![Image of Eve Giles]()
Again, there is some inbuilt flexibility here which allows for further offences to be added by secondary legislation provided they are offences that involve dishonesty, are of a ‘similar character’ to the above, or are core money laundering offences. This could feel to companies like new failure to prevent offences being introduced by the back door and without proper legislative scrutiny.
In addition to the list of offences above, it also includes ‘aiding, abetting, counselling or procuring the commission of a listed offence’. This extends the company’s potential liability even further, for example, to a situation where an employee has not committed one of the offences listed above, but has assisted another person or entity who has. The company could be liable for failing to prevent the employee’s behaviour if it was done with the intention of benefitting the company or clients/customers.
A broad definition of associated person
A company will be guilty of the new offence where it fails to prevent fraud by an associated person. An associated person is defined as:
- an employee, agent or subsidiary of the relevant organisation,
- an employee of a subsidiary, or
- a person who otherwise performs services for or on behalf of the organisation.
This is broader than under the equivalent bribery and facilitation of tax evasion failure to prevent offences.
In the bribery offence, whilst an employee is assumed to be a person that performs a service on behalf of a company and is thus an associated party, there is a carve out ‘if the contrary is shown’. There is no such carve-out in the new offence.
In the bribery and tax offences, a subsidiary can be an associated person but only where it is performing a service on behalf of the company. The offence can potentially be triggered by misconduct by any subsidiary. Parent companies would therefore likely find themselves at greater risk of liability for failure to prevent subsidiaries’ fraudulent behaviour – adding another layer of risk for parent companies which are already grappling with the implications of the UK Supreme Court’s findings that a UK-domiciled parent company may owe a duty of care towards claimants allegedly impacted by the actions of a foreign subsidiary (Okpabi and others v Royal Dutch Shell Plc and another [2021] UKSC 3 and Vedanta Resources PLC and another v Lungowe and others [2019] UKSC 20). The inclusion of employees of subsidiaries as 'associated persons' casts the net even wider for parent companies.
In addition, the offence explicitly notes that whether a person (other than an employee, agent or subsidiary) performs services for or on behalf of a relevant body is to be determined by the relevant circumstances, and not by reference to the nature of the relationship. As with the bribery and tax offences, this means a company can be liable for misconduct by, eg self-employed or contracted agency workers alongside permanent employees.
The ‘benefit requirement’
The offence only bites where the associated person intended to benefit, directly or indirectly, the company or those to whom services are provided (or their subsidiaries), eg customers and clients. This ‘indirect’ benefit is likely to provoke some debate. How might it apply, for example, to an employee who may be primarily motivated by personal gain, eg increased commission/bonus targets, but who knows and intends the company to benefit too? Or did not so intend but expresses in an internal investigation interview after the event that their intention all along had been to benefit the company.
The benefit requirement is slightly stricter where the associated person is an employee of a subsidiary. A failure to prevent fraud offence is only committed by the parent company if the employee intended to benefit the parent company, directly or indirectly.
Extra-territorial effect
The Government’s factsheet on the new offence states that ‘if an employee commits fraud under UK law, or targeting UK victims, the employer could be prosecuted, even if the organisation (and the employee) are based overseas.’ This statement illustrates the ambitions for the potential scope of the new offence and has wider potential implications than had originally been anticipated by the Law Commission.
Given the extra-territorial effect of many of the offences above, this question of whether an offence is committed under UK law already encompasses extra-territorial conduct. Certainly most of the underlying offences already have wide extra-territorial effect. The statutory offences listed above (except for fraudulent trading) were all given wide extra-territorial effect by s1 Criminal Justice Act 1993. This provides that the offences bite where a ‘relevant event’ occurs within England and Wales – meaning that an essential element must have occurred here, but not all elements. Special provision was made for fraud offences; a ‘relevant event’ for the offences under ss2-4 Fraud Act 2006 includes where harm is suffered in the UK. Hence the reference to UK victims in the factsheet.
This appears to mean that a company could be prosecuted for the new failure to prevent fraud offence where, for example, it fails to stop a non-UK associated party from committing fraud abroad, provided some harm is felt in the UK or some other essential element of the fraud offence occurs here. The underlying fraud does not have to be prosecuted separately. The prosecution can decide just to pursue the company for failing to prevent the fraud.
In terms of non-UK businesses, these look to be within scope of the new failure to prevent fraud offence which applies to a ‘relevant body’ defined as a body corporate or a partnership wherever incorporated or formed. The Impact Assessment states that this includes foreign companies with UK operations. Therefore for overseas companies it will be essential when any fraud is committed to go through a careful legal and jurisdictional analysis to establish whether the new failure to prevent fraud offence applies.
Protections apply where the business has reasonable procedures to prevent fraud
Similar to the existing failure to prevent offences, the only defence would be that the company had reasonable procedures in place to prevent fraud or that it was reasonable not to have such procedures in place. In reality most large companies will require reasonable procedures and the Government will be required to publish guidance on this before the offence comes into force. Given the number of predicate fraud offences covered by the new offence and the myriad ways in which fraud can be committed both within and between different sectors, it will be interesting to see how the Government chooses to frame the guidance so that it achieves one of its objectives – driving better anti-fraud compliance.
What if the company is the victim of the fraud?
A large company is also not guilty if it is itself a victim of, or was intended to be a victim of, the fraud offence. However this concession does not apply where the person commits the fraud intending to benefit the company. It only applies where the intention was to benefit a person to whom services were being provided, eg a client or customer.
This helpful concession is therefore significantly undermined. Imagine, for example, a director acts in conflict of his duties in a way that he says was intended to benefit the company but in fact it does not benefit the company, but instead the company is a victim of his fraudulent behaviour. The company has potentially still committed the failure to prevent fraud offence. It is vital that this important ‘victim’ defence operates properly, as so many companies are themselves victims of fraud.
Individual director/officer liability
For many corporate criminal offences we often see linked officer liability for those that ‘consented, connived or neglected’ in relation to the misconduct. There is no expansion of individual criminal liability (for example for directors) connected to the new corporate offence.
Deferred prosecution agreements will be available
As expected, a company under investigation for this type of offence may be offered a deferred prosecution agreement (DPA). Most of the investigations of the failure to prevent bribery corporate offence have resulted in such settlements. This is perhaps why the Government’s Impact Assessment states that the number of additional court cases is expected to be low, although there is currently a growing trend for some companies not to enter into DPAs but instead plead guilty to failure to prevent offences.
Next steps from the Government
The Government will publish guidance on reasonable procedures. This is not expected to be published before Spring 2024. There is no commencement date yet for the new failure to prevent fraud offence but we would be expect this to be after the guidance is published.
Next steps for businesses
Businesses in scope will need to reassess risk and examine existing fraud detection and prevention processes against the new statutory guidance, when published, as well as fully documenting that process.
If the guidance is similar to that produced for the failure to prevent bribery and facilitation of tax evasion offences, companies will need to ensure:
- top-level commitment to preventing fraud
- that risks have been assessed and are kept under review
- that policies and procedures are in place and supported by appropriate training on fraud prevention issues
- that reasonable financial, commercial and accounting controls are in place to prevent fraud
- that conflicts of interest are avoided and internal functions are appropriately separated
- that appropriate enforcement mechanisms are in place, for example, through contracts of employment for employees and through general contractual terms for third parties
- that whistle-blowing procedures are adapted or adopted that cover fraud
- that anti-fraud measures are periodically monitored, reviewed and evaluated.
The Government’s Impact Assessment, when estimating set-up costs to business, assumes that for the largest organisations there will be a core team of five personnel working full-time who are managed by a project director devoting 20% of their time to the project. For the smallest companies it is assumed that one person carries out the work, reporting to the owner or chief executive. The requirement for top level commitment will mean that resource will be expected at the most senior levels too.
Looking ahead - enforcement
Examples given by those calling for reform during the various consultation processes have largely focussed on frauds causing loss to many, such as public procurement fraud (fraud on tax payers) or fraudulent statements to markets (fraud on investors). While the offence would catch lesser frauds too, it is not unreasonable to expect enforcement authorities to be focused on these types of misconduct. Enforcement will of course depend on resources.
Changes to the identification principle
The Act also makes significant changes to the way criminal liability for economic crimes more generally is attributed to a company via the conduct of a senior manager. Our separate blog post discusses the change and what it means for businesses.