The offence of failing to prevent fraud - implications for those seeking or placing D&O or Management Liability policies

The Economic Crime and Corporate Transparency Act 2023 (“the ECCTA”) forms part of a package of measures that are designed to combat economic crime in furtherance of the UK Government’s objective to cleanse the UK market of “dirty” money.

The offence of failing to prevent fraud

An organisation will be liable if it fails to prevent certain specified fraud offences from being committed by its employees or agents in circumstances where the fraud is intended to benefit the organisation or any person who provides services on behalf of the organisation.

The offence widens the pool of culpability so that an organisation may be liable as a result of the actions of Directors and Senior Managers, not just the actions of those with the “directing mind” of an organisation.

However there are some important caveats:

• An organisation will not be prosecuted for a failure to prevent fraud unless an individual associated with it commits a relevant offence.
• An organisation able to demonstrate that it has reasonable policies and practices in place to prevent fraud will have a defence to a prosecution.
• Not all entities fall within the scope of the ECCTA. It currently applies to any corporate body, subsidiaries, partnerships, charities, incorporated public bodies, and not-for-profit organisations in all sectors that meet two out of the following three criteria:
• More than 250 employees.
• More than £36 million turnover.
• More than £18 million in total assets.

Smaller companies which do not themselves meet the criteria, but which are part of a group of companies which taken together, do meet those criteria, will fall within scope.

Implications for those seeking or placing D&O or Management Liability policies

The offence of failing to prevent fraud is likely to result in an increase in criminal investigations and prosecutions against organisations. The time taken to defend a prosecution, or a successful prosecution will very likely frustrate an organisation’s ability to operate, leading to losses. There will also be greater exposure to civil penalties, criminal sanctions, and fines and the potential for reputational harm. It should not therefore be ignored.

For those seeking or placing D&O/ Management Liability policies, it will be important to determine whether the organisation falls within the remit of the failure to prevent fraud offence (using the above referenced criteria). If it does, Directors and Senior Managers of the organisation, in conjunction with its advisors should:

• Undertake a critical analysis of the organisation’s policies, guidance and procedures and staff training programmes relating to fraud, money laundering and anti-bribery (amongst others). Updates to such practices and procedures may be required to demonstrate that the organisation has a pro-active and robust approach to address such issues. Improvements to procedures should be recorded so that they can be evidenced and explained if required. Evidence as to how staff were informed of, and trained on, any revised processes or procedures should also be documented.
• Assess whether the organisation’s approach to fraud related threats is proportionate to the risks it faces by having a comprehensive understanding of the hazards that are associated with its sector. It may be helpful for the organisation or its advisors to conduct research into the markets it operates, and to profile the people/ entities that it deals with, especially if entering into new business arrangements and new markets overseas so that it can demonstrate that it has and will continue to undertake proper due diligence.

These steps – risk assessment, a critical review of relevant policies, practices and procedures and the training of staff are not one-off activities. They should be repeated regularly to demonstrate the organisation’s commitment to continuing development and its ability to adapt when new risks emerge. To ensure that these issues are reconsidered, an organisation could include an update on such policies and procedures as a standing item on its Board Meeting Agendas and identify internally those who will take the lead on promoting good practice within the organisation.

If an organisation undertakes (and repeats) the above detailed actions and retains sufficient records of those actions, it will have a substantial body of evidence to share with insurers when seeking terms for D&O or Management Liability cover.

Insurers are alive to the increased risks associated with the ECCTA. Organisations should therefore start seeking terms of insurance sooner to ensure that there is sufficient time to consider terms and place a suitable policy. They should also expect to be asked for, and be able to provide insurers with, more details relating to relevant policies and procedures when seeking terms. 

On receipt of proposed terms of insurance, an organisation and its advisors should assess whether the terms will provide sufficient cover in the context of the ECCTA.

For example, it will be important to carefully consider the definition and scope of the “investigation” cover afforded under the policy. Some policies may define an “investigation” as a formal process commenced by a relevant authority or body. However the ECC Act grants wider investigative powers to the Serious Fraud Office, which can be utilised before a formal investigation is opened in relation to a potential criminal offence. It is questionable if costs associated with a “pre” investigation would be covered. Such costs could be substantial and therefore clarification on the coverage position prior to policy inception is crucial.

Concluding remarks

The ECCTA and the offence of failing to prevent fraud are a demonstration of the UK Government’s commitment to combat economic crime.

For those organisations that do not fall within the remit of the failure to prevent fraud offence, some relief may be warranted but a word of caution – there was appetite amongst law makers to apply lower thresholds to the offence. There is therefore a risk that the thresholds may be reduced some time in the future, such that more organisations fall within its reach. Further, the ECCTA is just the latest set of measures intended to achieve greater transparency and scrutiny of organisations operating in the UK.

We anticipate a crack-down by regulators across the piece, particularly in the financial sector. On that basis all organisations, no matter their size should review their relevant policies, procedures and training programmes and take some time to (1) critically assess whether they are doing enough to prevent fraud; and (2) satisfy themselves that they have sufficient cover to respond should an issue of this nature arise.