Insights

PUB  Failure to prevent fraud offence_ UK Govern

Failure-to-Prevent-Fraud Offense: UK Government Publishes Guidance on Required Policies

In Short­

The Situation: The UK Government has published much-anticipated guidance (the "Guidance­") on the new corporate offense of failure to prevent fraud (introduced under the Economic Crime and Corporate Transparency Act 2023 ("ECCTA")), which is scheduled to come into force on September 1, 2025.  

The Result: Large organizations (including corporates and partnerships) may be found liable for fraud offenses committed by their employees, agents, subsidiaries, or other associated persons, if the fraud was intended to benefit the organization or its clients. The offense will apply to frauds committed in the United Kingdom or involving UK victims, and is punishable by potentially unlimited fines on conviction.  

Looking Ahead: UK Serious Fraud Office ("SFO") Director Nick Ephgrave remarked that "time is now running short for corporations to get their house in order." Relevant organizations have until September 1, 2025, to put in place reasonable fraud prevention procedures, the effective implementation of which may serve as a defense against any prosecution under the new offense.

The Offense 

Pursuant to s. 199 of ECCTA, a "large" organization can be found liable for an offense where an associated person commits a fraud offense intending to benefit the relevant body or any person to whom, or to whose subsidiary undertaking, the associated person provides services for on behalf of the relevant body (the "Offense"). 

An "associated person" includes employees, agents, subsidiary undertakings, or any other person who performs services for or on behalf of the organization. The term is not limited by the nature of the relationship or any contract but depends on the relevant factual circumstances and the capacity in which the person was acting.  

For an organization to commit an Offense, the fraud must have been committed for the benefit of the organization, even though that may not be the primary driver (e.g., where a salesperson commits fraud to increase his commission, that could still be seen as being for the benefit of the organization due to the increased sales that would result). The aim can be financial or nonfinancial (e.g., conduct that disadvantages a competitor) and does not have to be successfully realized for liability to attach.  

Helpfully, following consultation, the Government has agreed that an organization will not be liable where it is itself the victim, or the intended victim, of the underlying offense.  

The Offense covers a range of primary fraud offenses under UK law, including fraud by false representation, fraud by abuse of position, and cheating the public revenue, with the full list of primary offenses set out at Schedule 13 of ECCTA. Aiding and abetting of primary offenses will also be captured by the Offense.  

It should be noted that, with such a broad range of primary offenses covered, offending conduct may take many forms, including those not immediately obvious, such as misleading green claims or "greenwashing." 

The Offense does not extend to individual liability for persons within the organization who may have failed to prevent the fraud, but they may still be prosecuted for the underlying fraud or for complicity in it.  

Relevant Organizations 

"Large" Organizations. The Offense applies only to organizations designated as "large," which are defined as those organizations that meet at least two of the following three criteria:  

  • More than 250 employees;
  • More than £36 million turnover; and/or
  • More than £18 million in total assets.  

These conditions apply to the financial year of the organization that precedes the year of the primary fraud offense. The criteria apply to the whole organizational group, including subsidiaries, regardless of where they are located or incorporated.  

Subsidiaries. A subsidiary of a large organization is an associated person for the purposes of the Offense, and can commit fraud corporately (i.e., be found liable for a fraud offense directly under English law principles of corporate liability) or through its employees. A parent organization can be liable for the Offense where its subsidiary commits fraud intending to benefit the parent organization or its clients. Sister entities may also, depending on the fact pattern, count as associated persons.  

A subsidiary of a large organization that is not itself a large organization can also be liable for the Offense if its employee commits fraud intending to benefit the subsidiary. The parent organization is not responsible for frauds committed by the subsidiary that are not intended to benefit the parent organization or its clients. 

Extraterritoriality. The Offense applies only where the associated person commits a primary fraud offense under UK law (i.e., where the fraudulent act takes place in, or the gain or loss occurs in, the United Kingdom). Non-UK domiciled organizations may be liable for the Offense provided the primary offending conduct has a UK nexus (e.g., if it involves the defrauding of UK-based victims).  

The Offense does not apply to UK organizations whose overseas employees or group companies commit fraud abroad with no UK nexus, with such matters instead being subject to relevant local laws.  

The Defense 

It is a defense to the Offense where an organization can demonstrate that: 

  • The organization has in place such prevention procedures as were reasonable in all the circumstances to expect the organization to have in place; or
  • It was not reasonable in all the circumstances to expect the body to have any prevention procedures in place.  

The Guidance is nonprescriptive on what constitutes "reasonable procedures." Rather, it focuses on six principles: 

  • Top-level commitment;
  • Risk assessment;
  • Proportionate risk-based prevention procedures;
  • Due diligence;
  • Communication; and
  • Monitoring and review. 

These principles mirror those set out in respect of similar offenses under the United Kingdom's Bribery Act 2010 and Criminal Finances Act 2017, and they are intended to be flexible and outcome-focused, and to reflect good practice in fraud prevention. 

Of particular note—and with significantly more emphasis than in the Government's previous guidance—is the importance given to whistleblowing, with the Guidance quoting Transparency International's statement that "whistleblowing is one of the most effective ways to uncover corruption, fraud, mismanagement and other wrongdoing." The focus on whistleblowing reflects Director Ephgrave's well-publicized lobbying of the Government to reform UK whistleblowing legislation to provide for U.S.-style incentivization in certain circumstances. 

While some organizations already may have fraud-prevention procedures in place, either as part of their existing compliance systems or in response to sector-specific guidance, the Guidance encourages organizations to review these procedures to assess their adequacy with respect to the risk of frauds covered by the Offense.

Three Key Takeaways 

  1. Under Director Ephgrave's tenure, the SFO has looked to more proactively investigate wrongdoing, a trend that is likely to continue once the Offense comes into force, with Ephgrave previously remarking that the Offense "is the most significant boost to the Serious Fraud Office's ability to investigate and prosecute serious economic crime in over 10 years," and that the SFO is "determined to act swiftly and send a strong signal to companies profiting from malpractice." 
  2. Large organizations selling goods and services to UK-based customers are at risk of being prosecuted for the new failure-to-prevent-fraud offense, whether they have a physical presence in the United Kingdom or not. 
  3. Large organizations and their subsidiaries have until September 1, 2025, to ensure that they have reasonable and proportionate fraud prevention procedures in place if they are to be able to avail themselves of the defense. Multinational organizations operating in the United Kingdom, or at risk of being implicated in fraud against UK-based victims, should ensure that appropriate group-wide policies and procedures are adopted and implemented.
Insights by Jones Day should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request permission to reprint or reuse any of our Insights, please use our “Contact Us” form, which can be found on our website at www.jonesday.com. This Insight is not intended to create, and neither publication nor receipt of it constitutes, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.