South Africa: Strengthening Compliance: Understanding The UK's Upcoming "Failure To Prevent Fraud" Offence

On 11 April 2023, the UK Government confirmed the inclusion of a new "failure to prevent fraud" in the Economic Crime and Corporate Transparency Bill (the "Bill") which is currently making its way through UK Parliament. The new offence is a substantial development in the UK legislative landscape, with the current wording providing for an unlimited fine for organisations which commit the offence. Given the extraterritorial reach of the legislation (as currently formulated), it will be important for all organisations, even those operating outside the UK, to ensure that their policies and internal controls are reviewed and updated as required.

Background and rationale for the "failure to prevent" offences

The failure to prevent fraud offence will join existing statutory strict liability offences in the UK such as the "failure to prevent bribery" offence contained in the Bribery Act, 2010 and the "failure to prevent facilitation of tax evasion" in the Criminal Finances Act, 2017. These "failure to prevent" offences have been introduced to side-step the issues experienced in holding corporate bodies liable, as the prosecution is relieved of the burden of proving that individuals suspected of being involved in the commission of the relevant offence represent the "directing mind and will" of the organisation.

For example, in the context of the failure to prevent bribery offence, it is sufficient for the prosecution to prove that an associated person (such as an employee) has committed an offence of bribery. Thereafter, to avoid liability, the onus is on the organisation to prove, on a balance of probabilities, that it had in place "adequate procedures" to prevent bribery. The introduction of the failure to prevent bribery offence has made it critical for organisations to implement a compliance programme inclusive of "adequate procedures", the purpose of which being to assist in laying the groundwork for a defence in the event that a bribery offence is committed by one of its employees (or other associated persons). The position will be the same following the introduction of the failure to prevent fraud offence.

The scope of the failure to prevent fraud offence

The current wording of the failure to prevent fraud offence differs from the failure to prevent bribery offence insofar as its application is limited to "large organisations", being organisations that meet any two of three threshold requirements, as follows:

• Turnover of more than GBP36-million;
• Balance sheet total of more than GBP18-million; or
• More than 250 employees.

The "fraud offences" to which the offence applies are extensive and include, amongst others, false statements by company directors, false accounting, fraud by false representation and others.

Extra-territorial application

The new failure to prevent fraud offence will have extra-territorial application. How this extra-territoriality will be formulated is yet to be finalised, however, the UK Government's published factsheet indicates that the offence will apply where an employee commits fraud under UK law or targets UK victims, even if the relevant organisation is based overseas. This reflects a more expansive approach than the Bribery Act which requires that the relevant organisation is registered or carrying on business in the UK.

Statutory defence available: reasonable prevention procedures

The failure to prevent fraud offence is anticipated to have the same or an even greater impact than the failure to prevent bribery offence had when it was introduced around a decade ago. Similar to the Bribery Act, the current wording contained in the Bill includes a statutory defence available to organisations who can demonstrate that they have in place "reasonable prevention procedures", being procedures "designed to prevent persons associated with the body from committing fraud offences...".

The draft wording in the Bill requires the UK Government to publish guidance on the procedures that organisations can put in place to prevent associated persons from committing the relevant fraud offences. While still uncertain, it is likely that the guidance will follow a similar approach to that which is in place in respect of the Bribery Act and the Criminal Finances Act, namely the "six principles" approach. The six principles referred to are:

• risk assessment;
• proportionality of risk-based prevention procedures;
• top-level commitment;
• due diligence;
• communication (including training); and
• monitoring and review.

What steps can I take now?

The new failure to prevent fraud offence could be introduced as soon as this year. Large organisations would therefore be well advised to review their control environment early in anticipation of the introduction of the new offence.

The volume of corporate fraud incidents in South Africa has escalated to alarming levels in recent years. In order to manage the ever-evolving fraud risks optimally, it is recommended that organisations conduct a fraud risk assessment to ensure they have a good understanding of the fraud risks facing the organisation. Our advice is that all organisations should be assessing their fraud risks, even if they are not subject to UK legislation. The critical question that every organisation should be asking of itself is: do we have in place "reasonable prevention procedures" to prevent fraud?

Our Forensics team has valuable experience in assisting organisations to develop their processes and procedures to align with these "six principles".

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.