Failure to Prevent Fraud – New Guidance Published

On 6 November 2024, the UK government published new guidance on the corporate criminal offence of “failure to prevent fraud”.

This offence, which is part of the Economic Crime and Corporate Transparency Act 2023 (“ECCTA”), will hold large organisations accountable if they profit from fraud committed by an employee, agent, subsidiary, or other “associated person”. 

The offence is set out in sections 199-206 and Schedule 13 of ECCTA. 

The guidance has been developed with input from key stakeholders within government and relevant government agencies of the Crown Prosecution Service (CPS), Serious Fraud Office (SFO), HM Treasury, HMRC, Ministry of Justice, Cabinet Office, Attorney General’s Office and Financial Conduct Authority (FCA). 

The intention behind the creation of this offence is to encourage organisations to build an anti-fraud culture in a way similar to the way an anti-bribery culture has become a part of the corporate culture since anti-bribery legislation was introduced in the Bribery Act 2010.

In the event of prosecution for failure to prevent fraud, it will be a defence for an organisation to demonstrate to the court that it had reasonable fraud prevention measures in place at the time that the fraud was committed seeking to ensure that such events did not occur or they must be able to demonstrate to the court that it was not reasonable, in all the circumstances, to expect the organisation to have such prevention procedures in place.

Reasonable fraud prevention procedures are intended to be flexible and output-focused and include the following:

• top level commitment
• risk assessment
• proportionate risk-based prevention procedures
• due diligence
• communication (including training)
• monitoring and review

The offence applies to organisations incorporated or formed by any means and will also apply to partnerships. 

A large organisation is defined as one that meets two of the following criteria which are to be applied to the organisation’s financial year that precedes the year of the base fraud offence:

• more than 250 employees
• more than £36 million turnover
• more than £18 million in total assets

Small and medium sized businesses are therefore exempt, although the ECCTA includes a power for these requirements and thresholds to be modified or removed. 

It is important to note the criteria are to apply to the entire organisation, including any subsidiaries, and they apply regardless of where the organisation’s headquarters or the subsidiaries are located.

The full guidance can be found here and gives quite comprehensive suggestions for good practice  regarding implementation of each of the above principles but key points include:

• Liability: Organisations can be held criminally liable if fraud benefits them.
• Examples of Fraud: Dishonest sales practices, hiding information, and dishonest financial market practices.
• Defence: Organisations must show they had reasonable fraud prevention measures in place.
• Implementation Date: The offence takes effect on 1 September 2025.
• Objective: Encourage an anti-fraud culture similar to the impact of anti-bribery legislation.

The offence of failure to prevent fraud is punishable by prosecution and it will be for the relevant court to determine whether sufficient measures were in place to prevent the fraud from occurring in the circumstances. 

If convicted an organisation can expect to receive a fine.

This guidance aims to reduce fraud, which is a significant crime in the UK, and protect potential victims, including businesses.

Nick Ephgrave QPM, Director of the Serious Fraud Office (SFO), said “The publication of this guidance means that time is running short for corporations to get their house in order or face criminal investigation.”

Comment:

Colette Kelly, Partner, Regulatory and Criminal Group comments:

“The publication of this guidance at an early stage is welcome to enable organisations that will be caught by the new offence to ensure they have in place the appropriate procedures to seek to prevent the occurrence of the event.

“Whether the procedures are deemed to be sufficient will be a matter for the Court to establish, and until we start to see the outcome of prosecutions this is somewhat of a watching brief.  However, as the primary aim of the new offence is to place additional responsibility and accountability on large organisations, corporates should be undertaking reviews and audits of their policies and procedures to prevent fraud and indeed other misconduct.

"Any organisations requiring specific guidance in relation to their own procedures should contact us for further advice.”