Game Changing Corporate Offence of Failure to Prevent Fraud: RPC Analysis and Practical Guidance

"The introduction of this offence is likely to be the most significant change in financial crime legislation in the UK for ten years and larger companies should now start to take practical steps to get ready for the new law." - Sam Tate, Head of White-Collar Crime and Compliance and co-author of Bribery: a Compliance Handbook

On 11 April, the highly anticipated failure to prevent fraud offence was introduced in an amendment to the Economic Crime and Corporate Transparency Bill (the Economic Crime Bill or the Bill).  Although there has been much discussion of this potential offence since the start of this year, this amendment is significant as it is the first time that structure and detail of the offence has been formally included in the Bill.  The amendment gives a much clearer indication of how the failure to prevent fraud offence might operate when it comes into force. 

When enacted, this offence promises to become an important tool for UK economic crime prosecutors and is likely to see major changes to the compliance programmes of large companies in the UK and overseas.  

In this article, we will look at how the act is likely to operate, focusing on the developments that will be interesting to monitor as the Bill continues through Parliament along with offering some practical steps companies might take now to be as prepared as possible. 

The Context to the Failure to Prevent Fraud Offence 

Even prior to the amendment's introduction into the Bill, the failure to prevent fraud offence has received a great deal of attention.  Its introduction arises out of the long running consultation and related discussions regarding corporate criminal liability in the UK, in particular calls to reform the identification doctrine, which has presented challenges for prosecutors when pursuing corporates.  

The need to reform the tools to prosecute fraud, in particular, has come under scrutiny.  In its November 2022 report, the parliamentary Fraud Act 2006 and Digital Fraud Committee identified that fraud accounted for 41% of all crime committed against individuals in the UK and called for the introduction of a failure to prevent offence as one aspect of the approach to combat the offending. 

Throughout discussions of the Economic Crime Bill, there appears to have been real cross-party appetite for the introduction of such a "failure to prevent" offence.

How will the new offence operate? 

The amendment provides, for the first time, some relatively clear indications of how the offence will work in practice once it comes into law.

Many of the concepts contained in the failure to prevent fraud offence – such as associated persons, a defence based on preventative procedures and unlimited fines for offenders – are familiar from the failure to prevent offences already on the statute books (namely failure to prevent bribery under s.7 of the Bribery Act 2010 and failure to prevent tax evasion under Part 3 of the Criminal Finances Act 2017).  There are however some key distinctions in how the failure to prevent fraud offence will operate.  Of course, given the relatively early stage of the parliamentary debate over the offence, there is a chance changes may still be made to its structure.

Under the current drafting, a large organisation will be subject to an unlimited fine if:

1. A person who is associated with a relevant body commits a fraud offence with the intention of benefitting their organisation, or an organisation who they provide services to on behalf of the relevant body; and
2. The relevant body did not have in place reasonable fraud prevention procedures.

As currently drafted, the new failure to prevent fraud offence is unlikely to effectively address many of the issues identified by the parliamentary Fraud Act 2006 and Digital Fraud Committee in its November 2022 report.  That report focused on digital fraud schemes, including online scams.  It does not appear, for example, that the failure to prevent fraud offence will be a tool that could be used to prosecute companies operating search engines for putting up misleading adverts.  Rather, the new offence is perhaps best viewed as an attempt to address issues with the English law of corporate criminal liability, by introducing a further corporate offence that prosecutors will be able to pursue without meeting the high threshold of the "directing mind and will" test established by the identification principle.

We will look at how some of the specific aspects of the offence are likely to operate.

Which fraud offences are in scope?

The fraud offences covered by the offence are wide ranging and will include (as well as the aiding, abetting, or procuring the commission of such offences) the following offences:

• Fraud by false representation (section 2, Fraud Act 2006);
• Fraud by failing to disclose information (section 3, Fraud Act 2006);
• Fraud by abuse of position (section 4, Fraud Act 2006);
• Obtaining services dishonestly (section 11, Fraud Act 2006);
• Participation in a fraudulent business (section 9, Fraud Act 2006);
• False statements by company directors (Section 19, Theft Act 1968);
• False accounting (section 17, Theft Act 1968);
• Fraudulent trading (section 993, Companies Act 2006); and
• Cheating the public revenue (common law).

To whom does the new offence apply?

The drafting of the amendment makes it clear that the new offence will only apply to "large organisations".  These are defined as organisations who in the financial year prior to the year of the offence, satisfy two or more of the following:

• Turnover of more than £36 million;
• Balance sheet total of more than £18 million; or
• More than 250 employees.

Prior to the introduction of the amendment, there had been some discussion around whether the new offence would apply in the same way to companies of all sizes.  One perhaps unintended consequence of the failure to prevent offence in the Bribery Act, which does not expressly distinguish between companies of different size and resource, has been the significant attention smaller companies have needed to pay to implementing and managing anti-bribery policies and procedures, often at great expense.  It now seems clear that smaller companies will not be obliged to make equivalent changes for fraud prevention policies.

Scenarios where the new offence may affect the likelihood of a corporate criminal prosecution:

Scenario 1 – Misleading investors in an IPO: During an IPO process, an employee or agent of a company makes a deliberately misleading statement in its offer documents to bidders as to the value of the underlying assets of the company.  Even if senior management of the company did not instruct the employee to make the misleading statement, under the new offence, establishing criminal liability against the company is likely to be easier than under current law.

Scenario 2 – Misleading consumers as to the environmental impact of a product: Sales agents of a company that manufactures cars make deliberately misleading statements to potential customers as to the environmental impact of the cars when in operation.  Even where the manufacturing company did not have knowledge that the sales agents planned to make this statement, a corporate prosecution will be easier under the new offence.

Scenario 3 – Manipulation of interbank rates: An employee of a bank intentionally submits false interest rate figures to manipulate an interbank rate.  The new offence would not require prosecutors to establish knowledge of the scheme by senior management of the bank to establish a criminal prosecution.

Scenario 4 – Insurance mis-selling: A broker, acting on behalf of an insurance company, sells an insurance policy to a consumer, knowing that the policy was not suitable for that customer.  Even where the insurer was not involved in the sale, and there was nothing inherently wrong with the policy that was sold (if sold to the intended customers), prosecutors may be able to prosecute the insurer under the new offence.

A scenario where the new offence is unlikely to affect the likelihood of a corporate prosecution:

Misleading search engine adverts: A search engine runs an advertisement for a carbon credit trading scheme that is identified as a sham.  It is unlikely under the new offence that the fraudster setting up the carbon credit trading scheme would be an associate person of the search engine company, and therefore it is unlikely this would lead to a prosecution of that company under for failure to prevent fraud.

It should also be noted that the offence as currently drafted does not apply to individuals.  There had been some earlier indications in proposed amendments to the Bill that individual liability for failure to prevent economic crime offences might form part of the new package of offences.  It will be interesting to monitor if this prospect is raised again in subsequent discussions in Parliament.

Will the new offence have extra-territorial reach?

The offence will have extra-territorial reach.  Organisations based outside the UK could be prosecuted if an associated person commits the offence under UK law or when targeting those in the UK.

There are some issues surrounding the breadth of the offence's jurisdiction still to be resolved, but the failure to prevent fraud offence seems likely to have a jurisdiction that is as broad, or even broader than the Bribery Act s.7 offence.  Unlike the failure to prevent offence in the Bribery Act, which applies only to companies incorporated in the UK or those that carry on business in the UK, as currently drafted, there are no equivalent limitations to the entities to which the failure to prevent fraud offence will apply.  It will be interesting to see if there is discussion in Parliament about the jurisdictional scope of the offence, in particular, how it applies to companies with no connection to the UK.

Who will be a person who is associated with a relevant body?

The definition is similar to an "associated person" under the Bribery Act.  A person who performs services for or on behalf of a company will be an associated person under the new offence. As with the Bribery Act, employees, agents and subsidiaries are identified as potential associated persons.  However, unlike under the Bribery Act, under the new offence, as currently drafted, employees, agents and subsidiaries will automatically be associated persons of a company.  This would mark a change from the Bribery Act, particularly in the case of subsidiaries, where there is often real analysis to be performed as to whether they are in fact performing services on behalf of their parent company.

Who might be an associated person?

• Employees
• Agents
• Subsidiaries
• Advertisers hired by a company
• Brokers and sales agents acting for a company
• Professional advisers

Like the failure to prevent bribery and tax evasion offences, there will be a complete defence to the failure to prevent fraud offence if a company can show it had reasonable preventive procedures in place.

The amendment requires the Government to produce guidance on how companies will be able to demonstrate reasonable preventative procedures, so more specifics on the steps companies might be required to take will follow.  However, even before that guidance is published, it is possible to make an educated assessment of what will be expected of large companies.

One area we anticipate the guidance will cover will be how large companies use technology and data analytics in their fraud prevention.  While the guidance to the Bribery Act did not specifically refer to this, there are two factors that may now lead to an increased expectation on the use of technology and data as part of a suite of effective preventative measures.  First, more than a decade has passed since the guidance to the Bribery Act was issued.  Compliance-focused technology has improved and become significantly more widely used by companies in that intervening period.  An increased focus on technology and data in the guidance would be consistent with the approach taken in guidance on compliance programmes in other jurisdictions, such as in the 2020 US Department of Justice's guidance to federal prosecutors on evaluating corporate compliance programmes.  Second, the fact that the failure to prevent fraud offence will only apply to large companies might lead to a greater expectation that those companies already employ, or have the financial capability to employ, data analytics as part of their compliance programmes.

Given the similarity of the preventative procedures defence to the defence in s.7 of the Bribery Act, it is likely that guidance issued for that legislation will be helpful in determining what is expected for this new offence.  Companies can reasonably expect that fraud prevention procedures would need to be proportionate and demonstrate top level commitment.  The procedures will need to involve conducting due diligence on third parties and risk assessments.  Companies will need to have clear plans for communicating their procedures to employees and for providing related training.  There will also need to be plans in place for the monitoring and review of the procedures.  Importantly, as was made clear when the failure to prevent tax evasion offence was introduced, it will be important that these procedures are designed by reference to the new offence specifically, and not only as part of a broader overall compliance programme. 

What Actions can Companies take now?

The introduction of the failure to prevent fraud offence is likely to mark one of the most significant changes to economic crime enforcement in the UK since the introduction of the Bribery Act.  The new offence will mark a sea change in the way large companies structure their compliance procedures with respect to fraud.  At present, the vast majority of companies' fraud policies focus on the risk of a company losing money to fraud.  Such programmes will need to be updated to ensure they cover the risks of the company and its third parties defrauding others.  This will extend to all employees and agents, but potentially other third parties like payment processors, accountants and advertisers. 

The offence may come into law as soon as the final quarter of this year.  It will be up to companies to demonstrate they have the appropriate controls in place.  With this in mind, prudent larger companies may take this opportunity to begin to plan for the enactment of the Bill.  That preparation may involve mapping the company's fraud controls already in place, especially as they apply to third parties and third-party risk management.

RPC's White-Collar Crime and Compliance team has prepared a toolkit for companies to use to conduct such a mapping exercise and we would be happy to discuss the issues presented by the new offence and how best to prepare for it.