The new failure to prevent fraud offence: how will this operate in practice, and how can companies best prepare?

August 2023  |  EXPERT BRIEFING  | FRAUD & CORRUPTION

financierworldwide.com

 

The proposed Economic Crime and Corporate Transparency Bill, which is currently making its way through the UK parliament, will have a significant impact for organisations operating in (or which otherwise have links to) the UK.

Among other things, the Bill is seeking to introduce a new failure to prevent fraud offence, and to replace the ‘directing mind and will’ test for corporate criminal liability with a new ‘senior managers’ test. Recent proposed amendments have also introduced a failure to prevent money laundering offence, although it remains to be seen whether all of these will be included.

If approved, these changes are likely to come into force during the course of 2024, and could make it much easier to prosecute companies for economic crimes in the UK. The new failure to prevent fraud offence will, in effect, require companies to reinforce their compliance programmes, in a similar way to the UK Bribery Act more than a decade ago.

The new failure to prevent fraud offence

The introduction of the specific failure to prevent fraud offence would mean that companies will be liable where a person associated with the company commits a specified fraud offence intending to benefit either the company itself, or any person to whom the associated person provides services on behalf of the company.

Importantly, while the government’s broader anti-fraud strategy focuses on protecting companies and individuals from scammers, the failure to prevent offence is focused on fraud committed by a company’s employees or third parties, from which the company benefits.

The UK government has proposed nine underlying fraud and false accounting offences which would give rise to liability for a company unless it could demonstrate that it had ‘reasonable procedures’ in place to prevent associated persons (which may include employees, service providers, agents or other third parties acting on the company’s behalf) from committing fraud. These underlying offences include: (i) fraud by false representation (section 2 of the Fraud Act 2006); (ii) fraud by failing to disclose information (section 3 of the Fraud Act 2006); (iii) fraud by abuse of position (section 4 of the Fraud Act 2006); (iv) obtaining services dishonestly (section 11 of the Fraud Act 2006); (v) fraudulent trading (section 993 of the Companies Act 2006); (vi) participation in a fraudulent business (section 9 of the Fraud Act 2006); (vii) false statements by company directors (section 19 of the Theft Act 1968); (viii) false accounting (section 17 of the Theft Act 1968); and (ix) cheating the public revenue (common law).

The offence was initially drafted so as to apply to “large organisations”, being companies with two or more of the following characteristics: more than 250 employees, over £36m in turnover or over £18m in assets. However, it has recently been proposed that these requirements be removed, meaning that the offence will apply to all organisations regardless of their size.

The specifics of the new offence are still being debated and so are subject to change: in particular the  position on jurisdiction is still to be clarified, although the UK government has said that it will apply to companies overseas where an employee commits fraud under UK law, or targets UK victims.

How the offence may arise

There are three potential scenarios in which an offence could be committed, as outlined below.

Scenario 1. Company A needs to obtain additional financing from Bank Y to continue operating, and to do so has to demonstrate that it has met a certain profit threshold, as well as provide certain assets as security. The profits made in reality were very slightly short of the amount required. An employee in the finance team modifies the underlying figures so that the profit is at the level required and provides them to Bank Y. Another employee falsely represents that certain assets continue to be held by the company (which in fact have been sold). The financing is provided.

Scenario 2. As part of its annual report, Company B dishonestly reports that it is introducing a new technology which will increase efficiencies internally and save considerable amounts of money. A number of investors rely on this. In fact, the technology has not yet been tested, and ultimately is not implemented.

Scenario 3. Company C is being purchased by Buyer D. As part of the due diligence during the sale, Company C is asked whether any bribery issues have been encountered, but a significant bribery issue is dishonestly not disclosed as this could be a dealbreaker.

Historically, for any of the above companies to have been criminally liable for any of the above fraud offences, the ‘directing mind and will’ of the company would have had to have some level of involvement in the fraudulent acts. This is often very difficult to demonstrate, particularly in large organisations where workstreams are delegated down to different teams.

While reform has been proposed to the ‘directing mind and will’ principle, even where these changes are approved, it still may be difficult to prove ‘senior manager’ involvement. However, under the proposed failure to prevent offence, each of company A, B and C above would be potentially liable for an offence of a failure to prevent fraud by an employee where the fraud was intended for the benefit of the company, even where senior management had no knowledge of any fraud.

The only defence for a company would be to demonstrate it had reasonable procedures in place to prevent the fraud from occurring.

What would ‘reasonable procedures’ look like?

The UK government is yet to publish guidance on what may constitute ‘reasonable procedures’, but the Home Office’s impact assessment makes clear that it expects companies to be spending considerable time on conducting a specific, tailored, fraud risk assessment and implementing or enhancing policies and procedures. For example, the impact assessment sets out that the UK government expects companies to spend over 100 hours on conducting risk assessments and testing control frameworks.

Having conducted a risk assessment, companies should ensure that their policies and procedures are updated and enhanced in line with the results of the risk assessment, and that their systems and controls adequately and effectively address the risks posed.

Given the wide-ranging potential offences, a number of functions within a company could be at risk of committing offences in different ways. Various functions will therefore need to have input into the risk assessment process. Fraud risk assessments will also now need to include a focus on potential instances in which the company benefits from a fraud committed by an employee or a third party (as in the scenarios above), rather than just to protect itself against fraud from which it is a victim. It is important to consider who will ‘own’ this within the business; while input from multiple functions will be required, it is important that legal and compliance are closely involved to ensure the nuances of the offences are addressed both in the risk assessment itself, and in policies and the procedures to implement them.

Having conducted a risk assessment, the company would have to demonstrate that it had reasonable procedures in place to prevent that particular type of fraud. This could be a real challenge given the breadth of the offences and the complex ways in which they can be committed. In the scenarios above, reasonable procedures might mean that companies would have to show (among other things) that they had in place: effective controls to verify the accuracy of the profit figures and security position, processes to check the accuracy of statements and information presented to banks to obtain loans or to prospective buyers in the course of M&A processes, and processes to verify statements made in annual reports.

Companies should also make sure that the newly enhanced fraud compliance programme includes substantive training (and enhanced training for those in higher risk areas), procedures for escalation of queries or concerns, ongoing monitoring and review, and also ensures that fraud is an agenda item for the board and senior management.

 

Andrew Reeves is a partner and Claudia Van Gruisen is a senior associate at Norton Rose Fulbright LLP. Mr Reeves can be contacted on +44 (0)20 7444 3138 or by email: andrew.reeves@nortonrosefulbright.com. Ms Van Gruisen can be contacted on +44 (0)20 7444 5853 or by email: claudia.vangruisen@nortonrosefulbright.com.

© Financier Worldwide

BY

Andrew Reeves and Claudia Van Gruisen

Norton Rose Fulbright LLP

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.