Search
Corporate Offence of Failure to Prevent Fraud

Corporate Offence of Failure to Prevent Fraud

Economic Crime and Corporate Transparency Act 2003

Published on:
Reading time: 5 minutes read

The Economic Crime and Corporate Transparency Act 2003 (“ECCTA”) came into force in late 2023. It introduces the new corporate offence of failure to prevent fraud. The power to bring prosecutions will not come into force until 1 September 2025. This is to allow organisations time to implement and update their fraud prevention procedures.

The offence will make it easier to hold organisations accountable for fraud committed by their employees or other associated persons, which may benefit the organisation. The offence is intended to encourage organisations to implement or improve prevention procedures to help prevent fraud.

What is the new offence of failing to prevent fraud?

Under ECCTA, any large organisation, irrespective of sector or industry may be criminally liable where an employee, agent or other ‘associated person’, commits fraud intending to benefit the organisation and the organisation did not have reasonable fraud prevention procedures in place. It does not matter whether directors or senior managers ordered or knew about the fraud.

What types of fraud are covered by the offence?

The offence of failure to prevent fraud applies to a number of specific “base fraud” offences committed by a ‘person associated with the relevant body’. They include:

  • Fraud by false representation (section 2 Fraud Act 2006)
  • Fraud by failing to disclose information (section 3 Fraud Act 2006)
  • Fraud by abuse of position (section 4 Fraud Act 2006)
  • Participation in a fraudulent business (section 9, Fraud Act 2006)
  • Obtaining services dishonestly (section 11 Fraud Act 2006)
  • Cheating the public revenue (Common Law) 
  • Fraudulent trading (section 993 Companies Act 2006)

What is an “associated person”?

An employee, agent or a subsidiary of the relevant body is automatically an ‘associated person’ for the purposes of ECCTA. A person who provides services for, or on behalf of the relevant body, is also an associated person while they are providing those services.  

Are all organisations liable?

The offence applies to large, incorporated bodies and partnerships across all sectors that meet two out of the three following criteria:

  • Have more than 250 employees
  • Have a turnover of more than £36 million
  • Have more than £18 million in total assets

This criterion will apply to the whole organisation, including subsidiaries, regardless of where the organisation is headquartered, or its subsidiaries are located.

Does the offence only apply to UK companies?

The new offence will have international reach but there must be a UK nexus i.e. that one of the acts which was part of the underlying fraud took place in the UK, or that the gain or loss occurred in the UK.

For example, if a UK-based employee commits fraud, the employing organisation could be prosecuted, wherever it is registered. Likewise, if an employee, or associated person, of an overseas-based organisation commits fraud in the UK, or targets victims in the UK, the organisation could be prosecuted.

What are the penalties?

Penalties include criminal convictions and unlimited fines for businesses and separate convictions for individuals involved in committing the offence. The associated consequences of reputational damage and the detrimental effect on the organisation’s ability to tender for, and secure, work should also be considered.

Can organisations be prosecuted now?

The failure to prevent offence will come into effect on 1 September 2025 to allow organisations to develop and implement fraud prevention procedures.

Is there a defence?

Organisations will have a defence if they can establish that they have reasonable procedures in place to prevent fraud, or if they can demonstrate that it was not reasonable for the organisation to have any prevention procedures in place. The onus will be on the organisation to prove that it had reasonable procedures in place to prevent fraud at the time that the fraud was committed.

What do reasonable anti-fraud measures look like?

On 6 November 2024 the Government issued guidance which sets out procedures that relevant bodies can put in place to prevent persons associated with them from committing fraud offences. The fraud prevention procedures should be informed by the following six principles:

  • Top level commitment — Responsibility for the prevention and detection of fraud rests with those charged with the governance of the organisation, such as the board of directors, partners, and senior management.
  • Risk assessment — The organisation should assess the nature and extent of its exposure to the risk of employees, agents and other associated persons committing fraud.
  • Proportionate risk-based prevention procedures — An organisation’s procedures to prevent fraud by persons associated with it will need to be proportionate to the fraud risks it faces and to the nature of its activities.
  • Due diligence — Organisations should conduct due diligence on associated persons, including new employees.
  • Communication (including training) — The organisation should ensure that its prevention policies and procedures are communicated, embedded, and understood throughout the organisation, through internal and external communication.
  • Monitoring and review — The organisation should adapt its fraud detection and prevention procedures in response to the changes in the risks that it faces.

Identification doctrine

The identification doctrine is the legal test for deciding whether the actions and mind of a natural person can be regarded as those of a legal person (i.e. company). Traditionally, the law required that an offence must be committed by the “directing mind and will” of the company to trigger the corporate offence.

ECCTA increases the scope of the existing “directing mind and will” identification test to include a “senior manager” as defined in ECCTA, acting within the scope of their authority. The failure to prevent offence will apply to a “senior manager” who is an individual who plays a significant role in decision-making about, or the managing or organising of, the whole or substantial part of the activities of the organisation.

This may cause a shortfall in respect of existing insurance coverage and companies may consider review of the same given the widening cohort of people who could be exposed to criminal and other liability.

Serious Fraud Office

ECCTA amends the investigative powers of the Serious Fraud Office’s (SFO) which can be used to compel individuals or companies to provide information. These powers could previously only be used following the SFO Director’s decision to commence an investigation when there are ‘reasonable grounds to suspect’ that  serious or complex fraud, bribery or corruption had taken place. Due to the ECCTA the SFO will no longer need to formally open an investigation before utilising these powers.

The increase in the SFO’s investigative powers, combined with the new failure to prevent offence and the changes to those individuals who can be held criminally liable for the actions of an organisation is likely to lead to an increase in criminal investigations and prosecutions for offences of fraud and other economic crime offences.

For more information, contact our expert business and financial crime lawyers.

Did you find this article useful?

Written by:

Related Services:

Related Insights

View all insights

Written by:

Photo of Michael Balmer

Michael Balmer

Partner

Michael is a partner, specialising in financial and business crime. He has represented individuals and corporate bodies subject to investigation and prosecution by organisations including the Serious Fraud Office, HMRC, NCA and CPS and has defended in some of the biggest and high-profile fraud cases prosecuted in this country.

Related Services: