On October 26 2023, the Economic Crime and Corporate Transparency Act 2023 received Royal Assent.
The act encompasses a wide range of reforms, including changes to Companies House and increased powers for the Serious Fraud Office and National Crime Agency to combat economic crime.
The introduction of the 'failure to prevent fraud' offence and the extension of corporate liability for economic crimes means the act represents the biggest legislative shake up in the economic crime arena since the Proceeds of Crime Act in 2002.
The failure to prevent fraud offence operates as follows: a large organisation – that is, companies or partnerships that satisfy two of the following conditions: turnover of £36mn+; balance sheet of £18mn+; or 250+ employees – will be guilty of the offence if an employee or third party acting on its behalf commits fraud intending to benefit the organisation.
The definition of fraud is broad, encompassing offences such as greenwashing or false accounting, but excludes instances where the organisation is the victim.
Organisations have a complete defence to this offence if they can demonstrate they had reasonable fraud prevention procedures in place, or that it was reasonable for it not to have any procedures.
This article focuses on two key aspects: what constitutes reasonable fraud prevention procedures and how the extension of corporate liability for economic crimes will be implemented.
Reasonable fraud preventative procedures
Guidance on the procedures organisations can put in place to prevent fraud is expected to be issued by the government in early in 2024, meaning the failure to prevent fraud offence is likely to come into force in mid-2024.
Organisations seeking to get ahead can review the guidance for the existing failure to prevent bribery and tax evasion facilitation offences.
Despite slight differences in the wording of the two offences, the government’s guidance documents on establishing adequate anti-bribery procedures and reasonable tax evasion facilitation prevention procedures are based on the same six principles.
It is therefore probable that the failure to prevent fraud guidance will focus on similar principles.
The starting point is an assessment of the fraud risk. In cases where the risk is extremely low and the costs of implementing procedures are disproportionate, it may be reasonable for an organisation to have no fraud prevention procedures.
However, it is still recommended to conduct an annual risk assessment to support that assessment. All other large organisations will require fraud prevention procedures to defend a failure to prevent fraud charge.
These procedures should be proportionate and tailored to effectively manage the identified risks and may include written anti-fraud policies, training programmes, financial controls, due diligence on associated persons, contractual provisions, audits, internal reviews, and a clear tone from top management.
Organisations will find that implementing reasonable fraud prevention procedures provides benefits beyond the defence to the failure to prevent offence.
