Failure to Prevent Fraud – Are You Ready?

New Corporate Criminal Offence

On 1 September a new corporate offence of failure to prevent fraud under the Economic Crime and Corporate Transparency Act 2023 come into effect.

Under this offence, an organisation may be criminally liable where an employee, agent, subsidiary, or other ‘associated person’, commits a fraud intending to benefit the organisation and the organisation did not have reasonable fraud prevention procedures in place. It does not need to be demonstrated that the organisation’s senior managers or directors ordered or knew about the fraud. 

The onus will be on the relevant organisation to prove that it had reasonable prevention procedures in place (or that it was unreasonable to expect it to have such procedures).

The offence applies to large (under the definition set out in the Companies Act 2006), incorporated bodies and partnerships across all sectors. These criteria apply to the whole organisation, including subsidiaries, regardless of where the organisation is headquartered or where its subsidiaries are located.  A subsidiary of a large organisation, which is not itself a large organisation, can be prosecuted rather than the parent organisation if an employee of the subsidiary commits a fraud intending to benefit the subsidiary.

What Constitutes a Fraud?

Examples of fraud under the Act include:

• False representation 

• Failing to disclose information

• Abuse of position

• Participation in a fraudulent business

• Obtaining services dishonestly 

• Cheating the public revenue 

• False accounting 

• False statements by company directors 

• Fraudulent trading 
   

Intent to benefit the relevant body is to be judged at the time the fraud is committed. It would not be relevant, for example, that the organisation would be required by regulation to reimburse the proceeds of the fraud were it to be discovered, and therefore might not actually benefit from the fraud in the long run.
 

The intention to benefit the organisation does not have to be the sole or dominant motivation for the fraud. The offence can apply where a fraudster’s primary motivation was to benefit themselves, but where their actions will also benefit the organisation. The same applies if the intention was to benefit the client to whom the associated person provides services for or on behalf of the relevant organisation.

Reasonable Fraud Prevention Procedures

Relevant organisations will have a defence if they have reasonable procedures in place to prevent fraud. The fraud prevention framework put in place should be based on the following six principles:

• Top level commitment

• Risk assessment

• Proportionate risk-based prevention procedures

• Due diligence

• Communication (including training)

• Monitoring and review

Risk factors to consider may include the following:

• Do you undertake pre-employment and vetting checks?

• Do those in high-risk roles receive regular anti-fraud training?

• Do you assess emerging risks systematically?

• if new services or associated persons present a potential fraud-risk, is a fraud impact assessment made?

• Are fraud risks managed equally well throughout the procurement process (

• Do contracts include appropriate terms for associated persons

• Do you use best practice with regard to financial reporting, for example, segregation of duties, reconciliation of accounts, suitable sign-off arrangements?

• Have any internal or external audits raised any fraud concerns that have not been acted upon?

• Do you have procedures for avoiding conflicts of interest?

• What are the arrangements for limiting access to sensitive or commercial data?

• What is best practice on reducing fraud risks in your sector? 

   

For more information, please refer to government guidance here.