Everywhere you look there are alarming statistics about fraud in the UK. The National Fraud Intelligence Bureau, part of the City of London Police, has quantified the value of reported losses due to fraud in the year ended 31 August 2023 at £2.7 billion. The UK Government’s Fraud Strategy, published earlier this year, highlighted that across England and Wales there were 3.7 million incidents of fraud reported in 2022, accounting for over 40% of all reported crime.

In response, the Government has announced a significant shift in its approach to tackling fraud that includes:

  • Strengthening how government, law enforcement, regulators, industry and charities work together to reduce fraud levels
  • A £100 million investment in law enforcement
  • Changes in the law intended to improve fraud prevention and reporting
  • The implementation of a new system for victims to report fraud to the police

The ‘failure to prevent fraud’ offence

One of the measures introduced – under the Economic Crime and Corporate Transparency Act 2023, which received Royal Assent on 26 October 2023, – is a new ‘failure to prevent fraud’ offence.

This offence is the next in a series of ‘failure to prevent’ offences intended to encourage organisations to take responsibility for poor systems and controls that may be exploited by individuals to break the law.

You may be aware of the existing ‘failure to prevent’ offences:

  • The ‘failure to prevent bribery’ offence introduced under the UK Bribery Act 2010
  • The ‘failure to prevent the facilitation of tax evasion’ offences introduced under the Criminal Finances Act 2017 

Under the ‘failure to prevent fraud’ legislation, a large organisation (defined in line with the Companies Act 20061) may be prosecuted with the potential for an unlimited fine where an ‘associated person’ (such as an employee, agent or subsidiary) commits a fraud offence intended to benefit the organisation or any person to whom the ‘associated person’ provides services on behalf of the organisation, regardless of whether senior management of the organisation was aware of the offence being committed. This may apply even if the organisation and the ‘associated person’ are based outside of the UK.

It is the word ‘benefit’ that makes this legislation interesting and something that most companies will have to seriously consider. It means that organisations (which includes not-for-profit entities and incorporated public bodies as well as companies) will have to assess whether or not their current fraud risk frameworks cover fraud perpetrated by the company or just focuses on the more common but not relevant (in this context) fraudulent attacks on the company, such as theft by employees or attacks from organised criminals.

The factsheet published by the UK Government on the ‘failure to prevent fraud’ offence makes it clear that the definition of fraud benefiting the company is wide, covering not only misreporting (for instance in the Annual Report and Accounts) but also:

  • Dishonest sales and trading practices hiding information from parties such as consumers or investors
  • Dishonest practices in financial markets

Organisations will need to consider whether statements they make about ESG-related matters, the effectiveness of their goods and services and any other reporting, either publicly or to specific third parties are accurate. This also covers statements made by any third-party agents acting on their behalf.

The risk of this fraud occurring could be more than an unlimited fine. It could have other consequences, such as serious reputational damage.

Is there a defence?

The ‘failure to prevent fraud’ offence legislation suggests that an organisation will be able to avoid prosecution if it is able to prove that, at the time that the fraud offence was committed, it had ’reasonable procedures’ in place to prevent this type of fraud from occurring.

Guidance on what constitutes ‘reasonable procedures’ is due to be published by the UK Government before the ‘failure to prevent fraud’ offence comes into force.

It’s widely anticipated that this guidance will be similar in nature to the guidance published by the Ministry of Justice in 2011 in relation to the ‘adequate procedures’ in the context of the ‘failure to prevent bribery’ offence and the guidance on ‘reasonable procedures’ published by HMRC in 2017 in relation to ‘failure to prevent the criminal facilitation of tax evasion’.

Both these guidance documents have been principle driven and referred to the importance of preventative procedures not being a tick-box exercise or a checklist of procedures; rather they should be embedded into the framework of the organisation.

What can organisations do now to prepare?

Organisations need to consider what anti-fraud procedures they currently have in place and ask the following questions:

  • Who is responsible for fraud risk at a Board level?
  • Do our current assessments consider the risk of fraud that benefits the company?
  • If they do, how wide is this assessment – is it just limited to the Finance function?
  • Can we demonstrate a strong anti-fraud culture at our organisation?
  • How widespread is fraud training? Does it explain what the responsibilities of our employees are and empower them to speak up if they need to?

The action being taken by the UK Government in response to the very high levels of fraud that are present in the UK is a positive step forward and we should welcome the legislative changes that come with the ‘failure to prevent fraud’ offence. This, along with the other measures being introduced by the UK Government, will hopefully make Directors fully realise that they have a responsibility to do more in this area and embrace the requirement to have demonstrable ‘reasonable procedures’ in place to prevent fraud.   

If you would like to discuss the legislation in more detail and the actions to be taken as a result, please contact Damien Margetson, Kathryn Wasteney or Matthew Croad.

[1] An organisation meeting at least two of the three following criteria: annual turnover of more than £36 million, balance sheet total of more than £18 million and/or more than 250 employees.