In February 2022 it was confirmed that a new UK offence of failure to prevent fraud will be progressed as a priority, following the UK Law Commission report on corporate criminal liability in 2022. The UK Government is planning to introduce the offence as an amendment to its Economic Crime and Corporate Transparency Bill. The proposed offence forms part of broader reforms of corporate criminal liability in the UK (discussed in more detail here).
Although the details of the offence are still to be clarified, a failure to prevent fraud offence will change the landscape for fraud investigations and compliance in the UK. In particular, it will shift the focus from companies as victims of fraud (inward fraud) to make it easier for companies to be prosecuted for fraud by employees or third parties that the company benefits from (outward fraud). It will also require many companies to make significant changes to fraud compliance programmes to cover outward fraud.
We have been receiving various questions from clients on the proposed offence. In this blog we explore some of the most common questions, explaining what the new offence will likely cover, when it will come into force, and how companies can prepare in the meantime.
Over the coming weeks, we will be publishing a series of blogs considering in more detail the scope of potential offences, the types of fraud which may be caught, and the broader implications.
What will the new offence look like and what are the implications?
It is likely that under the proposed offence of failure to prevent fraud, a company would be criminally liable for fraud where:
- an associated person of a company (which is likely to be defined broadly and include employees, subsidiaries, service providers and intermediaries) commits an offence of fraud; and
- the offence was for the benefit of the company, or a person to whom services are provided on behalf of the company.
Similar to the UK Bribery Act, it is likely to capture companies carrying on a business in the UK as well as UK companies and the only defence is likely to be where the company can show it had in place “adequate” or “reasonable” procedures to prevent fraud.
The proposed offence is significantly broader than the current position, in which companies are only criminally liable for fraud where a directing mind and will of the company, e.g. a very senior executive or director, has been personally involved in the fraud.
Given the significant increase in civil claims alleging fraud (see our commentary here and here), we expect to see companies increasingly facing parallel civil fraud proceedings and criminal investigations. There is also likely to be a greater risk for companies of private prosecutions brought by victims of the fraud.
When will the new offence come into force?
We would expect that the new offence will come into effect in 2024 to allow for guidance on “adequate” or “reasonable” fraud procedures (similar to the Ministry of Justice Adequate Procedures Guidance in relation to the UK Bribery Act) to be prepared and issued.
What do companies need to be doing now?
We have set out below five key steps companies can take to begin to prepare for the new offence (and to manage fraud risk generally):
- Risk assessments: companies should conduct fraud risk assessments (or adapt existing fraud risk assessments), ensuring the risk of both inward and outward fraud is assessed.
- Policies and procedures: businesses will need to ensure that they have in place and can demonstrate reasonable (and risk-based) procedures to prevent fraud. Existing policies and procedures should be supplemented based on the results of the risk assessment.
- Training: companies should update their fraud training, making sure that this includes outward as well as inward fraud by reference to real life examples (ideally those faced by the company or its peers). Tailored training for employees in higher risk positions should be considered.
- Due diligence: companies should enhance existing third party and M&A due diligence processes to include outward fraud risks, and ensure that appropriate fraud-related contractual protections are put in place.
Monitoring and review: as companies build or supplement their fraud compliance programmes they should ensure that monitoring and review processes (e.g. transaction testing, sample auditing) cover both inward and outward fraud.