects of the organisation.