ARTICLE
12 November 2024

Failure To Prevent Fraud Guidance Published – What Do Businesses Need To Do Now?

TS
Travers Smith LLP

Contributor

It’s not just law at Travers Smith. Our clients’ business is our business. Independent and bound only by our clients’ ambitions, we are wherever they need us to be. We focus on key areas of work where we are genuinely market leading. If it’s hard – ask Travers Smith.
The Failure to Prevent Fraud (FTPF) Offence under the ECCTA 2023 holds large UK businesses accountable for fraud by associates, effective from September 2025. To avoid liability, organisations must implement "reasonable procedures" based on new government guidance.
United Kingdom Criminal Law

As part of the Economic Crime and Corporate Transparency Act 2023 (the " ECCTA"), which was granted Royal Assent on 26 October 2023, a new 'failure to prevent fraud' offence was introduced in the UK (the "FTPF Offence"). The FTPF Offence is modelled on similar existing offences for 'failure to prevent bribery' and 'failure to prevent the facilitation of tax evasion'. The FTPF Offence is intended to hold certain corporate entities criminally liable for fraud committed by their associates (unless they have reasonable procedures in place to prevent fraud). The FTPF Offence takes effect 9 months after the government publishing guidance in relation to the same.

Since the Government initially announced the FTPF Offence, the question of what 'reasonable procedures' from a fraud prevention perspective should look like has been at the forefront of many corporate agendas. On 6 November 2024, the Government published its guidance on the FTPF Offence (the "Guidance"), which sets some of the recommended procedures that organisations can put in place in order to prevent fraud arising on the part of the business and its associates and, importantly, to help avail themselves of a defence where a FTPF Offence does arise. In this briefing we discuss the background to the FTPF Offence, along with the procedures set out in the Guidance to help in-scope organisations comply with their new obligations. With the publication of the Guidance in effect starting the clock on the FTPF Offence taking effect in September 2025, we recommend affected businesses take action sooner rather than later.

  • BACKGROUND TO THE FTPF OFFENCE
  • THE FTPF OFFENCE
  • WHAT 'REASONABLE PROCEDURES' ARE REQUIRED TO ENGAGE THE DEFENCE?
  • EXISTING PROCEDURES
  • PROSECUTIONS AND PENALTIES
  • CONCLUSION

BACKGROUND TO THE FTPF OFFENCE

Back in 2022, the government at the time undertook an assessment of corporate criminal liability in the UK, following which it asked the Law Commission to carry out a review of the relevant law and to present a set of options for reform. The assessment was set against a backdrop of growing concern that the UK was falling behind globally in adequately holding corporate entities – especially large companies – to account for economic crimes, including fraud.

In 2022, the Justice Committee report on 'Fraud and the Justice System' noted that of the estimated 4.6 million fraud offences committed each year, only around 7,000 defendants were prosecuted by the CPS. The figures for corporate entities where much smaller, with the Serious Fraud Office ("SFO") only prosecuting 11 companies in the ten-year period from January 2010 to September 2020.

The Law Commission published its options paper on 10 June 2022, where it proposed that the government (amongst other things) introduce a new 'failure to prevent fraud' economic crime offence designed to widen the scope for effective corporate criminal liability in the UK.

As set out above, the FTPF Offence was enshrined into law the following year through the introduction of the ECCTA. Organisations have a full defence to the FTPF Offence if they can demonstrate that they have "reasonable procedures in place to prevent fraud, or if they can demonstrate to the satisfaction of the court that it was not reasonable in all the circumstances to expect the organisation to have any prevention procedures in place".

ECCTA stipulates that the FTPF Offence will not take effect until nine months after guidance on what represents reasonable fraud prevention procedures was published. Unfortunately a little confusion on the precise timing of this has arisen:

  • The Home Office website states that the FTPF Offence will come into effect on1 September 2025(i.e. the start of the next full month following the nine-month implementation period).
  • However, we note that the Guidance itself states that the FTPF Offence will come into effect nine months after the publication of the Guidance, which would in fact be 6 August 2025.

We anticipate that this discrepancy will be clarified by the Government in due course, however for now it would be prudent for in-scope companies to ensure that they implement and/or improve their procedures in this area by the earlier date.

THE FTPF OFFENCE

2.1What is it and who is in scope?

The FTPF Offence is set out in sections 199 to 206 of the ECCTA. The FTPF Offence can be made out in one of two ways:

  1. "Large organisations" are liable under the FTPF Offence if they fail to prevent an associated person from committing a specified fraud offence, where the fraud was intended to benefit (either directly or indirectly): (i) that entity, or (ii) any person to whom, or to whose subsidiary undertaking, the associated person provides services on behalf of; or
  2. The subsidiary of a large organisation, which is not itself a large organisation, can also be held liable if it fails to prevent fraud committed by an employee of the subsidiary where the fraud was intended to benefit the subsidiary.

"Large organisations" are defined in section 201 to the ECCTA as an organisation that meets at least two of the following criteria (in the financial year of the organisation that precedes the year of the fraud offence):

  • More than £36 million turnover;
  • More than £18 million in total assets; or
  • More than 250 employees.

These criteria apply to the whole organisation, including subsidiaries, and turnover includes the turnover of a parent company's subsidiary undertakings.

These or similar thresholds will be (somewhat) familiar to persons dealing with the recent influx of ESG-related legislation (in the UK and elsewhere) seeking to impose additional obligations on larger entities to report, or take actions relating to, various environmental, social or financial ethics related risks/impacts.

While the FTPF Offence is a "strict liability" offence (i.e., the prosecution does not need to prove any awareness, intention or knowledge on the part of the entity involved), there is a full defence if the relevant organisation can show that, at the time the Base Fraud Offence was committed, it either (i) "had in place such prevention procedures as it was reasonable in all the circumstances to expect the body to have in place"or (ii) "it was not reasonable in all the circumstances to expect the body to have any prevention procedures in place".

It is anticipated that the latter defence will be a harder test in many cases to satisfy – however, this could potentially be relied on by a parent company, for example, if the organisation's structure is such that the parent company cannot realistically establish fraud controls within the subsidiary. We also note that an entity will not commit an FTPF Offence if the body itself was, or was intended to be, the victim of the fraud offence.

For England and Wales, the specified fraud offences included under the FTPF Offence are listed in Schedule 13 to the ECCTA, and include:

  • False accounting (section 17 of the Theft Act),
  • False statements by company directors (section 19 of the Theft Act),
  • Fraudulent trading (section 993 of the Companies Act 2006),
  • Fraud by false representation (section 1 and 2 of the Fraud Act 2006),
  • Fraud by failing to disclose information (section 1 and 3 of the Fraud Act 2006),
  • Fraud by abuse of position (section 1 and 4 of the Fraud Act 2006),
  • Participating in fraudulent business carried on by sole trader (section 9 of the Fraud Act 2006),
  • Obtaining services dishonestly (section 11 of the Fraud Act 2006), and
  • Cheating the public revenue.

(together, the "Base Fraud Offence"). The list of Base Fraud Offences is slightly different in Scotland and Northern Ireland (due to how laws have been implemented in these jurisdictions).

Importantly, aiding, abetting, counselling, or procuring the commission of any of the above listed primary offences would also qualify as a relevant offence (see section 199(6)(b)).

Territoriality

The FTPF Offence does not only apply to UK businesses but has extraterritoriality (i.e. applies outside of the UK) and applies wherever an associated person of a large organisation (wherever incorporated) commits a Base Fraud Offence which is triable under UK law.

  • For example, if a UK-based employee of a large organisation incorporated overseas, commits a Base Fraud Offence (e.g. by committing relevant acts while on UK territory) – then that large organisation could still be prosecuted for an FTPF Offence.
  • Equally, if an associated person of a UK business commits a Base Fraud Offence outside of the UK, but there is a UK nexus (e.g. targeting UK victims) – then that organisation can also be prosecuted.

2.2Who commits the fraud and who benefits?

The Base Fraud Offence is committed by an "associated person", who can be an employee, agent, or any other person providing services for or on behalf of the organisation (while they are providing those services).

"Providing services" does not include providing goods, nor does it apply where someone is providing services to the relevant body (rather than for or on their behalf) (e.g. external lawyers, accountants etc).

Example 1

To view the full article please click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More