On 6 November 2024, the Government published its Guidance to organisations on the offence of failure to prevent fraud, providing detail on how the offence is to operate and how companies can put in place “reasonable” fraud prevention policies and procedures. Companies now have 10 months to implement these changes, with the offence coming into force on 1 September 2025.
Read the full guidance on the government’s website.
By way of reminder, in general terms, for organisations in scope (large organisations, as defined in the Act, across all sectors) to be found liable under the new “failure to prevent fraud” offence, there must be:
- a specified fraud offence
- committed by an “associated person”
- which is committed with the intention of benefiting the relevant body (i.e. the large organisation) or its clients, in circumstances where that organisation does not have reasonable fraud prevention procedures in place.
We do not discuss here all of the points raised in the Guidance but note a few pertinent points that the Guidance clarifies.
Reasonable procedures
The question of whether a relevant organisation had reasonable procedures in place is a matter that can only be resolved by the courts, judged on the balance of probabilities, taking into account the particular facts and circumstances of the case. The onus falls on the organisation to prove it had reasonable procedures.
The Guidance sets out a framework for what reasonable fraud prevention procedures should look like, which reflects that in respect of other corporate economic crime offences including the failure of relevant commercial organisations to prevent bribery and the failure of relevant commercial organisation to prevent the facilitation of tax evasion.
The procedures should be informed by the following six principles:
- Top level commitment
- Risk assessment
- Proportionate risk-based prevention procedures
- Due diligence
- Communication (including training)
- Monitoring and review
Detail on these principles, plus a range of examples, are set out in Chapter 3 of the Guidance.
Departure from the suggested procedures contained within the Guidance will not automatically mean that the organisation did not have reasonable fraud prevention procedures in place. Equally, the Guidance is not intended to provide a safe harbour: “even strict compliance with the guidance will not necessarily amount to having reasonable procedures where the relevant body faces particular risks arising from the unique facts of its own business that have not been addressed” (section 1.2).
Territorial scope
The Act is silent on the extra-territorial jurisdictional reach of the new offence but the Guidance states:
“The offence will only apply where the associated person commits a base fraud offence under the law of part of the UK. This requires a UK nexus. By UK nexus, we mean that one of the acts which was part of the underlying fraud took place in the UK, or that that the gain or loss occurred in the UK. If a UK-based employee commits fraud, the employing organisation could be prosecuted, wherever it is based. If an employee or associated person of an overseas-based organisation commits fraud in the UK, or targeting victims in the UK, the organisation could be prosecuted” (section 2.5).
Intention
The “intending to benefit” aspect is key to the offence. (section 2.4)
“An organisation does not need to actually receive any benefit for the offence to apply – since the fraud offence can be complete before any gain is received.”
This intention is judged according to the position of the associated person at the time they commit the fraud offence, and the intention does not have to be the sole or dominant motivation for the fraud and the benefit can be financial or non-financial.
Prosecution
The organisation can be prosecuted “even if the associated person is prosecuted for an alternative offence or is not prosecuted at all” (section 2.2). Conviction of an associated person can be used in evidence in proceedings against the organisation but if the associated person is not prosecuted, “then the prosecution must prove, to a criminal standard, that the associated person did commit the base fraud offence before the organisation can be convicted of failure to prevent fraud.”
Cooperation
In line with what we have seen in concluded Deferred Prosecution Agreements to date, the Guidance notes the importance of systems and controls in detecting matters to self-report and that “The organisation’s willingness to co-operate with an investigation under the Economic Crime and Corporate Transparency Act and to make a full disclosure will also be taken into account in any decision as to whether it is appropriate to commence criminal proceedings and if so, which type of proceedings (for example, a prosecution or a deferred prosecution arrangement)” (section 2.7.1).
Professional advisers
The Act states that “associated persons” includes a person who otherwise performs services for or on behalf of an organisation (does not include the providing of goods). It had been thought that this might pull in external professional advisers to the organisation, but the Guidance confirms:
“providing services for or on behalf of the relevant body” does not include providing services to the relevant body. Thus, persons providing services to an organisation (for example, external lawyers, valuers, accountants or engineers) are not acting “for or on behalf” of the organisation. This means they would not be associated persons for the purposes of the offence” (section 2.3).
Click here to visit our Fraud & White-Collar Crime page