On October 26, 2023, the Economic Crime and Corporate Transparency Act 2023 (the “Act”) received Royal Assent. 

Among other provisions, the Act contains a new “failure to prevent fraud” criminal offence pursuant to which an organization may be liable where (i) a specified fraud offence is committed by an associated person (defined as an employee, agent or subsidiary of the relevant organization, an employee of a subsidiary, or a person who otherwise performs services for or on behalf of the organization), (ii) for the organization’s benefit, and (iii) the organization did not have reasonable procedures in place.

The date for implementation of the Act is not yet clear but it is expected to come into force in the first half of 2024.  Over the next few months, we also expect guidance to be produced by the U.K. government detailing what “reasonable procedures” look like, to assist organizations in assessing, and where necessary, improving their own compliance frameworks. 

In anticipation of the implementation of the offence, we briefly consider below the scope of the offence, and what organizations should consider doing at this stage to get ready.

To whom will the new “failure to prevent fraud” offence apply?

In our client briefing entitled “The UK’s Introduction of a New “Failure to Prevent Fraud” Offence Edges Closer”, we noted that the original proposal was that the offence only apply to large bodies corporate and partnerships.  Despite a proposed amendment by the House of Lords that the offence also apply to other (smaller) organizations, this was defeated by the House of Commons.

Accordingly, the new offence (currently) applies to larger companies and partnerships which meet at least two out of three of the following criteria:

  • more than 250 employees
  • more than £36 million in turnover
  • more than £18m in total assets

The offence will also apply to a parent company if the group meets, in total, two or more of the above three criteria.

Is the offence extra territorial?

In our client briefing “The UK’s Introduction of a New “Failure to Prevent Fraud” Offence Edges Closer”, we cited a fact sheet published by the U.K. Home Office on April 11, 2023. 

In that factsheet, it was made clear that the offence is intended to have some extraterritorial effect; namely, if an employee commits fraud under U.K. law, or targeting U.K. victims, their employer could be prosecuted, even if the organization (and the employee) are based overseas.

What offences are caught by the new “failure to prevent fraud” offence?

Again, despite a proposal by the House of Lords that the failure to prevent fraud offence should also cover money laundering, this proposal was rejected. 

Accordingly, the offences captured by the “failure to prevent fraud” offence are:

  • Fraud by false representation (section 2, Fraud Act 2006)
  • Fraud by failing to disclose information, (section 3, Fraud Act 2006)
  • Fraud by abuse of position (section 4, Fraud Act 2006)
  • Obtaining services dishonestly (section 11, Fraud Act 2006)
  • Participation in a fraudulent business (section 9, Fraud Act 2006)
  • False accounting (section 17, Theft Act 1968)
  • False statements by company directors (section 19, Theft Act 1968)
  • Fraudulent trading (section 993, Companies Act 2006)
  • Common law offence of cheating the public revenue

What are “Reasonable Procedures”?

As noted above, the only defence available to an organisation caught by the offence is that it had reasonable procedures in place to prevent fraud or that it was reasonable not to have such procedures in place.  The U.K. government is expected shortly to publish guidance as to what “reasonable procedures” look like.  Once the guidance is published, it is expected that the law will come into force soon thereafter.

In preparation for the publication of the guidance and the coming into force of the offence, organizations are well advised to consider:

  • Whether its existing policies and procedures are proportionate to the fraud risks faced by the organization or, if not, to implement new policies and procedures.  Those procedures should cover commercial and accounting controls, and must be clear, practical, accessible, and effectively implemented;
  • Ensuring that there is a top-level (e.g., board of directors, the owners or any other equivalent body or person) commitment to preventing fraud; the so-called “tone from the top”;
  • Assessing the risks faced by its business(es) on a periodic and informed basis.  The risk assessment(s) should be targeted and specific to the business(es) undertaken by the organization, in terms of sectors, jurisdictions, customers, etc.  The risk assessment should also be documented;
  • Whether effective due diligence is carried out, and documented, on persons associated with the organization and, if not, to put steps in place to undertake a proportionate and risk-based review of those associated persons;
  • Instituting a programme of appropriate training which is proportionate to the risks faced by the organization, noting that different training may be necessary for different employees and associated persons; and
  • Whether appropriate monitoring and review mechanisms are in place, including rights to audit third parties, etc. 

As noted on our previous articles, whether the new offence results in a higher number of convictions is yet to be seen but, as with the existing failure to prevent bribery and failure to prevent facilitation of tax evasion offences, the introduction of the new legislation is intended to drive better corporate behaviors.