The UK Government has today introduced the Economic Crime and Corporate Transparency Act (the “Act”) to deliver wide-ranging reforms to address serious economic crime in the UK. At the heart of these changes, are two major amendments to the criminal law architecture:
- The introduction of a failure to prevent fraud offence (the “FTPF”). The FTPF imposes strict liability where a large organisation fails to prevent criminal fraud that is intended to benefit the organisation in some way, although an organisation can rely on a defence of showing it had reasonable procedures in place designed to prevent the relevant fraudulent activity. The new provisions will enter into force when the Government has published guidance on the reasonable procedures defence, which we expect to be within the next 6-12 months.
- The expansion of the identification principle provides that the actions of a wider remit of senior executives can be attributed to an organisation for the purposes of establishing criminal liability against that organisation. Previously (except in certain specific cases such as corporate manslaughter or certain offences in connection with bribery, facilitation of tax evasion and money laundering) an organisation could only be criminally liable for misconduct committed by a limited range of individuals who could be identified as its directing mind and will. The Act now clearly recognises that the misconduct of a larger class of senior representatives can be attributed to an organisation; specifically, an organisation will be guilty of an offence where a “senior manager … acting within the actual or apparent scope of their authority commits a relevant offence”. Senior manager is widely defined to include those involved in significant decision-making or management of the organisation. This could conceivably cover managers with responsibility over a particular business area (such as specific region or department (e.g. finance, sales, operations or marketing). The offences covered by this change comprise a lengthy list of economic crimes, including fraud, false accounting, bribery and tax offences. The new identification principle is expected to come into force prospectively two months from today.
These changes give the relevant investigating and prosecuting agencies (which, depending on the particular offences, include the Serious Fraud Office, Financial Conduct Authority, National Crime Agency, HMRC, and the Crown Prosecution Service), new avenues to conduct criminal investigations into large companies for economic crime. Companies, and their senior management, should be on heightened alert and take steps to satisfy themselves that current prevention procedures remain fit for purpose as the threat of economic crime, and exposure for related investigations into companies, continues to evolve.
In this post, we briefly set out the scope of the FTPF and in an upcoming blog we will assess the reforms to the identification principle.
Failure to Prevent Fraud Offence
The types of fraud an organisation must seek to prevent include:
- fraud by false representation, fraud by failing to disclose information and fraud by abuse of position. This could impact an extensive range of activities. For example, public statements regarding product features or specifications (e.g. to persuade someone to choose one product over another), financial performance or statements about sustainability efforts; all of which could be relied on by third parties;
- participation in a fraudulent business;
- false representations to counterparties, joint venture partners and/or stakeholders where those third parties might rely on those statements and representations;
- false accounting;
- cheating the public revenue (a broad common law offence which, in high level terms, involves dishonest and fraudulent conduct intended to deprive HMRC of tax revenues to which it is entitled, see further here); and
- fraudulent trading.
We will be considering the potential scenarios to which the Act may apply in future blog posts.
There is a requirement that the fraud is intended to benefit the organisation, which may limit the extent to which agencies are ultimately successful in prosecuting FTPF offences. However, benefit may be widely construed, and the actions of a seemingly rogue actor could at the least lead to exposure associated with a criminal investigation into the company if their actions were, in part, designed to benefit the company.
Organisations will be liable if an ‘associated person’ (which can be an employee, agent or subsidiary, or anyone else who performs services for the corporate) commits one of the designated offences. While the scope of ‘associated person’ provisions under the Act echoes, in some respects, the UK Bribery Act wording (i.e. covering persons providing services on behalf of the organisation), it is wider because subsidiaries and agents are automatically associated persons regardless of whether they perform services for the company.
The offence will apply if an associated person commits fraud under UK law (generally requiring some elements of the offence to be occur in the UK – but note that it could be sufficient that there are UK victims arising from the offence). This means that neither the organisation nor the associated person are required to be based in the UK in order for the provisions to apply. Enforcement agencies will likely be most motivated to investigate if the company has a strong nexus to the UK or there has been serious harm to individuals in the UK.
It can be a defence under the Act if the organisation has in place reasonable procedures to prevent fraud. The Government will publish guidance on reasonable procedures, which we expect will be similar to that used for the failure to prevent the criminal facilitation of tax evasion guidance and similar Bribery Act guidance. It is therefore likely to be high-level and it will be important to assess carefully how the reasonable procedures should apply in any given context.
Looking at these issues in more detail
It is important organisations prepare for the wide-ranging new changes that increase the risk of investigations for corporate fraud. Immediate steps that businesses should consider are to review and refresh risk assessments, revise existing safeguards and prevention procedures so that they target the specific risks that a business faces in light of this change to the law, and update relevant personnel across the business of the upcoming reforms, ensuring that they are equipped to understand and avoid the exposure that they are capable of creating.
We will be exploring the attribution doctrine in a future Risk and Compliance blog.