Failure to Prevent
The UK Bribery Act 2010 introduced the ‘failure to prevent’ approach to corporate criminal liability. The Criminal Finances Act 2017 also contains ‘failure to prevent the facilitation of tax evasion’ offences.
Now, the Economic Crime and Corporate Transparency Bill ('the Bill') is at an advanced stage of the legislative process, introducing the risk of prosecution for non-compliant 'large organisations' whose employees or agents commit fraud.
A large organisation is an organisation which satisfies two or more of the following conditions in the financial year preceding the year of the offence: (i) more than 250 employees: (ii) more than £36 million turnover; and / or (iii) assets of more than £18 million.
The Bill could receive Royal Assent before the end of 2023.
A large organisation which fails to prevent fraud by an associated person could be prosecuted in the criminal courts.
On 6 September 2023 the House of Commons (HoC) considered earlier amendments proposed by the House of Lords in July 2023. The HoC chose to:
When Royal Assent is granted and the Bill becomes an Act of Parliament, a large organisation could be strictly liable if:
The offence will also apply to a parent company where the parent entity and its subsidiaries meet, in aggregate, two or more of the large organisation criteria.
The government is expected to issue guidance on reasonable procedures, prior to the failure to prevent offence entering into force.
A large organisation could be liable where an employee (or agent) commits a specified offence for the organisation's benefit, where reasonable procedures are not in place to prevent involvement in a specified offence:
If an employee of a large organisation commits fraud under UK law, or targeting UK victims, their employer could be prosecuted, even if the organisation (and the employee) are based overseas.
Firms supervised by the Financial Conduct Authority ('FCA') are already subject to compliance with regulatory requirements set out in the FCA Handbook, which include: "A firm must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime." [SYSC 3.2.6]
A large organisation supervised by the FCA could be subject to regulatory intervention or enforcement activity if significant non-compliance is identified with a legal or regulatory requirement.
The failure to prevent fraud offence under criminal law will apply to all 'large organisations'. When passed, the new Act will:
The Bribery Act 2010 provides a defence in law for the failure to prevent bribery offence. A similar defence will be available if a large organisation can show that despite a particular case of fraud, it nevertheless has reasonable prevention procedures in place to prevent persons associated with it from committing a specified offence.
Whether current arrangements are sufficient requires consideration of how a large organisation could be linked to a specified offence and assessing whether existing controls would be considered reasonable.
It may be reasonable to have no prevention procedures in place (e.g., where the assessed risk is extremely low and the rationale is sufficiently documented).
An appropiate defence would involve documenting an assessment of where fraud risk might be present in a large organisation's operating environment.
Examples of areas to review/assess include:
A large organisation's response to assesed risk should reduce opportunity for fraud-related events, incorporating measures to manage, eliminate, or limit the impact of risk-events. An effective response could include:
Government guidance should help inform a focus for what to consider for inclusion in an organisation's reasonable prevention or internal defence arrangements, but guidance is not prescriptive.
The content of reasonable procedures for company 'A' may not be suited to company 'B', due to differences in organisational structure, operations, control environment or product/service offering.
SYSC326 supports organisations to identify and respond to fraud risk, or fraud events, and to prepare for the new failing to prevent fraud offence, by:
The Bill has not yet received Royal Assent and its content is subject to change. Therefore, monitoring the Bill's evolution is a key minimum step to stay informed on the new law's progress and content.
After the Bill receives Royal Assent, the government will need to publish guidance on reasonable prevention procedures. Only then will the offence enter into force.
Early assessment of the potential impact of the failure to prevent fraud offence could inform awareness of any next steps which may be required to, for example:
An organisation can receive an unlimited fine. Courts will take account of all the circumstances in deciding the appropriate level for a particular case.
The offence applies to all sectors but is targeted at large organisations – defined (using the standard Companies Act 2006 definition) as organisations meeting two out of three of the following criteria: more than 250 employees, more than £36 million turnover and more than £18 million in total assets.
Yes. Equivalent offences in Scotland and Northern Ireland will be included in the base offence list, with a power for the relevant Minister in Scotland or Northern Ireland to amend the list with regards to offences they are responsible for (devolved offences).
If an employee commits a specified fraud offence under UK law, or targeting UK victims, their employer could be prosecuted, even if the organisation (and the employee) are based overseas.
The failure to prevent fraud offence is intended to cover offences most likely to be relevant to corporations:
The government does not intend to introduce personal liability in the new law for 'failure to prevent fraud', where an individual did not consent or know of the offence happening.
Under pre-existing legislation, individuals can be prosecuted for committing, encouraging or assisting fraud (e.g., being knowingly involved).
The Companies Act 2006 also provides that a company director must:
Under the new law it is possible the employing organisation could be prosecuted without having to demonstrate senior management knowledge or awarenes of an employee or agent committing a specified offence.
Where a director is found to have connived or conspired in the commisison of a specified criminal offence contained in the new law, or to have failed to comply wih certain Companies Act provisions, then he might be prosecuted under existing law.
