Failure to prevent fraud - Guilty, until proven innocent (or until reasonable fraud prevention procedures are in place)

13 April 2023

On 11 April 2023, the government finally tabled legislation introducing a much-anticipated new failure to prevent (FTP) fraud offence, as part of the Economic Crime and Corporate Transparency Bill which is currently making its way through Parliament.

The offence

Under the new FTP fraud offence, an organisation will be liable to an unlimited fine where:

  1. a person associated with the organisation commits a fraud offence for the organisation’s benefit; and
  2. the organisation does not have reasonable fraud prevention procedures in place.

The FTP fraud offence represents another departure from the status quo of corporate criminal liability in the UK – adding to the inroads made by the Bribery Act 2010 and the Criminal Finances Act 2017. As with the model used for those failure to prevent offences, there is no requirement for the Company Board or Directors to have any involvement in, or even knowledge of, the fraud in order to be criminally liable. The government’s hope is that this will push tackling fraud to the top of boardroom agendas and encourage companies to proactively implement and improve fraud prevention procedures.

Scope

The offence applies across all sectors to organisations which meet two out of three of the following criteria:

  1. more than 250 employees;
  2. more than £36m turnover; or
  3. more than £18m in total assets.

The rationale behind the omission of small and medium enterprises (SMEs) is unclear. Whilst the government’s fact sheet refers to avoiding placing “unnecessary burden on legitimate businesses”, it doesn’t explain why it isn’t deemed an unnecessary burden for large businesses. The difficulty in holding large organisations, with their many layers of management, to account under the current “controlling mind” test, appears to be a driving force.

The offence covers key fraud and false accounting offences, such as by fraud by false representation (section 2 Fraud Act 2006), false accounting (section 17 Theft Act 1968) and fraudulent trading (section 993 Companies Act 2006). However, the legislation does not cover any Money Laundering offences - these are to be left under the remit of the Financial Conduct Authority and current regulation.

“Reasonable” fraud prevention procedures 

The government has yet to provide any detail on what a “reasonable fraud prevention” procedure might look like but it is anticipated that any procedures will be underpinned by similar principles to those informing bribery and facilitation of tax evasion: risk assessments; tone from the top; training; due diligence; and always, regular review. As with the failure to prevent the facilitation of tax evasion offence, the draft legislation includes provision for circumstances where it is reasonable to have no fraud prevention procedures in place. Given the offence only applies to large companies, it is hard to envisage many large organisations where this will be the case. Perhaps that is a hang-over from an earlier draft of the legislation which envisaged companies of all sizes being included.

Impact

Other failure to prevent offences in the UK have turned out to have a bark far worse than their bite - there has not yet been a single prosecution in relation to the failure to prevent the facilitation of tax evasion. However, even if this new failure to prevent offence ends up having the same long lead-in time which failure to prevent the facilitation of tax evasion is having, the new offence is likely to ensure that more companies – albeit only large ones – pay attention to their fraud risks.

"The offence will encourage more companies to implement or improve prevent procedures, driving a major shift in corporate culture to help reduce fraud."