Crack down on corporate fraud: what businesses need to know about the new ‘Failure to Prevent Fraud’ Offence

What is the offence?

The ‘failure to prevent fraud’ offence is a new corporate offence where large organisations can be held criminally liable if an employee, agent, subsidiary or other “associated person” commits a fraud for the organisation’s benefit (directly or indirectly). It does not need to be demonstrated that the organisation’s senior managers or directors ordered or knew about the fraud.

Individuals who may have failed to prevent the fraud will not be personally liable under the offence, but the “associated person” who committed the fraud, (and anyone who encouraged or assisted them), may be prosecuted for the fraud in addition to the organisation being prosecuted under the ‘failure to prevent’ fraud offence.

This new offence builds on the principles established by the Bribery Act 2010, which introduced the failure to prevent bribery offence.

What is a “large organisation”?

The offence applies to “large organisations” which include corporate entities (not only private companies, but also not-for-profits and incorporated public bodies) and partnerships which meet two of the three following criteria in the financial year that precedes the year of the fraud offence:

• more than 250 employees;
• turnover exceeding £36 million; or
• total assets over £18 million.

These criteria apply to the whole organisation which includes any subsidiaries. Although SMEs are currently excluded, the government encourages all entities to adopt the guidance as a matter of good practice.

Specific fraud offences

The offence covers a range of fraud-related offences which are caught by the ECCTA 2023, including:

• cheating the public revenue;
• false accounting;
• false statements by company directors;
• fraudulent trading (under Companies Act 2006 and the Fraud Act 2006);
• fraud by false representation;
• fraud by failing to disclose information;
• fraud by abuse of position;
• obtaining services dishonestly; and
• participation in fraudulent business.

Overseas entities

The fraud offence requires a UK connection, meaning that one of the acts which was part of the underlying fraud must have taken place in the UK, or that the gain or loss took place in the UK. Where a UK-based employee commits fraud, the employing organisation may be held liable, even if the organisation is predominantly based overseas.

Similarly, if an employee of an organisation based overseas engages in fraudulent conduct in the UK, or targets victims based in the UK, the organisation may be held liable. However, the offence does not extend to UK organisations in situations where the fraudulent conduct was committed by overseas employees or subsidiaries with no UK connection.

Enforcement

Organisations found guilty of failing to prevent fraud can face significant penalties, including unlimited fines. Additionally, individuals within the organisation, such as directors or senior managers, may face reputational damage and can be held personally liable if they are found to have consented to or connived in the fraudulent activity.

Defence: reasonable procedures

Organisations can defend themselves against liability by demonstrating that they had “reasonable procedures” in place. This defence mirrors the approach taken under the Bribery Act 2010. The government has released guidance to consider when assessing your organisation’s risk profile. The key principles are:

• Leadership: senior management must be committed to preventing fraud.
• Risk assessment: consider where fraud is likely to occur in your business.
• Proportionate procedures: tailor your approach to your organisation’s size and risk profile.
• Due diligence: always know who you are working with.
• Communication and training: make sure everyone knows and understands the rules.
• Monitoring and review: keep your policies and procedures up to date.

Final thoughts

Large organisations need to act now. Likewise, businesses that do not currently meet the definition of a “large organisation” should also consider acting now as a matter of best practice and in anticipation of future changes in the law. Crucially, prevention measures should be risk-based, sector-specific and tailored to the organisation’s size.

Please get in touch with Stephanie Wilcox in our Employment team or Claire Banks in our Corporate & Commercial team for help with the practical steps set out above.