The New Era of Corporate Accountability: What You Need to Know About the Failure to Prevent Fraud

The UK Government’s introduction of the "Failure to Prevent Fraud" offence under the Economic Crime and Corporate Transparency Act 2023 marks a significant milestone in the fight against corporate fraud. This new offence places a legal obligation on large organizations to actively prevent fraud by their employees, agents, or subsidiaries when such fraud is intended to benefit the organization or its clients. Even in cases where senior managers or directors were unaware of the fraudulent activity, the organization can still be held liable.

This legislation is designed to enhance corporate accountability and encourage a proactive approach to fraud prevention. It aims to transform organisational culture, pushing businesses to implement robust anti-fraud measures. The new offence not only strengthens the UK’s stance against economic crime but also serves as a global example of how businesses can be held responsible for the actions of their associated persons.

Why Does This Matter?

Fraud has become a growing concern across sectors, undermining trust and damaging both financial stability and reputational integrity. Under this new law, organisations that fail to prevent fraudulent acts could face substantial penalties, including unlimited fines. Beyond the financial repercussions, the damage to an organisation’s reputation could be severe, resulting in lost business opportunities and diminished stakeholder confidence. This offence provides a legal framework to hold companies accountable for creating an environment that allows fraudulent activities to occur.

The scope of this legislation primarily targets large organisations, defined as those meeting at least two of the following criteria: more than 250 employees, annual turnover exceeding £36 million, or total assets above £18 million. However, smaller organisations are not entirely exempt; the guidance encourages all businesses to adopt similar preventive measures to protect themselves and their stakeholders.

The Defence: Demonstrating Reasonable Fraud Prevention

Organisations can avoid prosecution by demonstrating that they had reasonable fraud prevention procedures in place at the time of the offence. What constitutes “reasonable” depends on the organisation’s specific risk profile, but the guidance emphasises six key principles.

Top-level commitment is paramount, with senior leaders expected to set the tone by promoting a zero-tolerance approach to fraud. This involves more than just issuing policies; leaders must actively foster a culture of integrity, allocate resources for anti-fraud initiatives, and ensure that staff at all levels understand their role in fraud prevention. A proactive leadership stance sends a clear message that fraud will not be tolerated, even if it means short-term business losses or operational delays.

Comprehensive risk assessment is another cornerstone of an effective fraud prevention framework. Organisations must identify areas where fraud risks are highest, considering factors such as high-risk roles, operational pressures, and emerging technologies that could open new avenues for fraud. Risk assessments should be dynamic and regularly updated to reflect changes in the business environment, ensuring that preventive measures remain relevant and effective.

Fraud prevention measures should be proportionate to the identified risks. For example, organisations should implement stringent internal controls, such as transaction monitoring and segregation of duties, in areas with high fraud exposure. Contracts with third parties should include clear anti-fraud clauses, and the performance of these third parties should be monitored continuously. In some cases, it may be reasonable not to introduce specific measures, but such decisions must be well-documented and regularly reviewed to ensure they remain justified.

Due diligence is critical when engaging with associated persons, including employees, agents, and contractors. Organisations should conduct thorough background checks and leverage technology to assess the risk profiles of these individuals or entities. This process helps mitigate risks by ensuring that those who perform services on behalf of the organisation adhere to its ethical and operational standards.

Effective communication and training are essential for embedding a culture of fraud prevention. Employees at all levels should receive tailored training that highlights their responsibilities and the consequences of engaging in fraudulent behaviour. Regularly communicating the organisation’s anti-fraud stance reinforces the importance of integrity and accountability in everyday operations.

Continuous monitoring and review of fraud prevention measures ensure that they remain effective. Organisations should regularly test their controls, either internally or through third-party audits, to identify gaps and areas for improvement. This iterative process helps build a resilient framework capable of adapting to new challenges and threats.

Examples of Fraud in Scope

The guidance provides several illustrative examples to help organisations understand the types of fraud covered under the new offence. One scenario involves a payroll department head diverting pension funds to internal projects while falsifying records to show compliance. Another example is an accounting team inflating profits to attract investors. Even if these fraudulent acts are discovered before they achieve their intended outcomes, the organisation can still be prosecuted if it failed to implement reasonable preventive measures.

Similarly, a company promoting investments in a "sustainable" timber business with fabricated environmental credentials would fall under this offence. If employees knowingly used false information to secure investments, both the individuals and the organisation could be held liable, highlighting the importance of thorough due diligence and oversight in high-risk areas.

Preparing for Compliance

Organisations have a nine-month implementation period to align their fraud prevention frameworks with the new requirements. This provides a crucial window to review existing policies, conduct risk assessments, and implement or enhance preventive measures. Legal and compliance teams should work closely to ensure the organisation meets its obligations under the new law.

This is also an opportunity to invest in technology and training that can bolster fraud detection and prevention. Leveraging data analytics, for example, can help organisations identify patterns and anomalies indicative of fraudulent behaviour. Training programs should be updated to reflect the latest risks and regulatory requirements, ensuring that employees are well-equipped to recognise and report potential fraud.

The "Failure to Prevent Fraud" offence represents a paradigm shift in corporate accountability. It underscores the importance of proactive fraud prevention and the need for organisations to foster a culture of integrity and transparency. By implementing robust preventive measures, businesses not only comply with legal requirements but also strengthen their operational resilience and stakeholder trust.

As we navigate this new regulatory landscape, the question for organisations is not just whether they are compliant, but whether they are prepared to lead by example in the fight against fraud. What steps is your organisation taking to align with these new requirements? Share your insights and join the conversation!