Corporate liability for failure to prevent fraud

Corporate liability for failure to prevent fraud

Bill Dixon, a Partner in our Dispute Resolution & Litigation team, gives an update on implementation of the new criminal offence of failing to prevent fraud following the general election

The recent Economic Crime and Corporate Transparency Act 2023 created a new offence for organisations: the criminal offence of failing to prevent fraud.

Essentially (as with the similar existing offences of failure to prevent bribery and failure to prevent facilitation of tax evasion) the onus will be on a corporate defendant to show that reasonable fraud prevention procedures are in place. Government guidance on recommended procedures had been expected in the early summer of 2024 but the snap general election has delayed full implementation of this part of the Act to an unknown date – potentially later this year or early 2025.

Main features of the offence are:

  • Organisations may be liable where a range of offences are committed including offences under the Fraud Act 2006, the Theft Act 1968 (including false accounting) and the Companies Act 2006.
  • Only large organisations are covered – those that meet 2 of the following 3 criteria: turnover of more than £36m; total assets of more than £18m; and/or an average of more than 250 employees.
  • Organisations can be liable not just for acts by their own employees but also “associated persons”. This could potentially include suppliers, agents, consultants, contractors and joint venture parties.
  • If a fraud is committed in breach of UK law or targeting UK victims then (provided there is a sufficient UK nexus) there could be liability even if the organisation or individual committing the fraud is overseas.
  • Organisations will not be liable however if the fraud is directed at the organisation itself.

Although at first sight the offence only applies to “large” organisations, it is inevitable that even smaller companies may find that their customers or business partners raise questions about their own internal fraud prevention procedures.

Full guidance is still awaited. Good practice for organisations is likely to include ensuring senior level responsibility for fraud prevention and a focus on a risk assessment depending on the particular circumstances of the organisation concerned.