What is the offence?
This new corporate criminal offence of failing to prevent fraud, punishable by unlimited fine, will come into force next year (on a date to be confirmed). In preparation for the new offence, organisations that are within scope should ensure that they have reasonable procedures in place to prevent fraud, which provide them with a potential defence to criminal liability. Broadly speaking, an organisation that does not have reasonable procedures in place will commit the offence even if its management team was unaware of the fraud. The offence sits alongside changes to criminal liability for certain economic crimes, which are due to come into force on 26 December 2023.
In the context of the failure to prevent offence, “fraud” is defined with reference to acts that would constitute a number of specified fraud offences, and also includes aiding, abetting, counselling or procuring the commission of such offences.
Who will the offence apply to?
Relevant bodies: The offence principally applies to “relevant bodies” if they are “large organisations” (RBLOs). “Relevant bodies” include all bodies corporate and partnerships, wherever they were incorporated or formed.“Large organisations” are entities that meet two out of three criteria in the financial year of the organisation that precedes the year of the fraud offence. Broadly, the criteria are (a) a turnover of more than £36 million, (b) a balance sheet total of more than £18 million and/or (c) having more than 250 employees.
Parent undertakings: There are separate qualifying criteria as large organisations for “parent undertakings”, where the figures for each group member are aggregated and the criteria are (a) aggregate turnover of more than £36m net (or £42m gross), (b) an aggregate balance sheet total of more than £18m net (or £21.6m gross) and/or (c) more than 250 employees in aggregate. The Act uses the definitions of parent and subsidiary undertakings in the Companies Act 2006, with the parent and its subsidiary undertakings being defined as the group.
Associates: An RBLO is guilty of the offence if in a financial year a person associated (“associate”) with the RBLO commits a fraud offence that is intended to benefit the RBLO or is intended to benefit any person/undertaking (or their subsidiary undertaking) to whom the associate provides services on behalf of the RBLO. The benefit can be direct or indirect. Employees, agents and subsidiaries of the relevant body are all classed as associates, as are persons that otherwise perform services for or on behalf of the relevant body. Employees of subsidiaries of the relevant body may also be associates of the relevant body in some scenarios.
The accompanying Government factsheet states that “If an employee commits fraud under UK law, or targeting UK victims, their employer could be prosecuted, even if the organisation (and the employee) are based overseas”. The territorial scope is therefore broader than the scope of the UK Bribery Act (which is focused on organisations that carry on business in the UK).
The reasonable procedures defence
It is a defence if the relevant body is able to prove that at the time the fraud was committed, it had in place reasonable prevention procedures designed to prevent associated persons from committing fraud offences.
The Secretary of State is also required to issue guidance next year on procedures that relevant bodies can put in place to prevent persons associated with them from committing fraud offences.
Criminal liability for economic crimes – changes to the identification principle
Alongside the new offence, the Act also changes the law around when bodies corporate and partnerships will become liable for a broader range of economic crimes (which include the specified fraud offences, plus others such as money laundering offences as well as related offences such as conspiracy and aiding and abetting). Prior to the Act coming into force for those offences to be proved against a body corporate, the prosecution would need to establish that the “directing mind and will” of the organisation had the requisite knowledge of the offence. This made it easier for guilt to be established against small organisations with simple management structures than larger, more complex organisations; the Act is intended to make prosecution of larger organisations a simpler process.
For those listed offences, the Act provides an alternative test for establishing liability. Broadly speaking, this provides that if “a senior manager of a body corporate or partnership (“the organisation”) acting within the actual or apparent scope of their authority commits a relevant offence after this section comes into force, the organisation is also guilty of the offence”.
A “senior manager” is defined as an individual who plays a significant role in—
- The making of decisions about how the whole or a substantial part of the activities of the body corporate or partnership are to be managed or organised
- The actual managing or organising of the whole or a substantial part of those activities
The principle applies to all organisations, regardless of their turnover/size and there is no “prevention procedures” defence.
The failure to prevent offence will be brought into force at some point next year after statutory guidance on prevention procedures has been published by the Government (which is currently expected in the Spring).
Organisations that are within scope will need to consider their fraud prevention and detection policies and procedures afresh against an assessment of their risks. They should also review their approach fully against the Government guidance when it is published. There will no doubt need to be on-going review which will likely require consideration of how procedures interact, for example to ensure that purchasing, accounting, whistleblowing, conflict of interest, anti-bribery and money laundering procedures and training are aligned with the provisions in the Act, as well as the practicalities of ensuring that relevant controls are in place and tested. Visible support from senior management will also help to embed compliance within institutions and any subsidiaries or other “associates”.
The change to the identification principle takes effect on 26 December 2023. Many of the issues to consider are similar to those arising from the failure to prevent offence, but might place a particular focus on identifying an organisation’s “senior managers” and ensuring that appropriate training and controls are in place and kept under review.
Our regulatory teams are available to assist, both in relation to compliance and in the event that an investigation is required.
Our content explained
Every piece of content we create is correct on the date it’s published but please don’t rely on it as legal advice. If you’d like to speak to us about your own legal requirements, please contact one of our expert lawyers.