A New Criminal Offence! Failure to Prevent Fraud
UK’s Economic Crime and Corporate Transparency Act (ECCTA)
At a Glance
- Section 196 of ECCTA provides that where a senior manager of an organisation, acting within the actual or apparent scope of their authority, commits a relevant offence, the organisation will be criminally liable. Importantly, relevant offences include the ‘failure to prevent fraud’.
- The failure to prevent fraud offence is intended, by design, to cover circumstances happening overseas, provided there is some sort of UK nexus. Because of this, we will also be considering corporate fraud laws in the United States and in other important jurisdictions.
- An in-scope organisation will be liable if a person associated with the organisation commits fraud, unless the organisation proves it had reasonable procedures in place to prevent the fraud being committed.
A new corporate offence of ‘failure to prevent fraud’ is to come into force on 1 September 2025. There are practical measures businesses could take before September to keep themselves safe. This new law is set out in sections 199 to 206 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA).
Our aim is to produce a series of practical briefings intended to help businesses understand how the law will affect them and what they could do to mitigate its impacts. The briefings will cover:
- A summary of UK corporate criminal liability and why reform of the law is required
- The elements of the new offence, and some practical examples of how companies might fall foul of it
- The types of fraud it will cover, and how those frauds might be committed
- The organisations that are subject to it, and the approach that might be adopted by those strictly outside its remit
- How it might impact organisations that are overseas and have only a slim connection with the UK
- What measures could be taken before 1 September 2025, and how the required work might be planned and implemented
- The considerations for companies who find themselves caught up in fraud, whether as victim, witness or possible perpetrator
The UK’s corporate crime laws are far from straightforward; it is easy to be confused. In December 2023, section 196 of ECCTA became law; it provides that where a senior manager of an organisation, acting within the actual or apparent scope of their authority, commits a relevant offence, the organisation will be criminally liable.
Importantly, relevant offences include fraud. We call this the ‘new fraud attribution offence’. The new fraud attribution offence is a very significant development, but it is different from what we are covering in these briefing notes and is, instead, the ‘failure to prevent fraud’ offence. Nevertheless, as we explain below, there are clear connections between the two offences. We dive deeper into these connections in one of our next briefings.
We also need to bear in mind the dangers of an over-simplistic UK-centric mindset. More often than not, frauds cannot be neatly confined to one jurisdiction. The failure to prevent fraud offence is intended, by design, to cover circumstances happening overseas, provided there is some sort of UK nexus. Because of this, we will also be considering corporate fraud laws in the United States and in other important jurisdictions. If companies are to put in place antifraud systems and controls, it is surely obvious that these should be applicable to, and appropriate for, all the places where the company undertakes business.
In this initial briefing we answer some basic foundational questions:
Why is a new law needed?
English law lacks precision when the aim is bringing a criminal prosecution against an incorporated entity (for example a company). The result is that it has been near impossible to prosecute a company of any size for serious offences even where the wrongdoing was committed by an agent of the company, within his/her authority, and was intended to benefit the company. This new law is intended to correct that, as indeed is the new fraud attribution offence.
Is the new law revolutionary in its approach?
No. It is based on principles first used in the Bribery Act 2010 and then again in the Criminal Finances Act 2017, which introduced the offence of failing to prevent the facilitation of tax evasion. Fortunately, the structure of the new legislation has been proven to work in practice, and — equally, if not more, important for our purposes — this familiarity should prove valuable in advising on the measures that companies could take to protect themselves.
In brief, what is the new offence?
An in-scope organisation will be liable if a person associated with the organisation commits fraud, unless the organisation proves it had reasonable procedures in place to prevent the fraud being committed. That’s it in a nutshell!
What if the company was intended to be the target/victim of the offence?
No; a company will likely not be guilty of an offence where it was the victim or intended victim. Note, though, that this may not always be a clear-cut issue, as fraud that results in a benefit to the company — regardless of intent — could still result in a conviction, or at least credible allegations, against the company.
What is an ‘in-scope’ organisation?
An ‘in-scope’ organisation — i.e., an organisation that can be prosecuted for the new offence — is one that meets at least two of the following conditions in the financial year that precedes the year the offence was allegedly committed: (1) turnover of more than £36 million, (2) assets of more than £18 million and (3) more than 250 employees.
Does that mean that a small ‘out-of-scope’ organisation need not concern itself?
No, that would be a dangerous stance to adopt. Financial service businesses will need to have in place antifraud systems and controls. Therefore, smaller companies in a supply chain may be compelled by larger companies further up the chain to put in place reasonable procedures to prevent fraud. Additionally, a company with decent procedures will likely also be treated more leniently should the company commit the new fraud attribution offence.
A word of warning: It will be difficult to justify a do-nothing approach. Even companies confident of their ethical orientation run risks if they do not implement reasonable measures to prevent frauds by their various employees and other agents.
More to Come Soon!
We hope this, and our briefings to follow, will assist as your company considers the new legislation.