The new failure to prevent fraud (FtPF) offence, which will come into effect on 1 September 2025, poses some potential challenges for an in-house legal team (Legal Team) including anticipating and mitigating associated risks such as:

(1)        the risk that a member of the Legal Team commits an underlying fraud offence (which triggers liability for the company) including potentially through aiding, abetting, counselling or procuring the commission of the offence by another person; and

(2)        the risk that a member of the Legal Team fails to act as an effective preventative control when advising the business, for example by failing to identify and prevent an offence by another person when they ought reasonably to have done so.

We set out below some key considerations for members of a Legal Team in relation to feeding into the organisation’s risk assessment, reviewing policies and procedures and supporting engagement with third-party associated persons. The role played by the Legal Team should also be informed by the Solicitors Regulation Authority’s (SRA) recent guidance for Legal Teams so as to ensure that appropriate support is provided which enhances the organisation’s reasonable prevention procedures. 

1.How will the Legal Team feed into relevant risk assessments?

As part of an organisation’s risk assessment, the Legal Team may need to consider and provide input to colleagues regarding the circumstances in which the various underlying fraud offences could arise within the Legal Team or as a result of interactions with other ‘associated persons’.  It may seem unlikely that a member of the Legal Team would commit fraud (the UK Finance Guidance suggests that professional or regulated status may be an indicator of lower risk referencing the Home Office Guidance which suggests including such checks as part of due diligence on associated persons). However, going through the risk assessment process including considering potential ‘what if’ scenarios, rating these and identifying the relevant controls is clearly an important exercise for the purpose of establishing reasonable procedures. 

Some examples of the sorts of scenarios in which fraud risk could potentially arise are where:

  • a member of the Legal Team forges / backdates documents or makes false statements in court or otherwise in legal proceedings, to auditors or as part of a transaction;
  • a member of the Legal Team fails to disclose information which is required to be disclosed (e.g. to the market, to regulators, to insurers and to counterparties etc.);
  • a member of the Legal Team discloses confidential information to a third party, for example with a view to building a client relationship with the third party or encouraging them to act in a way which benefits the relevant organisation; and / or
  • a member of the Legal Team advises directors about statements that they are due to make, knowing that those statements are false.

The Legal Team may also have a role in the organisation’s broader FtPF risk assessment process, including advising on the underlying offences and potentially feeding into the scenarios in which other functions and the business might commit fraud and the design of the risk assessment process. The Legal Team may also be involved in identifying the controls already in place to mitigate the relevant risks such as existing policies and procedures (some of which may be owned or contributed to by the Legal Team).

2.What role will the Legal Team play in reviewing existing policies and procedures?

As well as identifying and collating existing policies and procedures, Legal Teams may also have a role in reviewing existing policies and procedures to determine the extent to which any changes need to be made to ensure reasonable fraud prevention procedures taking into account the breadth of the FtPF offence and the focus on fraud on behalf of the organisation (as distinct from fraud at the expense of the organisation).

The UK Finance Guidance and the Home Office Guidance both highlight the expectation that organisations will leverage arrangements that are already in place to address existing regulatory requirements when building their FtPF compliance frameworks. However, in a large organisation, drawing together all the materials which are relevant to fraud prevention, identifying the gaps and considering updates can be a time-consuming exercise. Legal Teams may want to ensure that they are brought into the conversation with enough time to adequately feed into relevant discussions and reviews.

The Legal Team may also have a role in terms of preparing and rolling out training to relevant populations of staff including in relation to the offences and in updating policies and procedures.

3.How will you support the organisation’s engagement with third-party associated persons?

As one the six pillars of reasonable fraud prevention procedures, due diligence is a key area on which the Legal Team (together with compliance) may support the business in terms of both existing and new third-party service providers.  Activities may include a look back to see if any changes are needed to existing contracts or whether other measures can be implemented to safeguard against fraud being committed by associated persons; negotiating contractual arrangements and putting in place other relevant agreements and documentation to take account of the FtPF offence; and reviewing and enhancing the onboarding and monitoring process.

More broadly, FtPF will need to form part of the Legal Team’s general radar and be considered as part of day-to-day activities such as reviewing contracts; reviewing disclosures to counterparties, insurers, consumers, investors, auditors etc.; reviewing and implementing policies and procedures; and other issue spotting. As part of this, the Legal Team may need to give advice internally on the risks posed to the organisation by FtPF such as through failures to disclose or misrepresentations and may need to ask for more information or more time to allow for this, particularly in the immediate aftermath of the new offence coming into force.

The UK Finance Guidance references external lawyers as an example of persons who are providing services to the organisation and who are not acting for and on its behalf as an ‘associated person’ for the purposes of the FtPF offence. However, there may be circumstances in which external lawyers are providing services “for or on behalf” of an organisation and therefore need to be considered as part of a FtPF implementation project. By way of example, if an organisation outsources the preparation of regulatory filings / notifications to an external law firm, some of the services provided by the firm could be “for or on behalf” of the organisation.  The Legal Team may need to give some thought to the extent of the organisation’s relationships with such third parties, and the different services provided which need to be considered as part of a FtPF implementation project.

4.What do you need to be thinking about in the context of broader SRA expectations?

The approach to FtPF also needs to be considered in the context of the broader regulatory framework for in-house solicitors, particular in light of the SRA’s 2023 thematic review and November 2024 suite of guidance for in-house solicitors.  Written policies and procedures and training for the Legal Team which take into account the SRA’s expectations and help in-house solicitors comply can also be useful elements of an organisation’s reasonable fraud prevention procedures and factored into its risk assessment.  Particular areas of focus include:  

  • Independence: In issuing its guidance for in-house teams, the SRA has emphasised the key role that this part of the profession plays in helping organisations to behave legally, fairly and ethically.  In particular, when advising the business, it is important for solicitors in the Legal Team to retain their independence and to feel supported in challenging decision-making by others within the organisation, particularly those from the business. In high-pressured and time-critical situations, the Legal Team may feel under pressure to follow the business’ approach and such situations could allow potentially fraudulent practices to go unchallenged.  Recognition of the independent role of in-house lawyers, including written policies and procedures enshrining this principle and providing guidance on challenge mechanisms can assist in empowering solicitors and also providing the organisation with additional fraud prevention protection.
  • Reporting wrongdoing: Solicitors in the Legal Team have a duty to escalate and report certain concerns about their organisation’s actions such as where they consider that the organisation or individuals within or connected to it have acted improperly.  In particular, the SRA has flagged that it expects solicitors to report internally actual or potential breaches of the law and external reporting may also be required in certain circumstances (for example where internal reporting is ignored and wrongdoing persists).  In a FtPF context, scenarios in which a reporting obligation could arise include where a solicitor has concerns about fraud by a colleague (including outside the Legal Team) or another associated person. The Legal Team may want to consider the relevant policies and procedures for escalation and ‘speak up’ by its members including taking into account that the information could be privileged and factoring these mechanisms into the organisation’s risk assessment and evidencing of reasonable fraud prevention procedures. 
  • Privilege: The SRA’s guidance includes consideration of legal professional privilege from an in-house perspective. In particular, in-house solicitors must think carefully about who their client is and use privilege appropriately. Asserting privilege where it is not appropriate to do so, particularly when in-house legal teams are put under pressure to apply privilege labels to avoid or suppress disclosure of documents, can, in extreme circumstances, create risk from a FtPF perspective. Written policies and procedures/independent review may assist in mitigating this risk.
  • Record-keeping: Retaining an appropriate audit trail is a perennial focus for regulators and enforcement authorities. The new FtPF offence puts this further into the spotlight, given the importance of an organisation being able to evidence its “reasonable procedures” and any relevant decision-making.  The Legal Team may have a role in advising the business / others within the organisation about the extent to which records should be kept as well as involvement in creating and maintaining the relevant records in an organised and accessible manner.

Our FtPF team is advising clients on preparing for the new offence including providing support to in-house teams on their input to the process and complying with regulatory expectations so please get in touch if a conversation would be helpful. For further resources in relation to FtFP please see our dedicated knowledge hub.