Legal development

Thought for the Week - Succeed by (preventing) fraud 

Thought for the Week: Succeed by (preventing) fraud

    When Sophocles coined the phrase "rather fail with honour than succeed by fraud" he was obviously not looking ahead to the new 'failure to prevent fraud' offence contained in the Economic Crime and Corporate Transparency Act, which received Royal Assent on 26 October 2023 (the Act). In a neat twist of Greek wisdom, to fail to prevent fraud is not honourable and to succeed by anti-fraud controls is the goal.

    As the Act is likely to come into force in the early part of 2024, firms should begin to prepare now. We have set out a summary of the key points, main practical steps firms should consider and a few takeaways below. For a full summary of the new offence, see our article here.

    Who does it apply to?

    The new failure to prevent fraud offence creates a standalone criminal office by which an organisation can be liable for failing to prevent fraud committed for the benefit of the organisation, by a person associated with the organisation.

    The offence will only apply to "large" organisations - firms that fulfil two or more of the following conditions in a financial year:

    • more than 250 employees;
    • £36 million in sales; or
    • £18 million in assets.

    Defence

    The only defence is for a firm to prove that it had reasonable prevention procedures in place at the time the fraud was committed (or that it was reasonable to have none). Firms across all sectors will need to ensure they can demonstrate that they have robust compliance programmes in place, supported by a strong anti-fraud culture driven by senior management.

    Expanded corporate liability for the criminal acts of senior managers

    The Act contains a new statutory basis for the identification doctrine – the principal basis for attributing liability for the criminal acts of individuals to corporates – which has been limited to those representing the 'directing mind and will' of the company.  The expansion, which will apply to economic crimes including fraud, covers a 'senior manager'.  This is a broad and undefined category of those who play a significant role in decision-making of whole or part of the firm's activities.  

    What steps do firms need to take?

    1. Fraud risk assessment

    Review and reassess your existing fraud risk assessment, starting with an assessment of the broad range of potentially complex fraud offences that are covered in the legislation and how they might occur within the business. Focus on identifying indicators of fraud which benefits the firm, as well as behavioural triggers (financial pressure, opportunity, rationalisation to commit fraud) and map examples of what the fraud offences could look like across different business lines or products.

    2. Uplift existing Systems and Controls

    Existing systems and controls to prevent financial crime will need to be revisited.  The new offence bites on the same  'associated person' population as the Bribery Act.  Existing ABC procedures can be adapted and augmented to mitigate the risks associated with the new offence. Anti-fraud prevention procedures should be proportionate to the size of the firm and informed by the risks identified in the fraud risk assessment. Procedures must be supported by appropriate training on fraud prevention issues and include appropriate escalation and investigation measures in the event of a breach. 

    3. Ongoing monitoring and review

    Monitoring and review of the effectiveness of controls is key to demonstrating reasonable prevention procedures. Consider how effective existing controls are for identifying and managing fraud risk and whether improvements can be made, alongside the incorporation of the new offence. Bear in mind recent or planned changes to the risk profile of the business – for example new geographies, products or markets. 

    Key takeaways

    • It is important that the Board and relevant committees are fully apprised of the new offence and kept up to date on prevention procedures. Demonstrating a clear commitment from top-level management will form a key part of any defence.
    • Firms should note that there is no clear read-across from the 'senior manager' whose criminal acts may create liability for the firm, to the 'Senior Manager' population who fall under the FCA's Senior Managers and Certification Regime. Mapping those potentially accountable for the offence will be important and firms should be aware this mapping may change depending on the business area and transaction.
    • Firms are used to being vigilant about fraud that might occur against them. However, they will need to recalibrate their focus towards preventing fraud where the bank is the beneficiary. This will necessitate consideration of different fraud typologies and engagement with a broader range of stakeholders.

    Authors: Ruby Hamid, Matthew Russell, and Neil Donovan 

    Ashurst Investigations Focus Series 2023

    As part of our annual Investigations Focus series, we are hosting the Spotlight on fraud event at our London office on 15 November, 08:30-10:00 at our London office (Fruit & Wool Exchange, 1 Duval Square, London E1 6PW) please do join us. Register and view the full series here.

    We have an expert panel of Ashurst Legal and Ashurst Risk Advisory specialists sharing their thinking on:

    • Investigation risk arising from the new failure to prevent fraud offence.
    • Priorities for Boards and senior managers in identifying fraud risk and meeting the new requirements
    • Leaning on your organisation's existing financial controls to begin the process of preparing reasonable – and proportionate prevention procedures. The article has now been approved, so if you could also have one of your team press publish.

    This is a joint publication from Ashurst LLP and Ashurst Risk Advisory LLP, which are part of the Ashurst Group.

    The Ashurst Group comprises Ashurst LLP, Ashurst Australia and their respective affiliates (including independent local partnerships, companies or other entities) which are authorised to use the name "Ashurst" or describe themselves as being affiliated with Ashurst. Some members of the Ashurst Group are limited liability entities.

    Ashurst Risk Advisory LLP is a limited liability partnership registered in England and Wales under number OC442883 and is part of the Ashurst Group. Ashurst Risk Advisory LLP services do not constitute legal services or legal advice, and are not provided by qualified legal practitioners acting in that capacity. Ashurst Risk Advisory LLP is not regulated by the Solicitors Regulation Authority of England and Wales. The laws and regulations which govern the provision of legal services in other jurisdictions do not apply to the provision of risk advisory services. For more information about the Ashurst Group, which Ashurst Group entity operates in a particular country and the services offered, please visit www.ashurst.com.

    The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
    Readers should take legal advice before applying it to specific issues or transactions.