In recent days, the UK government unveiled long-awaited guidance for organizations affected by the “failure to prevent fraud” offense created by the Economic Crime and Corporate Transparency Act 2023 (ECCTA).
The “Failure to Prevent Fraud” Offense and the “Reasonable Procedures” Defence
As detailed in a prior Alston & Bird advisory, the “failure to prevent fraud” offense in many ways tracks the “failure to prevent bribery” offense created by Section 7 of the UK Bribery Act 2010 in that it penalizes organizations for fraud offenses committed by “associated persons” when the organization does not have reasonable fraud prevention procedures in place.
The “failure to prevent fraud” offense will come into force on September 1, 2025 and will only apply to large organizations, defined as those with at least two of the following: (1) annual turnover of more than £36 million; (2) balance sheet assets of more than £18 million; and (3) more than 250 employees. When a person associated with such an organization commits one of the “base fraud offenses” specified in the ECCTA and does so intending to benefit the organization (or its clients), in whole or in part, the organization can be prosecuted for failing to prevent the associated person’s base fraud offense. However, if the organization can demonstrate that when the offence was committed, it “had in place such prevention procedures as it was reasonable in all the circumstances to expect [it] to have in place,” it will have a defense in liability.
The Home Office’s November 2024 Guidance
On November 6, 2024, the UK’s Home Office issued “Guidance to Organisations on the Offence of Failure to Prevent Fraud,” which included 17 pages of guidance on “reasonable fraud prevention procedures,” structured according to the same six principles around which the UK’s Ministry of Justice built its 2012 guidance on adequate procedures for the prevention of bribery:
- Top level commitment.
- Risk assessment.
- Proportionate risk-based prevention procedures.
- Due diligence.
- Communication (including training).
- Monitoring and review.
The read-across between the now-familiar Bribery Act guidance and this new guidance on reasonable fraud prevention procedures may allow compliance teams to avoid completely restructuring their policies and procedures, but the potential sweep of the “failure to prevent fraud” offence inescapably will require thorough review and supplementation of those policies and procedures to ensure they will meet the “reasonableness” threshold.
In particular, an updated risk assessment is likely to be the key next step for those charged with readying their organizations for this new offense. The risk assessment should focus on the “fraud triangle” (opportunity, motivation, rationalization), and the Home Office’s guidance also suggests that organizations should consider risks arising in emergency situations as part of the risk assessment process.
Once the risk assessment has been completed, a fraud prevention plan should be created, taking into consideration the proportionate risk-based prevention procedures to be put in place. The Home Office’s guidance suggests that such procedures should be adapted to particular types of associated persons who may be acting on the organization’s behalf (employees, contractors, agents, etc.), and emphasizes that just because an organization is regulated under another regime that requires compliance measures around fraud does not mean that its existing procedures are sufficient to constitute reasonable fraud prevention measures for the purposes of the “failure to prevent fraud” offense.
Organizations that have implemented procedures to prevent bribery will be familiar with the due diligence, communication and training, and monitoring and review requirements in the Home Office’s guidance. One key difference relates to the prominence of whistleblowing requirements, which are mentioned in the Bribery Act guidance only briefly. The Home Office’s guidance is far more prescriptive in this regard and reflects the evolution of thinking in government and business on the implementation and oversight of whistleblowing procedures.
Other Offenses and Regimes
The Home Office’s guidance addresses the overlap between the “failure to prevent fraud” offense and the “failure to prevent the facilitation of tax evasion” offense introduced by the Criminal Finances Act 2017. Although the crime of cheating the public revenue is a base offense for both corporate crimes, the new “failure to prevent fraud” offense is concerned with preventing a fraud on the revenue that benefits the organization, whereas the “failure to prevent tax evasion” offense is concerned with preventing the organization’s associated persons from assisting others to cheat the public revenue. There is some minor overlap, but the two corporate offenses are distinct, and organizations should ensure that they have procedures in place to address both risks.
The Home Office’s guidance also addresses the overlap between auditing requirements under the Companies Act 2006 and the UK Corporate Governance Code (applicable to premium listed companies). In short, while both statutory audits and compliance with the Corporate Governance Code assist in developing reasonable fraud prevention measures, neither is enough on its own, and the processes set out in the Home Office’s guidance should be followed.
Finally, the Home Office’s guidance reminds organizations that only courts can decide what will constitute reasonable fraud prevention measures. Following the guidance will be an important factor in that determination, but it will not act as a safe harbor if organizations have not addressed risks specific to their businesses. Similarly, if it is appropriate for an organization to depart from the terms of the Home Office’s guidance in light of its risk assessment, that should not automatically mean that it does not have reasonable fraud prevention measures.
Looking Ahead
The “failure to prevent fraud” offense will be a significant new corporate enforcement tool that the agencies empowered to prosecute it, such as the Serious Fraud Office, appear keen to deploy. In recent weeks the director of the Serious Fraud Office predicted that corporate criminal resolutions “could really come back with a bit of a vengeance” due to the new offense, predicting an “uptick” in corporate criminal enforcement and warning that “[t]he publication of this guidance means that time is running short for corporations to get their house in order or face criminal investigation.”
Accordingly, between now and September 2025, large organizations will want to review relevant policies and procedures and work with their advisors to ensure that they can credibly demonstrate the existence of reasonable fraud prevention measures should the need arise.
You can subscribe to future advisories and other Alston & Bird publications by completing our publications subscription form.
If you have any questions, or would like additional information, please contact one of the attorneys with our White Collar, Government & Internal Investigations Team.