In a significant move to combat corporate fraud, the UK government has introduced a new "failure to prevent fraud" offence as part of the Economic Crime and Corporate Transparency Act 2023 (ECCTA).
This landmark legislation aims to hold large organisations accountable for fraudulent activities committed by their employees, associates, and third parties. On 6 November, 2024, the government published crucial guidance on this new offence, providing organisations with a roadmap to ensure compliance and avoid potential criminal liability.
Read Now - Download the Guide
What is the Failure to Prevent Fraud Offence?
The failure to prevent fraud offence holds large organisations liable if they fail to prevent fraud committed by their employees, agents, subsidiaries, or other associated persons, when the fraud is intended to benefit the organisation. This new offence builds upon similar laws and regulations related to bribery and tax evasion, expanding the scope of corporate criminal liability in the United Kingdom.
Under this offence, organisations can be held criminally liable even if senior management was unaware of the fraudulent activity. The key aspect of this legislation is that it places the onus on organisations to proactively implement measures to prevent fraud, rather than merely reacting to incidents after they occur.
In-Scope Companies
The failure to prevent fraud offence applies to a wide range of organisations, including:
- Large incorporated bodies
- Large subsidiaries
- Large partnerships
- Large incorporated not-for-profit organisations (e.g., charities)
- Incorporated public bodies
To be considered "large" and fall within the scope of this offence, an organisation must meet at least two of the following criteria:
- More than 250 employees
- More than £36 million in turnover
- More than £18 million in total assets
It's important to note that the offence has extraterritorial reach, meaning it can apply to non-UK entities that fail to prevent fraud within the UK.
Timeline for Implementation
The failure to prevent fraud offence will come into force on 1 September, 2025. This implementation date is a crucial window from now to review, enhance, and implement their fraud prevention procedures.
While this may seem like ample time, organisations should not underestimate the complexity of developing and implementing comprehensive fraud prevention strategies. Large businesses, especially, with numerous stakeholders, complex operations, and third-party ecosystems, should begin preparing early.
The Six Key Pillars of a Risk-Based Fraud Prevention Strategy
The government guidance outlines six key principles that should form the foundation of an organisation's fraud prevention strategy. These principles are designed to help develop "reasonable fraud prevention procedures" – a critical defense against potential prosecution under the new offence.
1. Top-Level Commitment
The guidance emphasises the crucial role of senior management in setting an anti-fraud culture within the organisation. This commitment should be demonstrated through:
- Clear communication of anti-fraud policies
- Establishment of robust governance processes
- Implementation of comprehensive training programmes
- Leading by example
- Fostering an open culture that supports whistleblowing
Organisations should ensure that their leadership takes verifiable steps to instill processes and culture that promote anti-fraud measures.
2. Risk Assessment
A thorough and ongoing risk assessment forms the cornerstone of an effective fraud prevention strategy. Organisations should:
- Integrate fraud risk into their overall risk identification, assessment, and management strategy
- Conduct fraud-specific risk assessments for suppliers
- Recognise risks that could emerge in emergency scenarios
- Consider how each underlying offence might appear in practice
- Involve key risk owners from various departments (Finance, Sales, etc.) in the assessment process
The guidance suggests approaching risk assessments through a "fraud triangle" that examines the opportunity, motive, and rationale of associated persons to commit fraud.
3. Proportionate Risk-Based Prevention Procedures
Organisations must develop and implement fraud prevention procedures that are proportionate to the identified risks and their potential impact. These procedures should be:
- Clear and practical
- Easily accessible to all relevant parties
- Effectively implemented and enforced
- Regularly reviewed and updated to address emerging risks
The guidance emphasises that a one-size-fits-all approach is not appropriate. Instead, teams should tailor their prevention procedures to their specific risk profile and operational context.
4. Due Diligence
Effective due diligence procedures are crucial for managing fraud risks associated with individuals and entities that perform services on behalf of the organisation, such as third parties.
The guidance recommends:
- Implementing best practices in due diligence processes
- Utilising screening tools and third-party risk management technology
- Conducting thorough contract reviews
- Monitoring staff for higher fraud risk factors
Organisations should pay particular attention to due diligence procedures for high-risk areas and transactions.
5. Communication and Training
For fraud prevention measures to be effective, they must be clearly communicated and understood throughout the organisation and by relevant third parties. Key points of this principle include:
- Developing comprehensive communication strategies
- Implementing regular and targeted training programmes
- Ensuring policies and procedures are easily accessible and understood
- Placing special emphasis on publicising whistleblowing policies
Organisations should strive to create a culture where fraud prevention is seen as everyone's responsibility, and employees feel empowered to report concerns.
6. Monitoring and Review
The final principle is centered around the ongoing evaluation and improvement of fraud prevention measures. Organisations should:
- Implement systems for detecting fraud and attempted fraud
- Conduct thorough investigations when issues arise
- Regularly monitor the effectiveness of fraud prevention measures
- Review and update the fraud risk management programme to account for changes in circumstances, operating environments, and emerging risks
This principle underscores the importance of treating fraud prevention as an ongoing process rather than a one-and-done exercise.
Next Steps for Organisations
The introduction of the failure to prevent fraud offence represents a significant shift in corporate criminal liability in the UK.
Key steps for organisations to consider include:
- Conducting a comprehensive risk assessment to identify fraud risks specific to their business and sector
- Ensuring proper whistleblowing tools and processes are in place, promoting a speak-up culture
- Implementing strong communication and training programmes to embed anti-fraud practices across the company
- Ensuring appropriate due diligence and TPRM measures are in palace to identify and manage fraud associated with third parties
- Gaining top-level commitment and allocating appropriate resources to fraud prevention efforts
- Regularly reviewing and updating fraud prevention measures to address evolving risks and regulatory requirements
While the guidance provides a framework for developing fraud prevention procedures, it's important to note that strict compliance with its terms will not necessarily provide a guarantee against prosecution. Organisations must demonstrate that their procedures are reasonable and proportionate to their specific risks and circumstances.
GAN Integrity's Solutions Are Here to Help
GAN Integrity offers comprehensive solutions that can help organisations understand and prepare for guidance that could affect your programmes going forward. Our Third-Party Risk Management solution provides centralised data integration, advanced analytics, and real-time monitoring capabilities, which are crucial for effective risk assessment and due diligence processes.
The compliance platform's customisable workflows and scalable solutions address the need for proportionate risk-based prevention procedures, allowing organisations to tailor their fraud prevention measures to their specific risk profile.
Additionally, our comprehensive reporting and documentation capabilities support the need for monitoring by maintaining a complete audit trail and providing detailed reporting to demonstrate compliance to stakeholders and regulators.
By leveraging GAN Integrity's solutions, organisations can strengthen their fraud prevention strategies, enhance their compliance programmes, and better position themselves to meet the requirements of the new failure to prevent fraud offence. Speak with one of our experts today.
Jason Taitz is a Client Director at GAN Integrity. As a trusted advisor, he helps some of the world’s largest companies enhance their compliance processes using best-in-class technology. Jason has spent most of his career partnering with compliance and legal executives to solve complex challenges, and he works to contribute to a mission that promotes ethics and integrity on a global scale. Jason lives in the United Kingdom with his family.