Tom Stocker: Firms should brace for new fraud offence
Reading time: 3 minutes
Tom Stocker
A new “failure to prevent fraud” offence will impact organisations across the UK and internationally, requiring them to complete risk assessments and implement rigorous fraud prevention procedures and policies in place if they are to avail themselves of a statutory defence, writes Tom Stocker.
Under the Economic Crime and Corporate Transparency Act 2023 (ECCTA), the new offence comes into force on 1 September 2025 and sets out to prevent frauds which are intended to benefit an organisation or an organisation’s clients.
The offence applies to large organisations which are businesses with two of the following applying: more than a £36 million turnover; more than £18m in assets; more than 250 employees. For group organisations, the criteria applies to the whole organisation regardless of where the organisation is headquartered or where its subsidiaries are located.
The failure to prevent offence applies when an associated person of an organisation commits a fraud offence with an intention to benefit the organisation or an organisation to which the associated person provides services to (i.e. a client). The offence is subject to a defence of having in place such prevention procedures as it was reasonable in all the circumstances to expect the organisation to have in place.
Recently published government guidance includes a number of key considerations. It notes that the intention to benefit may relate to the organisation or the organisation’s client. For example, a professional services firm would be criminally liable if an employee of the firm committed fraud (made a false representation) intending to benefit a client.
A parent undertaking can be prosecuted for frauds by an employee or associated person of a non-large subsidiary where the fraud is intended to benefit the parent company directly or indirectly. A subsidiary that does not meet the criteria for being a large organisation can be prosecuted where the parent company is a large organisation.
An associated person automatically includes employees, agents and subsidiary companies. The automatic inclusion of subsidiaries goes further than the offence of failing to prevent bribery by associated persons under the Bribery Act 2010 and is therefore a significant development. Other persons who perform services for or on behalf of a large organisation are also associated persons.
An organisation reliant on the reasonable procedures defence has the onus to prove that it had reasonable procedures in place to prevent fraud at the time the fraud was committed. The overall impression is that the risk assessment exercise should be thorough and searching, and the prevention programme properly resourced from both a personnel and technology perspective.
It is noted that organisations are likely to have measures in place for detecting frauds against the organisation, but those detection measures may need to be extended to frauds intended to benefit the organisation or its clients. This point aligns with our experience of advising clients on ECCTA.
The guidance notes that investigations should be scoped through legal advice and be legally compliant and warns that in a prosecution, the court will consider adherence to the principles set out in the guidance. More detailed risk assessments, fraud prevention plans which are adhered to and monitored, and additional resource allocation are a clear expectation.
Tom Stocker is a partner at Pinsent Masons
Share this article:
Subscribe to our newsletter to not miss articles like this one:
SUBSCRIBE
