On 11 April 2023, the UK Home Office tabled an amendment to the Economic Crime and Corporate Transparency Bill (the Bill), which is currently making its way through the UK Parliament. The amendment introduces a much anticipated and long awaited new corporate offence of “failure to prevent fraud”. In part 1 of this article, we cover the key things companies around the world need to know about the proposed offence, and how they should prepare for it coming into force. In part 2, we will take a closer look at some interesting legal issues around the new offence, including what it seeks to achieve, its jurisdictional reach, and approach to defences.
Background
Under English law, a company will generally be liable for criminal offences only where the criminal conduct of a sufficiently senior individual or group of individuals can be attributed to the company (known as the “identification principle”). The identification principle has long been criticised for its limitations in holding companies accountable, and there have been persistent calls for reform, including by extending the “failure to prevent” model already implemented in respect of bribery[1] and tax evasion[2] offences to other financial crime. We discuss the options for the reform of corporate criminal liability in more detail in Chapter Ten of our Anti-Corruption Guide.
The government’s press release accompanying the new failure to prevent fraud offence explains that the intention is to “make it easier to prosecute a large organisation if an employee commits fraud for the organisation’s benefit.” It will do so by removing the “requirement to prove that company bosses ordered or knew about a fraud committed by an employee”.
What is the new “failure to prevent fraud” offence?
The “failure to prevent fraud” offence attributes liability to a company if a person “associated” with that company commits a substantive fraud offence intending to benefit:
• the company; or
• any person to whom, or to whose subsidiary, the associate provides services on behalf of the company.
A person is to be regarded as associated with a company if:
• they are an employee, agent, or subsidiary of the company; or
• they otherwise perform services for or on behalf of the company.
Who will be affected?
The new offence will apply to all “large” corporate bodies and partnerships in all sectors incorporated or formed anywhere in the world.
An organisation is “large” if it meets two of the three following criteria:
• More than 250 employees;
• More than £36 million turnover; and
• More than £18 million in total assets.
This is the first of the “failure to prevent” offences to be restricted in this way – both the corporate offences of failure to prevent bribery and failure to prevent the facilitation of tax evasion apply to all organisations, regardless of their size. The government’s stated aim in limiting the scope of the offence is to ensure that the compliance burden on businesses is proportionate.
What substantive offences are captured?
Companies will be liable under the new law in respect of certain fraud offences which are most likely to be committed in a corporate context, where those offences are committed by an associated person with the requisite intent (as explained above). The underlying offences include, for example, fraud by false representation under the Fraud Act 2006, false accounting under the Theft Act 1968, and fraudulent trading under the Companies Act 2006.[3]
Importantly, this list does not include any substantive money laundering offences because the government envisages that relevant organisations will already have anti-money laundering (AML) procedures in place under the UK’s existing AML regime. Nor are offences under sanctions control legislation included (an area where the regulator already has the power to levy civil penalties on companies on a strict liability basis). However, the door to that development is not closed: the offence list can be updated with additional economic crime offences through secondary legislation in the future.
Jurisdiction
The Bill does not expressly address the jurisdictional scope of the offence. However, the government has stated that while the offence will apply to companies and partnerships based overseas, it will only apply where companies’ employees or associated persons commit fraud under UK law, or fraud which targets UK victims. This suggests that the jurisdictional scope of the corporate offence is dependent on that of the underlying substantive fraud offence – which will typically require an element of the fraud to have taken place in the UK or for the fraud to have been carried out by a UK registered company or UK individual. Accordingly, the jurisdictional scope of the new offence is much narrower than, for example, the scope of failure to prevent bribery, which applies to all organizations incorporated or carrying on business in the UK in respect of the conduct of an associated person, wherever in the world that conduct takes place.
Is there a defence?
A defence is available if an organisation can show that it had “reasonable” fraud prevention procedures in place or if it was not reasonable in all the circumstances to expect the organisation to have any prevention procedures in place. This follows in the footsteps of the defence to the failure to prevent tax evasion offence but stands in contrast to the defence to failure to prevent bribery, which requires that “adequate” procedures be in place. However, the government does need to publish guidance on reasonable fraud prevention procedures (the Guidance) before the offence can come into force.
In addition, in the case of fraud by a company’s associate intended to benefit a person to whom, or to whose subsidiary, the associate provides services on behalf of a company, a company would not be liable if it was itself a victim of the fraud offence (or was intended to be).
Penalty
As with the offences of failure to prevent bribery and failure to prevent the facilitation of tax evasion, a company convicted of failing to prevent fraud faces an unlimited fine.
How should companies prepare?
The Bill has yet to receive Royal Assent and is therefore some way off becoming law. In addition, and as mentioned above, the government must publish the Guidance before the new offence can come into force. To put this in context, the Bribery Act 2010 received Royal Asset in April 2010 and the accompanying guidance was published in March 2011, with the offences coming into force four months later in July 2011. We could therefore see “failure to prevent fraud” coming into force towards the end of 2024.
Companies should use this time lag to be proactive, taking stock of their existing systems and controls to prevent financial misconduct and testing their effectiveness in anticipation of the new legislation. While most organisations will be able to leverage existing compliance procedures, these will need to be carefully reviewed and revised where necessary to take into account the additional risks presented. Companies will also need to ensure that their legal and compliance functions understand the structure of the anti-fraud procedures and that employees are fully trained on any new requirements. Crucially, new procedures and controls must be properly explained to and implemented across the whole organisation, driven by a clear “tone from the top” set by senior management.
Footnotes
[1] Section 7, Bribery Act 2010
[2] Sections 45 and 46, Criminal Finances Act 2017
[3] The full list of substantive offences covered is: fraud by false representation (Section 2, Fraud Act 2006); fraud by failing to disclose information (Section 3, Fraud Act 2006); fraud by abuse of position (Section 4, Fraud Act 2006); obtaining services dishonestly (Section 11, Fraud Act 2006); participation in a fraudulent business (Section 9, Fraud Act 2006); false statements by company directors (Section 19, Theft Act 1968); false accounting (Section 17, Theft Act 1968); fraudulent trading (Section 993, Companies Act 2006); and cheating the public revenue (common law).
[View source.]
