Closing a loophole with the new failure to prevent fraud offence: What you need to know

The Economic Crime and Corporate Transparency Act received Royal Assent on 26 October 2023. Its provisions are coming into force in stages and the first few stages are now in force.  

Some of the key themes of the current reform (including practical pointers) are summarised in our article on the Economic Crime and Corporate Transparency Bill.

The Economic Crime and Corporate Transparency Act 2023 (“Act”) introduces the new offence of failure to prevent fraud. It is anticipated to come into force in the early part of 2024. 

Organisations will have a defence if they can prove they had reasonable prevention procedures in place at the time the fraud offence was committed or that it was not reasonable in all the circumstances to expect them to have such procedures in place (section 199(4) of the Act). Government guidance is awaited in this regard.

However, in view of the wide range of criminal activity caught by the offence, organisations should be prepared to carefully review and potentially adapt their existing practices, policies and procedures.

The offence

An organisation meeting the eligibility criteria will commit the criminal offence of failing to prevent fraud if:

• an ‘associated person’ commits a specified fraud offences intending to benefit (whether directly or indirectly) the organisation (section 199(1)(a) of the Act), or any person who receives services from the organisation (section 199(1)(b) of the Act); or
• an employee of the organisation commits a specified fraud offence intending to benefit (whether directly or directly) the organisation, and the fraud offence is committed in a financial year of the organisation’s parent undertaking and the parent meets the eligibility criteria of a ‘large organisation’ within the meaning of section 202 of the Act (section 199(2) of the Act).

An organisation will not commit the offence under section 199(1)(b) of the Act if it was or it was intended to be, a victim of the specified fraud offence (section 199(3) of the Act).

An ‘associated person’ includes an employee, agent and a subsidiary of the organisation and any person who performs services for or on behalf of the organisation (section 199(7) of the Act). An ‘associated person’ also includes an employee of a subsidiary of a parent undertaking (section 199(8) of the Act).

The offence has extraterritorial effect in that it will apply to organisations doing business in the United Kingdom and those working for them. Therefore, foreign organisations could commit the offence if one of their associated persons commits fraud under UK law or targets UK based victims.

Eligibility criteria

The offence applies to corporate entities (including charities and incorporated public bodies) and partnerships (each a “relevant body”) who meet two of the three following criteria in the financial year preceding the specified fraud offence:

• A turnover of more than £36 million
• A balance sheet total of more than £18 million
• More than 250 employees

(Section 201 of the Act)

It is worth noting that if an organisation (A) is a member of a group then, notwithstanding A may not satisfy any of the above criteria, criminal liability will still be incurred if its employee commits a specified fraud offence, and the parent undertaking of A meets at least two of the three following criteria in the financial year preceding such offence:

• Aggregate turnover of more than £36 million net (or £43.2 million gross)
• Aggregate balance sheet of more than £18 million net (or £21.6 million gross)
• More than 250 employees

(Section 202 of the Act). In this instance, liability could attach to whichever member of the group was responsible for failing to prevent the fraud. Bearing in mind the offence refers to direct and indirect benefit in the alternative, liability could be incurred by the parent undertaking if an employee of its subsidiary commits the offence.  

The Act allows for the thresholds to be amended though secondary legislation. Therefore, the offence may well be expanded to include all organisations in the future.

Specified fraud offences

The fraud offences caught by the Act are broad and they cover both common law and statutory offences. They are listed in Schedule 13 (Failure to Prevent Fraud Offences) of the Act and include:

• cheating the public revenue (paragraph 1);
• false accounting and false statements by company directors under sections 17 and 19 respectively of the Theft Act 1968 (paragraph 3);
• fraudulent trading under section 993 of the Companies Act 2006 (paragraph 5);
• fraud by false representation, fraud by failing to disclose information and fraud by abuse of position under sections 2, 3 and 4 respectively of the Fraud Act 2006 (paragraph 6(a));
• participating in fraudulent business carried on by a sole trader under section 9 of the Fraud Act 2006 (paragraph 6(b)); and
• obtaining services dishonestly under section 11 of the Fraud Act 2006 (paragraph 6(c)).

The offence also includes aiding, abetting, counselling or procuring any of the above offences (section (6(b) of the Act).

By way of practical application, an offence could be committed for dishonestly making false warranties representations (for instance, within transaction documentation, annual reports and insurance claims).  The Government’s fact sheet referred to below comments that fraud can be committed in a wide variety of ways; including dishonest sales practices, deliberate concealment of  important information from consumers or investors and dishonest practices in financial markets. The types of conduct caught by the failure to prevent fraud offence are not exhaustive.

Money laundering offences (already captured by existing legislation) are not included in the list of specified fraud offences relating to the failure to prevent fraud offence. 

It will not be necessary to prove that the organisation’s management knew about or ordered the fraud for a successful conviction under the failure to prevent fraud offence.

The penalty

The offence is punishable by an unlimited fine.

There is no liability for individuals within an organisation for failing to prevent fraud.

The way forward

Pending publication of further Government guidance, organisations would do well by:

• collating all internal fraud-prevention policies, procedures (including those relating to associated whistleblowing) and fraud risk assessment criteria in readiness to assess them against Government guidance when it is published;
• checking such information covers the risk of fraud which benefits the organisation and/or any member of its group (i.e. outward fraud) and, if it does, assessing the extent of such information;
• checking internal risk assessment protocols cover fraud in sufficient detail so as to capture the specified fraud offences mentioned above and reviewing them against any fraud issues encountered to date;
• checking whether the organisation has complied with its existing anti-fraud policies and procedures to date and the status of record keeping in this regard. Can it establish a robust anti-fraud culture?
• checking the position on training provided to staff and management in relation to fraud-prevention;
• preparing to update such training to ensure that those tasked with conducting fraud risk assessments and formulating fraud prevention procedures have sufficient knowledge of the offences covered by the new failure to prevent fraud offence; and
• reviewing the Government’s Factsheet: failure to prevent fraud offence and watching out for updates.