‘Failure to prevent fraud’ offence: How does it affect companies’ businesses?

In a decisive move to combat corporate fraud, the UK government has enacted the Economic Crime and Corporate Transparency Act 2023 (the Act), which became law on 26 October 2023. This landmark legislation introduces the “Failure to prevent Fraud” offence, significantly augmenting corporate accountability. The Act targets organizations benefiting from fraudulent activities perpetrated by their employees or agents, especially in the absence of sufficient fraud prevention measures. The wide scope of the offence covers various fraudulent activities.

The Act, which represents a significant evolution in the landscape of corporate crime legislation, builds on the foundation laid by The Bribery Act 2010, a pioneering law in its scope and application. The Bribery Act established accountability for UK firms in preventing bribery, both within the country and internationally. And it was noted for its extensive territorial reach, requiring rigorous compliance from companies with global operations.

The legislative frameworks have similarities and differences in their approach to corporate crime.

The UK’s “Failure to Prevent Bribery” offense, under Section 7 of the Bribery Act, is applicable to all commercial organizations, irrespective of their size, and carries a global jurisdiction. This means any UK entity can be held accountable for bribery offenses, regardless of where the acts occur. The focus of the legislation is on bribery and corrupt practices, with the responsibility being of a corporate criminal nature. For defence, a company must prove the implementation of “adequate procedures” to prevent bribery. Penalties for non-compliance can include unlimited fines.

The “Failure to Prevent Fraud” offense under Section 199 of the Act is primarily aimed at larger organizations, defined as those with more than 250 employees, a turnover exceeding GBP36 million, and assets over GBP18 million. This law has extraterritorial reach, applying to non-UK entities that fail to prevent fraud in the UK. It encompasses a variety of fraud-related offenses, such as fraud by false representation, obtaining services dishonestly, and fraudulent trading. The responsibility here is corporate criminal liability, and organizations can defend themselves by demonstrating they have implemented measures to mitigate the risk of prosecution under the abovementioned offence, considering the following refined strategies:

• Development and implementation of “reasonable procedures” by customizing fraud prevention procedures: following the issuance of government guidance on what constitutes “reasonable procedures” (see, GOV.UK, HMRC internal manual “International Exchange of Information Manual”, 23 January 2024) organizations should develop tailored fraud prevention protocols.

• Comprehensive risk assessment by tailoring fraud risk frameworks: organizations should conduct detailed assessments of their fraud risk frameworks, ensuring they encompass both internal and external fraud risk.
  
  
• Cultivate a strong anti-fraud culture level: it requires active engagement from top management down to every employee. Organizations should focus on education and training programs that highlight the importance of ethical behaviour, the implications of fraud, and the role each individual plays in preventing fraud.

• Regular review and adaptation, a dynamic approach to fraud prevention: organizations should commit to a continuous process of reviewing and updating their fraud prevention measure.
  
  
• Enact due diligence: organizations should extend their fraud prevention strategies to include comprehensive due diligence on all partners, suppliers, agents, and any third parties involved in the business. Companies should also implement rigorous screening processes for new hires and continuous monitoring of existing employees can significantly reduce the risk of internal fraud. This should include regular reviews of employee access to sensitive information, financial controls to prevent embezzlement, and conflict of interest policies.

These measures not only mitigate legal risks but also contribute to establishing a more ethical business environment, ultimately benefiting the organization’s reputation and stakeholder trust.

The Act also provides penalties for non-compliance including unlimited fines for organizations, with no individual liability for company executives under this specific offense, though individuals may still face prosecution for their personal involvement in fraudulent activities.

In a marked advancement, the Act amplifies the regulatory scrutiny placing a heightened emphasis on transparency and corporate integrity, extending and intensifying the principles of corporate accountability and legal compliance on a global scale.

interesting to note that the Act shares similarities with the Italian Legislative Decree No. 231/2001 which introduces administrative liability for entities. This liability arises from the entity’s failure to implement effective prevention models to deter a range of crimes, including corruption, fraud against the state, and environmental crimes. The decree mandates the adoption of a compliance program (Organisation, Management and Control Model) to prevent such crimes, with guidelines provided by Confindustria and other associations. Penalties under this framework can include fines, business activity bans, and disqualification, underscoring the decree’s focus on the importance of compliance programs and internal control systems.

These laws collectively underscore the global shift towards proactive corporate governance. They mandate robust internal controls, encourage ethical corporate cultures, and stress individual accountability. The emphasis on preventive measures rather than mere punitive actions marks a significant evolution in legal approaches to corporate misconduct. Corporations must navigate these diverse legal landscapes, ensuring compliance through dynamic, comprehensive internal policies.