Failure-to-Prevent-Fraud Offense: UK Government Publishes Guidance on Required Policies

The Offense 

Pursuant to s. 199 of ECCTA, a "large" organization can be found liable for an offense where an associated person commits a fraud offense intending to benefit the relevant body or any person to whom, or to whose subsidiary undertaking, the associated person provides services for on behalf of the relevant body (the "Offense"). 

An "associated person" includes employees, agents, subsidiary undertakings, or any other person who performs services for or on behalf of the organization. The term is not limited by the nature of the relationship or any contract but depends on the relevant factual circumstances and the capacity in which the person was acting.  

For an organization to commit an Offense, the fraud must have been committed for the benefit of the organization, even though that may not be the primary driver (e.g., where a salesperson commits fraud to increase his commission, that could still be seen as being for the benefit of the organization due to the increased sales that would result). The aim can be financial or nonfinancial (e.g., conduct that disadvantages a competitor) and does not have to be successfully realized for liability to attach.  

Helpfully, following consultation, the Government has agreed that an organization will not be liable where it is itself the victim, or the intended victim, of the underlying offense.  

The Offense covers a range of primary fraud offenses under UK law, including fraud by false representation, fraud by abuse of position, and cheating the public revenue, with the full list of primary offenses set out at Schedule 13 of ECCTA. Aiding and abetting of primary offenses will also be captured by the Offense.  

It should be noted that, with such a broad range of primary offenses covered, offending conduct may take many forms, including those not immediately obvious, such as misleading green claims or "greenwashing." 

The Offense does not extend to individual liability for persons within the organization who may have failed to prevent the fraud, but they may still be prosecuted for the underlying fraud or for complicity in it.  

Relevant Organizations 

"Large" Organizations. The Offense applies only to organizations designated as "large," which are defined as those organizations that meet at least two of the following three criteria:  

• More than 250 employees;
• More than £36 million turnover; and/or
• More than £18 million in total assets.  

These conditions apply to the financial year of the organization that precedes the year of the primary fraud offense. The criteria apply to the whole organizational group, including subsidiaries, regardless of where they are located or incorporated.  

Subsidiaries. A subsidiary of a large organization is an associated person for the purposes of the Offense, and can commit fraud corporately (i.e., be found liable for a fraud offense directly under English law principles of corporate liability) or through its employees. A parent organization can be liable for the Offense where its subsidiary commits fraud intending to benefit the parent organization or its clients. Sister entities may also, depending on the fact pattern, count as associated persons.  

A subsidiary of a large organization that is not itself a large organization can also be liable for the Offense if its employee commits fraud intending to benefit the subsidiary. The parent organization is not responsible for frauds committed by the subsidiary that are not intended to benefit the parent organization or its clients. 

Extraterritoriality. The Offense applies only where the associated person commits a primary fraud offense under UK law (i.e., where the fraudulent act takes place in, or the gain or loss occurs in, the United Kingdom). Non-UK domiciled organizations may be liable for the Offense provided the primary offending conduct has a UK nexus (e.g., if it involves the defrauding of UK-based victims).  

The Offense does not apply to UK organizations whose overseas employees or group companies commit fraud abroad with no UK nexus, with such matters instead being subject to relevant local laws.  

The Defense 

It is a defense to the Offense where an organization can demonstrate that: 

• The organization has in place such prevention procedures as were reasonable in all the circumstances to expect the organization to have in place; or
• It was not reasonable in all the circumstances to expect the body to have any prevention procedures in place.  

The Guidance is nonprescriptive on what constitutes "reasonable procedures." Rather, it focuses on six principles: 

• Top-level commitment;
• Risk assessment;
• Proportionate risk-based prevention procedures;
• Due diligence;
• Communication; and
• Monitoring and review. 

These principles mirror those set out in respect of similar offenses under the United Kingdom's Bribery Act 2010 and Criminal Finances Act 2017, and they are intended to be flexible and outcome-focused, and to reflect good practice in fraud prevention. 

Of particular note—and with significantly more emphasis than in the Government's previous guidance—is the importance given to whistleblowing, with the Guidance quoting Transparency International's statement that "whistleblowing is one of the most effective ways to uncover corruption, fraud, mismanagement and other wrongdoing." The focus on whistleblowing reflects Director Ephgrave's well-publicized lobbying of the Government to reform UK whistleblowing legislation to provide for U.S.-style incentivization in certain circumstances. 

While some organizations already may have fraud-prevention procedures in place, either as part of their existing compliance systems or in response to sector-specific guidance, the Guidance encourages organizations to review these procedures to assess their adequacy with respect to the risk of frauds covered by the Offense.