The UK government has tabled an amendment to the Economic Crime and Corporate Transparency Bill so as to introduce a "failure to prevent" fraud offence. Details in the amended bill provide the greatest clarity to date of the long-contemplated failure to prevent offence. This is a significant development in the UK criminal law landscape and will require organisations to update their compliance policies to prepare for the implementation of the legislation.
In this article, we analyse the expected impact of the failure to prevent offence in the context of the UK's ongoing fight against fraud, the most common crime committed in the UK, and what steps organisations should be taking to prepare for the new offence. This will be of particular interest to large organisations which are the explicit targets of the offence.
Elements of the offence
The failure to prevent fraud offence will apply to companies and partnerships that meet two or more of the following conditions:
- a turnover of more than £36 million;
- a balance sheet total of more than £18 million;
- more than 250 employees.
Under the new offence, such organisations ("Relevant Bodies") will commit an offence if a person associated with the Relevant Body, i.e. an employee, agent, subsidiary, or a person who otherwise performs services for or on behalf of the body (an "Associate"), commits one or more prescribed fraud offences, with the intention to benefit the Relevant Body or any person to whom, or to whose subsidiary, the Associate provides services on behalf of the Relevant Body. The scope of the definition of Associate is notably broad. For example, the current drafting appears to capture the acts of a subsidiary of a Relevant Body even if that subsidiary is not performing services on behalf of the Relevant Body.
A Relevant Body will not be guilty of an offence if it was, or was intended to be, a victim of the fraud offence. This carve-out will be welcomed by organisations given how common it is for employees to commit fraud against their employer for personal gain.
The prescribed fraud offences are as follows1:
- fraud by false representation under section 2 of the Fraud Act 2006;
- fraud by failing to disclose information under section 3 of the Fraud Act 2006;
- fraud by abuse of position under section 4 of the Fraud Act 2006;
- obtaining services dishonestly under section 11 of the Fraud Act 2006;
- participation in a fraudulent business under section 9 of the Fraud Act 2006;
- false accounting under section 17 of the Theft Act 1968;
- false statements by company directors under section 19 of the Theft Act 1968;
- fraudulent trading under section 993 of the Companies Act 2006;
- the common law offence of cheating the public revenue; and
- aiding, abetting, counselling, or procuring the commission of one of the above offences.
The government factsheet2 on the offence makes it clear that the offence is intended to be extraterritorial in scope, stating that if "an employee commits fraud under UK law, or targeting UK victims, their employer could be prosecuted, even if the organisation (and the employee) are based overseas".
What steps should organisations take now?
It will be a defence for a Relevant Body to prove that, at the time the fraud offence was committed, it either had in place such prevention procedures as it was reasonable in all the circumstances to expect it to have in place, or it was not reasonable in all the circumstances to expect it to have any prevention procedures in place. Prevention procedures are those designed to prevent persons associated with a Relevant Body from committing the prescribed fraud offences. It is therefore important that organisations take steps to assess whether their existing fraud policies and procedures are adequate.
The government will publish guidance (the "Fraud Guidance") setting out what it considers to amount to reasonable prevention procedures. Equivalent guidance on the failure to prevent bribery offence3 (as to what constitutes "adequate procedures") and the failure to prevent facilitation of tax evasion offence4 (as to what constitutes "reasonable" prevention procedures) revolves around six key principles, namely proportionality, top-level commitment, risk assessment, due diligence, communication (including training), and monitoring and review. We anticipate that the Fraud Guidance may revolve around these same principles, and it is within this framework that organisations should assess their fraud systems and controls.
The challenge for organisations in the context of the failure to prevent fraud offence, given the number of underlying fraud offences which engage the offence (in addition to aiding, abetting, etc.), the broad definition of Associate, and the extraterritorial scope of the offence, will be to implement procedures which adequately address the various fraud risks faced by the organisation, and which are tailored to the organisation's particular activities. For this reason, policies and procedures based on a comprehensive and regularly updated risk assessment will be key.
This will be the third failure to prevent offence provided for under the law of England and Wales, following the introduction of the failure to prevent bribery offence under the Bribery Act 2010 and the failure to prevent facilitation of tax evasion offence under the Criminal Finances Act 2017.
One of the perceived benefits of failure to prevent offences for prosecutors is the ability to bypass the difficulties associated with the identification doctrine, which is the main means by which liability for offences requiring proof of fault is attributed to organisations, absent a special rule of attribution. Under the identification principle, a corporation will usually only be liable for criminal conduct by one or more natural persons representing its "directing mind and will". This is normally limited to company directors and senior managers, with recent case law restricting this further to individuals to whom full responsibility and autonomy for the relevant function has been delegated. The Director of the Serious Fraud Office, Lisa Osofsky, has previously described the doctrine as "antiquated" and "a standard from the 1800s, when mom and pop ran companies [which is] not at all reflective of today's world".
It will be interesting to observe what impact the new failure to prevent fraud offence will have on the prosecution of fraud in the UK. Osofsky's reported view is that the offence has the "potential to transform" the prosecution of fraud, and certainly it is true that the new offence will be a useful tool for prosecutors in holding organisations to account for failing to prevent fraudulent conduct. As has been demonstrated by the failure to prevent bribery offence, the combination of the failure to prevent model and the availability of deferred prosecution agreements ("DPAs") has the ability to generate corporate settlements in lieu of prosecution. It may be the case that the failure to prevent fraud offence leads to an even greater number of DPAs being entered into by corporates, rather than successful prosecutions, in light of the additional powers it provides prosecutors to hold corporates criminally liable for fraudulent conduct.
The failure to prevent fraud offence may also result in greater enforcement in respect of false statements made by company directors, which are criminalised under section 19 of the Theft Act 1968. The inclusion of this by the government in the list of offences which engage the failure to prevent fraud offence is interesting, given that it was not one of the offences recommended for inclusion by the Law Commission5. Although such conduct has frequently been the subject of regulatory enforcement action, there has been a notable lack of criminal enforcement under section 19, and there has also been a failure in recent years to implement proposed legislation on audit reform and directors' liabilities. The government's decision to include section 19 of the Theft Act 1968 within the scope of the failure to prevent fraud offence may therefore represent an attempt to enable more effective enforcement in respect of such conduct, although, as noted above, such enforcement may result in further DPAs, rather than criminal convictions.
Directors and senior managers will be comforted by the fact that the draft legislation does not make any provision for individual criminal liability linked to the failure to prevent fraud offence, such as a "consent and connivance"offence. It will be interesting to see if individual criminal liability will be connected to the new corporate offence in the final legislation, although this is not currently the case for the failure to prevent bribery or failure to prevent facilitation of tax evasion offence.
1. The Secretary of State may add or remove offences from the above list via secondary legislation; however, only economic crimes may be added
5. Law Commission, Corporate Criminal Liability: an options paper (2022), paragraph 8.101.
Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Morrison & Foerster LLP. All rights reserved