Guidance clarifies the implementation date, scope, and application of landmark new corporate offence, and provides suggestions for fraud-prevention procedures.
By Pamela Reddy, Clare Nida, Annie Birch, and Matthew Unsworth
On 6 November 2024, the UK Home Office published long-awaited statutory guidance on the new corporate offence of “failure to prevent fraud” (the Guidance).1 The failure to prevent fraud offence will come into force on 1 September 2025, after having been introduced last year by the Economic Crime and Corporate Transparency Act (ECCTA). It follows similar corporate “failure to prevent” offences in relation to bribery (under the Bribery Act 2010 (BA)) and the facilitation of tax evasion (under the Criminal Finances Act 2017 (CFA)). The Serious Fraud Office (SFO) has been calling for the introduction of a similar offence, specifically in relation to failure to prevent economic crime, for a number of years.
The offence is expected to make it easier for prosecutors to hold organisations accountable for fraud committed for their benefit and, as with the BA, is expected to drive a “major shift in corporate culture”. Along with the changes to the identification principle for corporate criminal liability introduced by ECCTA, it is anticipated that the number of successful corporate prosecutions will increase. The Guidance helpfully clarifies the scope and application of the new offence, as well as giving advice on what will constitute reasonable fraud-prevention procedures — and we set out our key takeaways below.
The Basics
Broadly speaking, an organisation will be liable for failure to prevent fraud if:
- One of its “associated persons”
- Commits a specified fraud offence
- Intending to benefit (directly or indirectly) the organisation.
The intention to benefit the organisation does not have to be the sole or even the dominant motivation for the fraud, i.e., the primary motivation may be to benefit the fraudster themselves. The Guidance does not specify a test for determining what constitutes the necessary intention, but from the examples provided, it appears that committing the base offence with the knowledge that this will indirectly benefit an organisation may be sufficient.
Only “large” organisations are in scope, namely those with any two of (i) more than 250 employees; (ii) more than £36 million turnover; and/or (iii) more than £18 million in total assets.2 However, in practice, smaller organisations are also likely to be required by large organisations to implement anti-fraud procedures to the extent that they can be considered the “associated person” of any large organisations. In addition, the Guidance states that if an employee of a subsidiary of a large organisation commits a fraud that is intended to benefit the subsidiary, the subsidiary may be prosecuted for failure to prevent fraud even though it does not itself fall within the large organisation scope.
An organisation will not be liable for failure to prevent fraud if it is itself the victim of the relevant base offence. However, the Guidance does not define what constitutes a “victim”, although it does state an organisation would not be a victim only because it suffered indirect harm as a result of the base offence (for instance, because revelation of the fraud damaged the organisation’s reputation).
The offence does not make directors or managers personally liable for failing to prevent fraud at their organisation because it is a corporate-only offence. However, the associated persons who committed the base fraud offence could also be prosecuted for that offence, as well as the corporate for failure to prevent fraud (although it is not a requirement that the associated person is convicted for an organisation to be liable).
It will be a defence for an organisation to demonstrate that it had reasonable fraud-prevention procedures in place at the time. The Guidance describes at a high level the types of measures that the government expects organisations to implement, underpinned by the same six key principles as the equivalent BA and CFA guidance (i.e., top level commitment; risk assessment; proportionate risk-based prevention procedures; due diligence; communication (including training); and monitoring and review). The level of fraud-prevention procedures considered reasonable will depend on an organisation’s risk profile and the scale and complexity of its activities.
Who Is an “Associated Person”?
The same (very broad) definition of “associated person” is used across all three failure to prevent offences: namely, any person who performs services for or on behalf of the relevant organisation. This captures officers, directors, employees, and agents, but can extend to other third parties, who may not even be under contract with the relevant organisation.3
The Guidance goes further than the equivalent BA or CFA guidance in giving examples of service providers that the government considers would generally not amount to associated persons. These include external lawyers, valuers, accountants, and engineers4 as well as companies within an organisation’s supply chain that are not providing services.
What Is Fraud?
Failure to prevent fraud will mean organisations can be held liable for a wide range of dishonest financial conduct. The specified offences in Schedule 13 of ECCTA go beyond straightforward fraud and include, for example, false accounting, fraudulent trading, and cheating the public revenue.5
The worked examples in the Guidance hint that certain forms of greenwashing (which could constitute fraud by false representation) may be a focus. This would complement other recent anti-greenwashing measures in the UK, such as the Financial Conduct Authority’s anti-greenwashing rule for authorised firms, which came into force at the end of May,6 and the Competition and Markets Authority’s 2022 investigation into claims made by certain fashion brands, which led to the publication of specific anti-greenwashing guidance for the fashion retail sector in September.7
Example #1
Staff at an investment fund provider prepare a brochure that promotes an investment in a “sustainable” timber company. In fact, the “sustainable” credentials are fabricated. Clients are deceived into placing funds with the firm to invest in the timber company. The staff who prepared the brochure have committed a base fraud offence (fraud by false representation) and the firm could be liable for failure to prevent fraud.8
Example #2
A company is permitted to discharge effluent into a river up to a specified limit under the terms of a permit from the Environment Agency. As a condition of this permit, the company must monitor and report its discharge levels. One month, the company exceeds the permitted limit but, to avoid paying a penalty, the head of the company’s technical department falsifies the discharge data. The head of the technical department has committed a base fraud offence (fraud by false representation) and the company could be liable for failure to prevent fraud.9
Jurisdictional Reach
The Guidance clarifies the territorial scope of the new offence, which is broad.
The Home Office’s impact assessment in November 202210 indicated that failure to prevent fraud would not have the same extra-territorial reach as failure to prevent bribery. The Guidance confirms that the new offence will only apply where there is a UK nexus, i.e.:
- One of the acts which was part of the base fraud offence took place in the UK; or
- The actual (not just intended) gain or loss occurred in the UK.
The Guidance, therefore, indicates that a fraud committed wholly outside the UK by a non-UK company could still be caught by the new offence provided there were UK victims, but a UK company will not commit an offence by virtue of fraud committed wholly abroad with no UK nexus or victims. In reality, this potentially has extremely wide jurisdiction if all it takes is a single victim to suffer loss in the UK; although, if this is the only UK nexus, this may not be sufficient for UK prosecutors to prove a public interest in prosecuting.
Example #3
A UK subsidy scheme is available in respect of appliances that meet minimum efficiency standards. A UK manufacturer sends its devices to an overseas laboratory for testing, and a manager of the laboratory falsifies data from the efficiency tests. As a consequence, the devices qualify for the subsidy scheme and the UK manufacturer benefits. Because there is an unfair gain to an organisation in the UK, this would amount to fraud under domestic law (fraud by false representation) and the laboratory could be liable for failure to prevent fraud.11
Example #4
A non-UK incorporated company is proposing to list on an overseas stock exchange. The CFO deliberately inflates the revenue and profit figures that are included in the offering memorandum. A single UK-based investor subscribes for shares in the company but, shortly after the IPO, the company’s share price collapses. Although the fraud (fraud by false representation) has been committed wholly overseas, because there is a UK victim, the company could still be liable for failure to prevent fraud (although UK prosecutors may not consider it to be in the public interest to prosecute the company).
Next Steps
Senior figures within the SFO have said that the new offence will significantly bolster the agency’s ability to prosecute serious fraud,12 and Director Nick Ephgrave is keen to use it to full effect.13 There have been similar comments from Director of Public Prosecutions, Stephen Parkinson. Notably, in its recent budget, the UK government pledged significant additional funding for both the SFO and Crown Prosecution Service.
Given prosecutors’ appetite to investigate and charge the new offence, organisations should take advantage of the (just over) nine-month transition period to:
- Conduct a risk assessment to identify where they may be vulnerable to associated persons committing fraud, with a particular focus on the three elements of the fraud triangle described in the Guidance: opportunity, motive, and rationalisation;
- Review any policies, guidance, and training materials that the organisation may already have in place in relation to other forms of economic crime (e.g., bribery or anti-money laundering) and update/supplement these materials with clear prohibitions on fraudulent behaviour of any kind;
- Review agreements with any agents, distributors, representatives, and other third-party intermediaries to ensure they contain appropriate contract terms in relation to fraud. Consider the organisation’s existing due diligence checks in relation to such parties (including internet searches, vetting tools, etc.) and whether they are sufficiently robust to identify previous allegations or suspicions of fraud against a third party; and
- Ensure that an effective whistleblowing facility is in place to facilitate the reporting of allegations or suspicions of fraud and other criminal conduct, and ensure that there is board-level oversight of whistleblowing (for example, consider appointing a “Whistleblowing Champion”);
Latham has extensive experience advising on uplifts to corporate compliance programmes across a wide range of sectors, as well as defending organisations in enforcement proceedings by all major UK regulators and prosecuting bodies. If you have questions about this blog post, please contact one of the authors or the Latham lawyer with whom you normally consult.
Comparison of UK “Failure to Prevent” Offences
- See: https://www.gov.uk/government/news/new-failure-to-prevent-fraud-guidance-published. ↩︎
- Assessed by reference to the financial year preceding the year of the base fraud offence. ↩︎
- Guidance, §2.3. ↩︎
- Ibid. ↩︎
- Cheating the public revenue is within the scope of both failure to prevent the facilitation of tax evasion and failure to prevent fraud. The Guidance notes (at §4.1) that where the base offence is cheating the public revenue, prosecutors may charge an organisation with either or both of the failure to prevent offences, provided that the evidential test has been met and it is in the public interest to do so. ↩︎
- See: https://www.fca.org.uk/news/press-releases/fca-confirms-anti-greenwashing-guidance-and-proposes-extending-sustainability-framework. ↩︎
- See: https://www.gov.uk/government/publications/complying-with-consumer-law-when-making-environmental-claims-in-the-fashion-retail-sector/complying-with-consumer-law-when-making-environmental-claims-in-the-fashion-retail-sector. ↩︎
- Guidance, §2.8. ↩︎
- Ibid. ↩︎
- See:https://assets.publishing.service.gov.uk/media/64355c1fcc99800013b89345/Impact_Assessment_for_Failure_to_Prevent_Fraud__Home_Office_.pdf. ↩︎
- Guidance, §2.5. ↩︎
- See: https://www.sfo.gov.uk/2023/09/04/sfo-chief-capability-officer-delivers-keynote-speech-at-2023-cambridge-symposium/. ↩︎
- See: https://www.sfo.gov.uk/2024/02/13/director-ephgrave-speech-at-rusi-13-february-2024/. ↩︎