New corporate offence of “failure to prevent” fraud a “game-changer”, says SFO

Businesses which benefit from fraud perpetrated by employees are not yet held accountable for failing to prevent it. But they soon will be. Cracking down on this latest form of fraud is the most recent initiative in the government’s drive to reduce “economic” (or “financial”) crime – an umbrella term used to refer to a broad category of activity involving money, finance or assets, the purpose of which is to unlawfully obtain a profit or advantage for the perpetrator or cause loss to others.

The Economic Crime and Corporate Transparency Bill (“the Bill”) is a key part of the wider government approach to ensuring that law enforcement and the private sector have the tools needed to help tackle economic crime, including fraud. By way of amendment to the Bill, the UK government has recently tabled a new corporate offence of “failure to prevent fraud”.

The “failure to prevent” offence may sound familiar because it is already a corporate offence to fail to prevent both bribery and the facilitation of tax evasion. These offences make a business criminally liable where it has failed to prevent misconduct by an employee or agent. Adding the new offence of “failure to prevent” fraud puts the prevention of fraud by businesses on a similar legislative footing and is part of a recent trend of the state relying on the private sector in its fight against financial crime.

What are the features of the offence?

Under the new offence, an organisation will be liable where a person associated with that organisation (the associate) commits a specified fraud offence for the organisation’s benefit, and the organisation did not have reasonable fraud prevention procedures in place. Employees, agents and subsidiaries are automatically deemed to be associates. Other persons (individuals and corporates) that perform services for or on behalf of the organisation will also be associates. It will be irrelevant whether company bosses were aware of the fraud because strict liability will apply. However, what is not clear is the position where there were reasonable fraud prevention measures in place but they were ignored by staff and/or management. Convicted organisations will be liable for unlimited fines.

The new offence will include all types of fraud and false accounting offences relevant to corporations, mainly under the Theft Act 1968 and the Fraud Act 2006, including fraudulent trading, fraud by false representation and cheating the public revenue. According to the government’s Factsheet on the offence, the offence is likely to catch “dishonest sales practices, false accounting and hiding important information from consumers or investors” as well as “dishonest practices in financial markets”. Offences might also, arguably, arise as a result of fraudulent warranties and representations made in transactional documentation, insurance claims, prospectuses and annual reports. Thus, the offence is potentially a very broad one. The offence does not include fraud perpetrated for an associate’s own enrichment, nor where the corporate is itself a victim (a common scenario).

We do not know yet what will constitute “reasonable” procedures until the government has issued guidance, although it could be that this will look and feel very similar to the guidance applicable to the bribery and tax evasion offences. This existing guidance is in the form of six guiding principles which are designed to be flexible and outcome-focused, namely: proportionality of prevention measures, top-level commitment to preventing the offence, risk assessment, due diligence, communication and training, and monitoring & review.

To whom will the offence apply?

To ensure burdens on business are proportionate, the offence only applies to “large organisations”, namely: large bodies corporate and partnerships, large not-for-profit organisations such as charities, and incorporated public bodies in all sectors. “Large organisations” are defined as organisations meeting two out of three defined criteria: more than 250 employees; more than £36 million turnover; and/or more than £18 million in total assets.

There has been some criticism, for example by some MPs and anti-corruption campaigners, that SMEs are to be excluded (unlike for the failure to prevent bribery offence, which applies to all commercial organisations), although the offence could potentially be extended to cover all organisations in the future. Sir Robert Buckland, the Conservative MP and former Lord Chancellor, described the exclusion as “fraught with definitional difficulties”. Nevertheless, in its Impact Assessment on the new offence, the government anticipates that some SMEs may adopt improved procedures resulting in what it terms “spill-over benefits”.

A new tool in the armoury

At present a company can only be criminally liable for fraud by the acts of its officers or employees if their state of mind can be attributed to the company, such that they are considered to represent the company’s “directing mind and will”. This is a notoriously difficult hurdle for a prosecution to overcome. As far back as 2020, Lisa Osofsky, then Director of the Serious Fraud Office (“SFO”), commented that the UK’s system for prosecuting corporate fraud is “antiquated” and “not at all reflective of today’s world”. The new offence will now give prosecutors an easier line of attack when prosecuting organisations for fraud. Osofsky’s reaction to the proposed new offence is positive, stating that it has the “potential to transform prosecution of fraud, supporting our efforts to protect the UK economy”.

Historically, it has also been difficult to make organisations liable for fraud where they are part of large international groups of companies. Prosecutors may now move away from seeking to prove establishing guilt through the company’s directing mind and will and focus instead on the failure to prevent offence. The number of private prosecutions of organisations by disgruntled fraud victims may also increase, as well as civil claims, especially as businesses will be regarded as having deeper pockets than individual perpetrators of fraud.

As with the bribery and tax evasion offences, it seems unlikely that corporates will face an avalanche of investigative action; the Impact Assessment anticipates that most offences will be resolved by deferred prosecution agreements (“DPAs”) rather than by criminal proceedings. DPAs allow organisations to make full reparation for criminal behaviour without the collateral damage of a criminal conviction. DPAs also avoid an organisation being exposed to the risk that it may not be able to prove at trial that it had reasonable fraud prevention procedures in place.

Prevention is better than cure

The Bill is due to come into force by the end of 2024 when it receives Royal Assent, but the Bill requires that government guidance about reasonable procedures must be published before the new offence can come into force. In the meantime, organisations should take the opportunity to take a critical look at their compliance procedures.

Due to the existing offences of failure to prevent bribery and tax evasion, most large organisations may have some procedures and policies in place. Nevertheless, businesses may wish to undertake a risk assessment to identify any additional unaddressed risks arising from the new offence, focusing on the risk and likelihood of fraud in their business – particularly businesses more susceptible to fraud such as law firms, accountants, financial institutions and crypto-trade organisations. Those businesses that do not yet have robust procedures should take steps to put in place appropriate and workable compliance procedures. Once preventative measures are in place, these should be reinforced with compliance training and appropriate reporting systems for fraud, as well as regular reminders for staff. It is also worth noting that often the vulnerability in compliance policies lies in their implementation: the best-drafted policies are not worth the paper they are written on if not carried through, so businesses should implement systems which regularly monitor and review whether policies are working in practice.

What about SMEs? Whilst they may be tempted to think that they do not need to worry about reviewing their compliance processes, this would ignore the likelihood that the compliance strategies of many larger companies include risk mitigation measures obliging any companies in their supply chain to warrant that they too have reasonable procedures in place to prevent fraud, or procedures that mirror those of the larger company.

Don’t bank on your insurance policy

Another important reason for businesses to get on top of their procedures right now is to be sure that they can benefit from any crime/fraud line of cover in their insurance policies following conviction or as a result of a settlement under a DPA. Such lines of cover may be subject to the insured having adequate fraud control procedures; if it fails to put these in place, and quite probably if it fails to oversee the procedures adequately, this will give underwriters grounds to avoid the policy, leaving the business to pay what could be substantial sums out of its own pocket.

By the same token, organisations should also satisfy themselves that their insurance policies cover this liability. In view of the unlimited fine potential, this may be crucial.

A wake-up call for businesses

In reality, the government has much broader aims than just increasing enforcement for fraud. By putting businesses at the heart of its fight against fraud, it hopes to galvanise them to effect improved fraud prevention procedures, raising awareness and deterring fraudulent conduct, ultimately leading to a degree of change in corporate culture generally, as has been the case with the failure to prevent bribery offence. Referring to the new offence as a “game-changer”, Lisa Osofsky added that it would help the SFO “crack down on fraudulent enterprises, compensate their victims and ultimately protect the integrity of our economy”.

Further reading

Click below to access:

The information provided in this article is of a general nature and does not constitute, nor should be relied on, as legal or professional advice.

News & Insights