The Economic Crime and Corporate Transparency Act 2023 (ECCTA) forms part of the government's wider agenda to tackle economic crime, with the UK having garnered a reputation as a haven for dirty money.

The UK government estimated that fraud accounted for 41% of all crime in the UK for the year ending 2022. Fraud conducted through and via corporate entities is a key concern and that concern is evident from the introduction of a new 'failure to prevent fraud' offence. The new offence will join the growing roster of corporate 'failure to prevent' offences, alongside the Bribery Act 2010's 'failure to prevent bribery' offence, and the Criminal Finances Act 2017's 'failure to prevent tax evasion' offence.   

We have a number of articles available on our ECCTA hub which explain the key changes. This article focuses on what you need to know about the new corporate offence of 'failure to prevent fraud'.

When does the new offence go live?

On a date to be confirmed later this year, once the Secretary of State has published further guidance on compliance. We will provide updates on our ECCTA hub.  

What are the key elements of the offence?

A relevant body is guilty of an offence if:

• a person associated with the body (meaning an employee, agent, subsidiary or someone performing services on behalf of the body)
• commits a fraud offence
• intending to benefit, whether directly or indirectly, the relevant body or any person to whom the associate provides services on behalf of the relevant body.   

What is a 'relevant body'?

All large corporations and partnerships. 'Large' means that they meet two out of three of the following criteria:

• over 250 employees
• turnover of £36 million or more
• assets of £18 million or more.

What is a 'fraud offence' under the Act?

The fraud offences which are covered by the failure to prevent offence include:

• cheating the public revenue
• offences under the Theft Act 1968 (such as false accounting and false statement by company directors)
• the offence of fraudulent trading under the Companies Act 2006
• offences under the Fraud Act 2006 (such as fraud, participating in fraudulent business carried on by a sole trader, and obtaining services dishonesty).

That is not a static list, as the Act makes provision for the Secretary of State to update the list and either add or remove offences. 

Can the corporate entity be liable for actions of junior employees?

Yes – if the other components of the offence exist, then if a fraud offence is committed by a junior employee, or even someone outside of the organisation who is performing services on its behalf, that could result in the corporate entity being liable for a failure to prevent offence. It is however important to note that such person must have been intending to benefit (directly or indirectly) the corporate entity (or a client/customer of that entity).  
That should provide some comfort to large organisations that the offence is not intended to cover offences committed by eg rogue employees seeking to defraud the company, or any other circumstances where the corporate entity itself was, or was intended to be, a victim of the fraud offence. It also means that activities of associated persons which are entirely unrelated to the corporate entity are not covered. 

Does it have extra-territorial effect?

Yes – the new offence will apply to bodies corporate regardless of their place of incorporation if some element of the underlying offence has been committed in the UK (and that can include a UK victim having been targeted where loss has been suffered in the UK). Consideration therefore needs to be given to international operations.  

What are the consequences of a breach?

The consequence of an organisation being found liable for a failure to prevent offence under the Act is a potentially unlimited fine. Relevant organisations should act now to review their internal procedures and risk levels to ensure they are compliant when the new offence becomes live. Many large organisations will already have strong compliance procedures in place and may choose to simply update those existing policies and procedures to reflect the latest changes. We can assist and advise on implementing and updating your organisation's policies and procedures. 

There may be an increased use of Deferred Prosecution Agreements, but equally, we may see businesses being prepared to defend the charges, as has increasingly become the case under the Bribery Act.    

What does my organisation need to do to comply and is there a defence?

Like the other existing 'failure to prevent' offences, there is a defence if the organisation has 'reasonable procedures' in place to prevent economic crime. The Bribery Act 2010 uses an 'adequate procedures' threshold for its corresponding defence, but we do not expect that to make a practical difference in terms of the principles which relevant organisations should have in mind when implementing compliance procedures.   

Whilst we wait for the Secretary of State guidance to be published, looking back at the Bribery Act guidance is likely to be instructive, and the key principles are as follows:

• Having in place proportionate procedures - an organisation's procedures to prevent should be proportionate to the risk it faces and to the nature, scale and complexity of the organisation's activities. The procedures should be clear, practical, accessible, effectively implemented and enforced. 
• Ensuring top-level commitment - the top-level management of a commercial organisation, such as the board of directors or the owners, should be committed to prevention. The top-level management should foster a culture within the organisation in which bribery/economic crime is never acceptable. 
• Undertaking a risk assessment - the organisation should assess the nature and extent of its exposure to potential external and internal risks of bribery/economic crime on its behalf by persons associated with it. This assessment should be periodic, informed and documented. 
• Due diligence - the organisation should apply due diligence procedures, taking a proportionate and risk-based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, to mitigate identified bribery/economic crime risks. 
• Communication (including training) - the organisation's bribery/economic crime prevention policies should be embedded and understood throughout the organisation through internal and external communication, including training, that is proportionate to the risks it faces.
• Monitoring and review - the organisation monitors and reviews its procedures designed to prevent bribery/economic crime by persons associated with the organisation and makes improvements where necessary.

To protect their interests, relevant organisations can start by ensuring they have their house in order by educating their leaders and employees about the risks of economic crime within their own organisation, updating and actively reviewing policies and procedures, and regularly auditing key areas of risk.   

If you would like any advice on what your organisation can do to get prepared, please contact Emma Allen.