Revealed at last: The government publishes its proposals for a new failure to prevent fraud offence
The government has published long-awaited proposals (the “Proposals”) which would introduce a new corporate offence of failing to prevent fraud. The Proposals are made in amendments to the Economic Crime and Corporate Transparency Bill, currently at Committee stage in the House of Lords, and fulfil the assurance given to the House of Commons in January by the Security Minister, Tom Tugendhat MP, that the Government intended to “address the need for a ‘failure to prevent’ offence”.
The government’s strategic objective is primarily to reduce fraud, which currently accounts for 41% of all criminal activity (according to Andrew Penhale, Chief Crown Prosecutor for the CPS) and the Proposals have been welcomed by Lisa Osofsky, Director of the Serious Fraud Office, as “a game changer for law enforcement”. However, just as important to the government will be its objectives of building an anti-fraud culture within organisations generally, deterring wrongdoing and driving change in corporate ethos.
Key elements of the offence
Under the Proposals, which will operate similarly to the equivalent offence under section 7 of the Bribery Act 2010 (“BA”), a relevant body will be criminally liable where a person associated with it commits a fraud and the organisation did not have reasonable procedures in place to prevent the fraud. The associated person must have committed the fraud intending to benefit the organisation or any person to whom the associate provides services on behalf of the organisation, whether directly or indirectly. The offence is effectively one of strict liability for the organisation; prosecutors will not need to show that the organisation’s leaders authorised or had knowledge of the fraud. In this way the Proposals address some of the obstacles to the criminal prosecution of larger companies posed by the “identification principle”, which requires that individuals constituting the organisation’s “directing mind and will” be involved in the wrongdoing in order for the company itself be held liable, and which is considered to have hampered the successful prosecution of companies in the past.
If convicted, the organisation is liable to an unlimited fine. However, an organisation will not be guilty if it was itself the intended victim of the fraud.
The new offence will only apply to “relevant bodies”. These are set out in the Proposals as being “large organisations” operating in any sector, including commercial businesses, charities, NGOs and public bodies, that satisfy at least two of the following requirements in the financial year preceding the year of the fraud offence:
- Turnover of more than £36 million
- A balance sheet total (so total assets) of more than £18 million
- An average of more than 250 employees
Small and medium sized businesses (“SMEs”) would therefore be exempt from the legislation (unlike under the BA, which applies to commercial organisations regardless of size). The government has given no indication as to why they should be excluded at this stage but since the Proposals include a power for these requirements to be modified, including by removing the word “large” from the definition, the offence could potentially be extended to cover all organisations at some point in the future. In the meantime, the government clearly hopes that some SMEs may adopt enhanced procedures regardless of obligation, noting in its Impact Assessment (at paragraph 67) that: “The exclusion of small and medium-business will reduce the possible benefits and the potential for cultural change. However, it is possible that small and medium-businesses may adopt some of these practices resulting in spill-over benefits.”
The offence will apply to companies and partnerships wherever incorporated or formed. In this regard, the proposed legislation does not state that the organisation must carry on a business or part of a business in the UK (again, in contrast to the provisions of the BA). Since the Proposals are silent on the jurisdictional requirements for the underlying fraud offence, it is to be assumed that they will follow the jurisdictional requirements of the offences in question (which, for most of the in-scope fraud offences, is that a ‘relevant event’ occurred in England & Wales). For offences under sections 1 to 4 of the Fraud Act (fraud by false representation, fraud by failing disclose information and fraud by abuse of position), it will be enough that the intended gain or loss occurred in England & Wales.
The Proposals will enable relevant organisations to be held criminally liable for failing to prevent fraud being committed by persons associated with that organisation (the “associate”). Employees, agents and subsidiaries are automatically deemed to be associates. Other persons (individuals and corporates) that perform services for or on behalf of the organisation will also be associates.
In-scope offences – a “fraud”
A schedule to the Proposals lists the in-scope fraud offences. These currently comprise a set of core common law and statutory fraud offences:
- cheating the public revenue
- fraud, obtaining services dishonestly and other specific offences under the Fraud Act
- false accounting and false statements by company directors under the Theft Act 1968
- fraudulent trading under the Companies Act 2006
- relevant Scottish and Northern Irish equivalent offences.
However, the list may be amended at any time by the Secretary of State, including by adding additional dishonesty offences or money laundering offences under the Proceeds of Crime Act 2002.
The “reasonable procedures” defence
It will be a defence for the organisation to show that, at the time of the fraud, it had “reasonable procedures” in place to prevent fraud or that it was not reasonable in the circumstances to expect such procedures to be in place. This mirrors the approach taken for the existing corporate failure to prevent offences (failing to prevent bribery under the BA and failing to prevent the facilitation of tax evasion under the Criminal Finances Act 2017 (“CFA”)). Interestingly, the government’s impact assessment accompanying the Proposals states that the requirement for “reasonable procedures” (as used in the CFA) will place a lesser burden on organisations than requiring “adequate procedures”, as under the BA.
In any event, the government will be obliged to publish guidance on what “reasonable procedures” in the context of preventing fraud may be and it is likely that they will follow those already published for the existing failure to prevent offences. We would therefore expect to see a focus on principles such as:
- Proportionality of prevention measures
- Top-level commitment
- Risk assessment
- Due diligence
- Communication and training
- Monitoring and review
However, there is also likely to be increased emphasis on accounting and auditing provisions.
There is currently no indication as to when it might be reasonable for a large organisation not to have procedures in place. The guidance provided in relation to the offence of failing to prevent tax evasion notes that, where a relevant body has fully assessed all the risks and they are considered to be extremely low and the costs of implementing any prevention procedures are disproportionate or cost-prohibitive in relation to the negligible risks faced, it may be reasonable not to expect that body to have prevention measures in place. However, it will rarely be reasonable to have not even conducted a risk assessment. In any event, it is unlikely ever to be advisable for an organisation subject to the legislation to rely on this argument, should a fraud have occurred.
The wider aims of the new offence
While the Impact Assessment notes (at paragraph 70) that the proposed offence is likely to lead to more fraud prosecutions, “a significant increase … is not expected”. In any event, the Proposals have wider aims beyond that of simply increasing enforcement. The government hopes that by putting organisations front and centre of the fight against fraud, it will incentivise them to implement improved fraud prevention measures, raising awareness and deterring fraudulent conduct, and ultimately lead to a shift in corporate culture generally. This, effectively, has been a major outcome of the BA, which is widely credited with tightening up procedures and corporate compliance despite there having been very few prosecutions, or even investigations, under its provisions. Where enforcement has taken place, proceedings have mostly been resolved by way of deferred prosecution agreement rather than trial. It is likely that enforcement under the Proposals could follow the same course – indeed the Impact Statement notes (at paragraph 99) that “… we do not expect many proceedings for the introduction of the failure to prevent fraud offence. Instead, it is more likely cases would result in a DPA …”
The Proposals will be discussed in the House of Lords over the forthcoming weeks and may be subject to amendment or refinement. The Bill will then return to the Commons for further consideration before finally receiving Royal Assent. It is expected that the measures will be implemented within a year thereafter, so perhaps by Q3 or Q4 2024. Note that guidance about reasonable procedures must be published before the new offence can come into force.
What should organisations do to prepare?
Many large commercial organisations will already have policies in place to prevent fraud by their employees, particularly where they operate in the regulated sector. However, the proposed offence will extend organisations’ obligations beyond employees to agents, subsidiaries and those performing services for or on the organisation’s behalf. Businesses will need to review their existing policies in the light of these new obligations and ensure that all relevant associated persons are in scope. The envisaged guidance will provide additional direction as to what will be required to establish the reasonable procedures defence, should that ever become necessary.
Where an organisation currently maintains no specific policies relating to fraud, a more detailed review of existing compliance policies will need to be undertaken and, where necessary, new and additional procedures put in place.
In all cases, effective operation of the policies, through appropriate risk evaluation, training, communication and on-going monitoring will be required.
The government’s press release on the proposed offence is available here.
The full text of the proposed offence is on pages 19-26 of this amendment paper.