UK Failure to prevent fraud offence – the clock is ticking to update fraud procedures

UK Failure to prevent fraud offence – the clock is ticking to update fraud procedures

Overview: Corporate entities within the UK and overseas face new criminal risks and should enhance compliance frameworks now to mitigate

The Economic Crime and Corporate Transparency Act 2023 (the Act), which passed into law late last year, introduced the landmark failure to prevent fraud offence, which we have considered in previous bulletins: 

Failure to prevent fraud offence in the UK - implications for non-UK entities

A new corporate offence in the United Kingdom - Failure to Prevent Fraud | David Doble Law

This bulletin focuses on the steps that should be under consideration specifically by non-UK entities that may be within the scope of the new law. 

The new failure to prevent fraud offence will have wide jurisdictional effect and will apply not only to  corporate entities based in the UK, but also to those established outside the UK, particularly if they have business operations, branches or customers in the UK.  Although the principal focus of the Act is in relation to “relevant bodies“ which meet the “large organisation” test (whether in the UK or otherwise), the steps required to avoid the risk of committing the new offence may also impinge on the activities of affiliates (again, whether in the UK or otherwise) that are deemed to be acting on behalf of a relevant body that is a large organisation. 

By way of reminder, a “relevant body” means a body corporate or a partnership (wherever incorporated or formed); and “large organisations” are those that satisfy two or more of the following conditions:

Turnover:   More than £36 million
Balance sheet total:    More than £18 million
Number of employees:    More than 250.

The UK Government is expected to publish guidance soon about the procedures that relevant bodies within the scope of the Act can put in place to prevent them, and other entities associated with them, from committing fraud offences.  UK corporates within the scope of the new law are already preparing, including by enhancing their contractual expectations of counterparties, both in the UK and elsewhere, in connection with fraud controls. These contractual requirements can be expected to be in place during the course of this year.

Guidance on Compliance Procedures: Entities affected by this new law will have limited time to implement changes

The guidance, which is currently being prepared by the UK Government, is expected to be published in the coming months. Subsequently, there will be a period of implementation before the offence comes into force, during which time organisations can update their compliance framework to incorporate the fraud-related preventative procedures. When similar guidance was issued for the UK Bribery Act in 2011, the implementation period was three months. We anticipate the implementation period for the guidance on failure to prevent fraud to be at least as long as that.

While this may sound like plenty of time to implement necessary procedures, it is likely that entities affected by this new law may face a considerable amount of work in that period.  It is likely to represent a similar amount of work to that undertaken by companies when preparing for the Bribery Act.  Affected organisations should therefore be looking at steps they can take now, to get ahead of the process, including taking external advice as necessary.  

What steps can be taken now?

It is expected that the guidance to be issued by the UK Government will adopt the principles-based approach used in the statutory guidance on the failure to prevent bribery offence. That guidance was based on six principles that underpin the procedures that companies should seek to establish, namely: 

1.   Proportionate Procedures
2.   Top Level Commitment
3.   Risk Assessment
4.   Due Diligence
5.   Communication (including training); and 
6.   Monitoring and Review.

This principles-based approach means that the statutory guidance is unlikely to be a detailed manual that will provide companies with specific instructions as to how to ensure compliance. Rather, each company will be responsible for considering how to tailor the principles so that they can be of prime effectiveness to its own business. It is also possible that certain sectors and industry bodies, including for example, UK Finance in the banking sector, may issue their own specific guidance.  

The fact that the guidance is likely to be based on the above principles allows companies to begin preparation in advance of the guidance being published. In the case of most organisations, a key starting point will be undertaking a risk analysis focusing on fraud, in particular outward facing fraud (i.e., the risks of the company, its employees, its subsidiaries and its third party associates, committing fraud offences, rather than being the victim of a fraud).  Companies that are within the scope of the Act  (both within the UK and overseas) should also begin to consider their policy and procedure framework as it applies to fraud and controls over third parties. It is very likely that these will be key steps required under the government guidance, once published, to demonstrate reasonable procedures. 

Non-UK entities that fall outside the “large organisation” test

The new law has the potential to enmesh entities which are outside the scope of the new legislation in terms of size, but which are nevertheless agents or affiliates of entities that are within the scope of the Act.  Those affiliates and agents may not necessarily be the subject of enforcement action by the UK authorities, but may nevertheless be required, by the terms of the relationships they have with companies that are within the scope of the Act, to agree contractual documentation which addresses the liability that those companies are exposed to under the Act.

Conclusion

It is evident that the new offence of failure to prevent fraud will not only catch actions carried out in the UK, but may also catch actions carried out outside the UK.  For entities that are going to be affected by this new law, any preparation that can be commenced now will put them in an advanced position when the implementation period begins.

A further bulletin will follow as soon as the UK Government has published its guidelines.  If you have any questions in the meantime, please contact us below.

David Doble Law is working on this important new UK legislation with the White Collar Crime and Compliance Team at leading UK law firm, RPC, including with Sam Tate, who is widely regarded in the UK as an expert financial crime lawyer, and is part of the City of London Law Society team providing comments to the Government on its current draft of the guidance.