Traditionally in UK law, in order to hold a company criminally liable, enforcement authorities must prove wrongdoing by a senior person representing the company’s “controlling mind and will.” Through this “identification principle,” the acts and mental state of this person are then imputed to the company. Establishing corporate criminal liability through the identification principle is a high bar for enforcement agencies, particularly when seeking to prosecute large organizations, because it requires evidence of criminal intent amongst a small number of directors and senior managers who are often insulated from day-to-day business activities where potential wrongdoing may have occurred. The identification principle does not establish an avenue for corporate criminal liability on the basis of misconduct carried out on behalf of the company by lower or mid-level employees or third party representatives.
Instead of adopting the respondeat superior principle applied in US law, the UK Government has sought to reform corporate criminal liability by introducing strict liability, “failure to prevent” offenses, under which companies can be held criminally liable for the misconduct of their employees and third party representatives. To date, in an economic crime context, these “failure to prevent” offenses have been limited to failure to prevent bribery under the UK Bribery Act 2010 (“UKBA”) and failure to prevent criminal facilitation of tax evasion under the Criminal Finances Act 2017. Now, after several years of debate and discussion, and as part of a broad range of proposed reforms aimed at improving transparency and tackling economic crime, the UK Government is poised to introduce a new “failure to prevent fraud” offense through the Economic Crime and Corporate Transparency Bill (the “Bill”).1https://bills.parliament.uk/bills/3339/publications.
II. THE ECONOMIC CRIME AND CORPORATE TRANSPARENCY BILL
The UK Government intends to deliver a set of wide-ranging reforms aimed at, among other things, preventing the misuse and abuse of corporate structures and tackling economic crime such as fraud, money laundering, and terrorist financing. The Bill is currently at the Committee stage in the House of Lords and a variety of “failure to prevent” economic crime offense amendments have been put forward.2See, for example, the amendments proposed by Lord Gardiner on March 16, 2023 - https://bills.parliament.uk/publications/50357/documents/3152#:~:text=%E2%80%9CFailure%20to%20Prevent%20an%20Economic,person%20associated%20with%20(B).
On April 11, 2023, Lord Sharpe of Epsom, Parliamentary Under-Secretary of State in the Home Office, presented an amendment creating a new failure to prevent fraud offence. The Committee is next scheduled to sit to examine the Bill on May 9, 2023. Should the amendment be accepted, the new offense is likely to come into force by the end of 2024.
III. FAILURE TO PREVENT FRAUD OFFENSE
Under the proposed failure to prevent fraud offense, a relevant body is guilty of the offense if it fails to prevent fraud committed by a person associated with the organization where the fraud offense was intended to benefit, directly or indirectly, the organization or any person to whom, or to whose subsidiary, the associated person provides services on the behalf of the organization.
The Home Office’s recent factsheet3UK Home Office Policy Paper, Factsheet: failure to prevent fraud offence, Updated 11 April 2023 https://www.gov.uk/government/publications/economic-crime-and-corporate-transparency-bill-2022-factsheets/factsheet-failure-to-prevent-fraud-offence. confirmed the proposed offense applies to large organizations, including bodies corporate, partnerships, and large not-for-profit organizations / charities. The proposed reforms define a large organization in line with the standard definitions established in the UK Companies Act 2006 (“Companies Act”) as an organization meeting two of the three following criteria:
- having over 250 employees;
- having over £18 million in total assets; and/or
- having more than £36 million in turnover.
The proposed amendment seeks to shield smaller companies from the potentially burdensome and disproportionate requirements of implementing fraud prevention policies and procedures in order to successfully raise a “prevention procedures” defense (see Section IV below).
Furthermore, the UK Government acknowledges that smaller organizations are more likely to be victims of fraud and hopes the amendment will “level the playing field” for smaller businesses which are often victims of fraud by other corporations.4UK Government Factsheet on Failure to Prevent Fraud Offence https://www.gov.uk/government/publications/economic-crime-and-corporate-transparency-bill-2022-factsheets/factsheet-failure-to-prevent-fraud-offence.
Under the current proposal, the failure to prevent fraud offence will apply to a number of primary fraud and false accounting offenses, including:
- False accounting – Section 17, Theft Act 1968 (“Theft Act”);
- False statements by company directors – Section 19, Theft Act;
- Fraudulent trading – Section 993, Companies Act;
- Fraud by false representation – Section 2, Fraud Act 2006 (“Fraud Act”);
- Fraud by failing to disclose information – Section 3, Fraud Act;
- Fraud by abuse of position – Section 4, Fraud Act;
- Participating in fraudulent business carried on by a sole trader – Section 9, Fraud Act; and
- Obtaining services dishonestly – Section 11, Fraud Act.
An organization is also criminally liable if found to be “aiding, abetting, counselling or procuring the commission” of an offence listed above.53274 (parliament.uk) at page 19.
The result is that the scope of the failure to prevent fraud offense is broad and likely to implicate a wide range of activities across businesses. For example:
- A company may be held criminally liable for false accounting if an employee “cooks the books” to conceal a secret slush fund used to pay bribes (similar to the US Foreign Corrupt Practices Act offense for failing to make and keep accurate books and records, which the US Department of Justice or Securities and Exchange Commission can pursue even where they are unable to prove the offense of bribery if they can demonstrate accounting irregularities).
- A company may be held criminally liable for fraudulent trading if a low-level sales employee continues to sell products to customers while knowing that that the company does not have any remaining stock and is insolvent.
- A company may be held criminally liable if a third party sales agent intentionally makes a false representation, for example about the company’s prior experience with similar projects or the company’s compliance with relevant regulatory obligations, to a potential customer in order to secure business for the company it otherwise would not have won and is not in fact capable of providing either at all (due, for example, to the lack of necessary regulatory licenses) or to the level promised (due to a lack of expertise or resource).
The jurisdictional scope of the failure to prevent fraud offense is unclear. Previous proposals, including the Lord Gardiner amendments inserting the Failure to Prevent Economic Crime offenses,6https://bills.parliament.uk/publications/50357/documents/3152#:~:text=%E2%80%9CFailure%20to%20Prevent%20an%20
Economic,person%20associated%20with%20(B). contained specific provisions making it immaterial whether the relevant conduct occurred in the UK or elsewhere. While this wording is not included in the current draft of the failure to prevent fraud offense, the UK Government’s most recent Policy Paper factsheet7UK Home Office Policy Paper, Factsheet: failure to prevent fraud offence, Updated 11 April 2023 https://www.gov.uk/government/publications/economic-crime-and-corporate-transparency-bill-2022-factsheets/factsheet-failure-to-prevent-fraud-offence. has emphasized that if an employee commits fraud in the meaning of UK law, or targets UK-based victims, their employer could be prosecuted, even if the organization (and the employee) are based overseas. It therefore remains to be seen whether the jurisdictional scope of the offense will follow the UKBA, which also allows for extraterritorial jurisdiction over bribery committed abroad on behalf of a UK company (or UK subsidiary of a multinational company).
This new offense will strengthen UK fraud prosecutors’ ability to pursue corporates for the misconduct of their employees and third parties. Lisa Osofsky, the outgoing Director of the Serious Fraud Office (“SFO”), has said that the new offense “would be a game-changer for law enforcement” and will help the agency to “crack down on fraudulent enterprises, compensate their victims and ultimately protect the integrity of [the UK] economy.”
The Bill, in its unamended form, also seeks to expand the SFO pre-investigation stage powers – which currently are limited to cases involving international bribery and corruption – to all SFO cases on the basis that it is no longer justifiable for these enhanced powers to be limited to that specific context.8Economic Crime and Corporate Transparency Bill 2022-23, Progress of the Bill, 20 January 2023 https://researchbriefings.files.parliament.uk/documents/CBP-9625/CBP-9625.pdf. These powers include the ability to compel individuals and companies to provide information pre-investigation, allowing for quicker progress through the early stages of an investigation.
IV. PREVENTION PROCEDURES DEFENSE
The failure to prevent fraud offense includes a “prevention procedures” defense, which allows an organization to avoid criminal liability for failure to prevent fraud if, at the time, the organization had in place reasonable procedures to prevent fraudulent conduct.
Similar to the guidance provided for the failure to prevent bribery offense, the UK Government has flagged that there may be circumstances where it is reasonable to have no fraud prevention procedures in place where the risk is extremely low.9https://www.gov.uk/government/publications/economic-crime-and-corporate-transparency-bill-2022-factsheets/factsheet-failure-to-prevent-fraud-offence#which-organisations-will-be-in-scope. The UK Government will publish more fulsome guidance on what constitute reasonable procedures before the new offense comes into force. Ultimately, the courts will decide what constitutes a “reasonable” procedure for the purpose of this defense.
In the absence of government guidance or court rulings, the contours of the “adequate procedures” defense under the UKBA and the defense of “reasonable procedures” under the Criminal Finances Act of 201710https://www.legislation.gov.uk/ukpga/2017/22/part/3/enacted. are instructive. Courts will likely look beyond a “single instance of carelessness” if it can be shown a robust management system to prevent fraud was in place.11The Law Commission Report on Reforming Bribery, 19 November 2008. https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2015/04/lc313.pdf. In addressing the “adequate procedures” defense in relation to bribery, the courts have advised directing a jury to take the “surrounding circumstances into account.12The Bribery Act 2010: post legislative scrutiny, HL Paper 303 Paragraph 210. https://publications.parliament.uk/pa/ld201719/ldselect/ldbribact/303/303.pdf. The size and complexity of an organization is likely to be a factor in assessing whether its procedures were sufficiently sophisticated and comprehensive. Courts will also likely look to whether the organization’s procedures are tailored to the specific risks the organization faces, including whether the organization conducts regular fraud risk assessments to identify the most relevant risks.
V. PREPARING FOR 2024
While the Bill continues to make its way through Parliament on its journey to Royal Assent, large organizations in the UK, and foreign companies with subsidiaries or significant business operations in the UK, should prepare themselves for the likelihood that a failure to prevent fraud offense will come into force in 2024. New corporate offences inevitably bring about an increased compliance burden – particularly for companies in high risk, cross-border and/or regulated sectors. We recommend:
- Reviewing existing risk assessments, policies, and procedures the organization has in place to prevent and manage the risk of fraud.
- Carrying out periodic fraud risk assessments in order to identify and analyze the organization’s current exposure.
- Building fraud detection and prevention procedures into due diligence processes carried out in relation to contracts, clients, and transactions. Note that third party intermediaries who act on an organization’s behalf, particularly in overseas jurisdictions, are a high-risk area for most companies. Other third party suppliers, such as service providers or contractors, also present significant risks.
- Ensuring inclusion of appropriate fraud / compliance with laws clauses in any company contract templates and ensuring that all contracts with service providers cascade relevant contractual provisions in a manner designed to create appropriate “prevention procedures” at the level of the service provider.
- Drafting and implementing new, or reviewing and updating existing, internal anti-fraud policies and procedures, as well as any applicable outward-facing policies and procedures that apply to third parties, such as a supplier code of conduct.
- Ensuring that monitoring / audit processes cover fraud and are robust.
- Delivering tailored training to employees and/or third parties that could expose the organization to fraud.
- Conducting regular reviews of the above-mentioned steps.