On 11 April 2023, the UK Home Office tabled an amendment to the Economic Crime and Corporate Transparency Bill (the Bill), which is currently making its way through the UK Parliament. The amendment introduces a much anticipated and long awaited new corporate offence of “failure to prevent fraud”. In Part 1 of this article, we covered the key things companies around the world need to know about the proposed offence and how they should prepare for it coming into force. In Part 2, we take a closer look at some interesting legal issues around the new offence, including what it seeks to achieve, its jurisdictional reach, and approach to defences.
What does the offence seek to achieve?
The current Director of the Serious Fraud Office (SFO) has commented that the offence would be a “game changer” for law enforcement, helping the SFO “crack down on fraudulent enterprises, compensate their victims and ultimately protect the integrity of our economy”. Interestingly, despite this optimism, the government’s impact assessment states that the main benefit of the legislation is deterrence as a result of increased awareness and a “significant increase in prosecutions is not expected”.
The impact of the “failure to prevent” model, first introduced under the Bribery Act 2010, undoubtedly marked a shift in corporate compliance culture; companies have increasingly become more concerned with their internal compliance controls, adopting more rigorous procedures and providing more in-depth training to employees and associated persons. The government is clearly seeking to double down on this cultural change with the new offence, encouraging companies to prevent fraud happening in the first place.
Narrower jurisdictional scope
As explored in Part 1 of this article, it appears that the jurisdictional scope of the failure to prevent offence will depend on that of the underlying substantive fraud offence.
In respect of all the substantive underlying offences, jurisdiction under UK law can only be established either: (i) by reference to the standard common law position, i.e., that jurisdiction will arise only if the offence (including a constituent element of the offence and in some cases the result of an offence) takes place in England and Wales; or (ii) in respect of certain offences where there are specific statutory rules in relation to jurisdiction, where a “relevant event”, essential to the commission of the offence, occurs in England and Wales.[1] In respect of substantive fraud offences under the Fraud Act 2006, this includes the crystallisation of the loss or gain intended by the offender.[2]
Taken together, this means that the jurisdictional reach of the new failure to prevent fraud offence is somewhat narrower than that of failure to prevent bribery, which applies to organizations incorporated in or carrying on business in the UK, but would apply irrespective of whether the acts or omissions of bribery took place in the UK or elsewhere. The failure to prevent bribery offence has an extensive territorial reach: it applies to a business formed or incorporated outside the UK, but that carries on part of its business in the UK, where the bribery is conducted entirely outside the UK by an associated person who has no connection with the UK and who is performing services outside the UK.
The wide territorial reach of the failure to prevent bribery offence had a significant impact on global companies’ approach to compliance. It promoted cross-jurisdictional compliance frameworks with companies implementing their anti-bribery and corruption policies and procedures consistently across all subsidiaries globally. As such, most companies have already overhauled their compliance programmes. Notwithstanding the fact that the new offence does not apply to misconduct taking place outside the jurisdiction, it is likely that most companies will already have in place global systems and controls to ensure accurate record-keeping and prevent financial misconduct.
Broader benefit scope
The new failure to prevent fraud offence is also different to the previous failure to prevent offences in other respects. Specifically, liability for failure to prevent fraud can be attributed to a company if a person “associated” with that company commits a substantive fraud offence intending to benefit either that company or any person to whom, or to whose subsidiary, the associate provides services on behalf of the company (emphasis added). This means that organisations could be liable “if the conduct was intended to benefit it indirectly by assisting a client (but not if the intention was to harm the organisation itself)”.[3]
By contrast:
- The failure to prevent bribery offence requires that a bribe is paid by a person associated with a company for the purpose of obtaining or retaining business or an advantage in the conduct of business for that company[4] – it does not capture bribes paid for the benefit of another person.
- The failure to prevent tax evasion offence does not specify for whose benefit the underlying tax evasion must have been committed.[5]
“Reasonable” or “adequate” procedures – what is the difference?
A defence is available if an organisation can show that it had “reasonable” fraud prevention procedures in place or if it was not reasonable in all the circumstances to expect the organisation to have any prevention procedures in place. Organisations will be eagerly anticipating anything that might shed light on how rigorous their procedures need to be, to ensure that they are sufficient for the purposes of the offence while remaining proportionate to their size and inherent fraud risk of their business. It should be noted in this context that government guidance published to accompany the offence of failure to prevent facilitation of tax evasion states that, “in some limited circumstances it may be unreasonable to expect a relevant body to have prevention procedures in place.”
Whether there is a difference in practice between “reasonable” and “adequate” is still unclear – there has yet to be any judicial commentary on the distinction, and companies are therefore still somewhat in the dark. It is possible that the government is choosing to move away from adequate [VE1] and towards reasonable due to concerns that adequate could, in hindsight, be interpreted too stringently, leading to unfairly harsh decisions.
Conclusion
Despite these differences, the new failure to prevent fraud offence marks a substantial development in corporate criminal liability and will undoubtedly achieve the government’s aim of increasing awareness of the risks around fraud. While the Bill has yet to receive Royal Assent and is therefore some way off becoming law, companies should take advantage of this time lag to consider and test the effectiveness of their existing compliance framework, ensuring that training on the impact of the legislation and any new procedures or controls is provided throughout the organization. That being said, the new offence is unlikely to result in a drastic shift in corporate compliance programmes; many organisations will be able to leverage their existing framework, with tweaks, enhancements, and new controls where necessary.
Footnotes
[1] Section 2(1), Criminal Justice Act 1993
[2] Section 2(1A), Criminal Justice Act 1993
[3] Corporate Criminal Liability – summary of the options paper
[4] Section 7, Bribery Act 2010
[5] Sections 44 and 45, Criminal Finances Act 2017
[View source.]
