Fraud in the spotlight – Why companies, their senior management and their insurers need to take note

Failure to Prevent Fraud

The Economic Crime and Corporate Transparency Act 2023 (the "ECCTA") creates the new "failure to prevent fraud" offence (the "FTPF Offence"). The new offence is committed when a qualifying organisation's employee commits one of a number of specific types of fraud and the organisation has failed to put reasonable fraud prevention procedures in place.

Before the ECCTA, companies only faced limited "failure to prevent" liability, in relation to bribery and tax evasion offences. The effect of the ECCTA is to introduce a lengthy list of frauds and accounting offences which companies have a duty to take reasonable steps to prevent, namely:

• Fraud by false representation (section 2 Fraud Act 2006)
• Fraud by failing to disclose information (section 3 Fraud Act 2006)
• Fraud by abuse of position (section 4 Fraud Act 2006)
• Obtaining services dishonestly (section 11 Fraud Act 2006)
• Participation in a fraudulent business (section 9, Fraud Act 2006)
• False statements by company directors (Section 19, Theft Act 1968)
• False accounting (section 17 Theft Act 1968)
• Fraudulent trading (section 993 Companies Act 2006)
• Cheating the public revenue (common law)

While this represents a drastic increase in scope of potential corporate liability, it is important to note that the FTPF Offence only applies to large organisations, defined as:

• Companies with more than 250 employees;
• Companies with more than £36 million turnover; and/or
• Companies with more than £18 million in total assets.

The threshold will be met if a parent company and its subsidiary hold resources cumulatively which meet the relevant thresholds.

The FTPF Offence is not yet in force. The government, in the same way as it did for bribery offences, will publish guidance for qualifying organisations on what is expected by way of behaviours, policies, procedures, systems and controls. That guidance is expected to be published over the summer (though realistically may be delayed by the forthcoming UK General Election on 4 July 2024), and the offence is expected to come into force shortly thereafter, and prosecutors are expected to be active in pursuing prosecutions.

The New Identification Principle

In a similar vein, section 196 and Schedule 12 of the ECCTA (which came into force on 26 December 2023) address the principle of attributing criminal liability for economic crimes to legal persons. The framework for corporate criminal liability set out in the ECCTA applies a new identification principle. Previously, the principle was based only on the mental state of a person representing the "directing mind and will" of a corporation. This led to substantive difficulties in organisations being prosecuted for serious frauds and has been the subject of debate and calls for reform for years. Section 196 of the ECCTA now provides that a corporate entity will be liable for actions committed by a “senior manager” acting within the actual or apparent scope of their authority. A "senior manager” is defined as an individual who plays a significant role in:

• The making of decisions about how the whole or a substantial part of the activities of the body corporate or partnership are to be managed or organised; or
• The actual managing or organising of the whole or a substantial part of those activities.

For larger organisations, this represents a substantial widening of potential liability, as the definition of senior manager is likely to go far beyond just the board of directors. Instead, corporate liability could theoretically arise from decisions made by any individual with substantial management authority.

This new identification principle applies to a broad range of offences, listed at Schedule 12 of the ECCTA, which includes many offences under the Theft Act 1968, the Fraud Act 2006, the Proceeds of Crime Act 2002 and many others.

The new identification principle is aimed at making it easier to attribute criminal liability to organisations with regards to economic crimes committed by senior managers, although, the high evidential bar for criminal liability will still need to be met. Organisations will, therefore, have greater responsibility to oversee the conduct of their senior managers. With increased responsibility, comes the increased risk of investigations and costs for organisations that are not sufficiently vigilant.

Changes to Disclosure in Fraud Offence Cases

Another aspect of criminal proceedings that has been the subject of much debate and criticism for a number of years has been the increasing problems that criminal authorities have had in dealing with the complexities of disclosure in the digital world. Numerous criminal trials have collapsed, sometimes close to or during trial, because the criminal authorities have been shown to have failed to comply with their disclosure obligations. It is rare that defendants (who often incur very significant defence costs) are able to make any costs recovery at all from the prosecutor. 

In October 2023, Suella Braverman, then the Home Secretary, commissioned an independent review into disclosure and fraud offences "to speed up criminal investigations and prosecute more fraudsters". More specifically, it will consider potential changes to how disclosure is handled for fraud offences.

Jonathan Fisher KC was appointed Chair of the review and, in April 2024, he published his Preliminary Findings and Direction of Travel. The Preliminary Findings discuss options intended to reduce the risk of fraud prosecutions collapsing as a result of non-compliance with disclosure obligations, while balancing often competing demands of fairness and proportionality.

The Preliminary Findings notably consider whether there is any justification in handing over "the keys to the warehouse", so as to oblige prosecutors to hand over all (or a large part of) relevant and unused data in bulk form.

Although there is a superficial attraction to the defence being given unrestricted access to all of the documents effectively in the prosecutor's hands, it is generally regarded as an imperfect solution. Whilst it does not shift the prosecution burden, it would place enormous resource and cost burden on defence teams, which could, in real terms, represent an effective reversal of the disclosure burden, forcing defence teams (rather than, as is presently the case, prosecutors) to identify all documents relevant to a given case. Such an approach, if adopted, would lead, almost inevitably, to a drastic increase in material needing to be reviewed by defence teams, and, thus, also in defence costs.

Other proposals under consideration include the adoption of a more collaborative approach to the disclosure process, with greater court intervention at an early stage. Mr Fisher KC also recognises the need for extensive resourcing to update electronic disclosure resources available to prosecutors and bringing in uniformity across prosecuting authorities. 

We expect to see much more detail on the pros and cons of reform in this area, including more on how the approach could be implemented in practice, in his final report to the Home Secretary, which is anticipated later this summer.

Conclusion

The obligation on large organisations to address and combat fraud has never been greater. The consequences of getting it wrong are severe and the scope for organisations to be held liable for the conduct of their employees is widening significantly.

The ECCTA brings with it an increased risk of criminal prosecution for corporate entities in the area of financial crime, whether that means corporate liability for the fraud of senior individuals, or for failing to take reasonable steps to prevent fraud from occurring in the first place. Large organisations that exceed the threshold requirements face a wider range of fraud offences than previously.

Beyond the ECCTA, and looking into the future, the costs of responding to fraud investigations may increase even further with the procedural changes on disclosure currently being considered.

Next article