Article

New UK guidance on failure to prevent fraud - what does it tell businesses about how the offence will apply?

Published Date
Nov 25 2024

The UK Government has finally published its official guidance on the corporate criminal offence of failure to prevent fraud (the Guidance). The offence will come into force on September 1, 2025.  By then, businesses that fall within scope should have undertaken comprehensive risk assessments and implemented any necessary changes to demonstrate that they have 'reasonable procedures' in place to prevent fraud.

Failure to do so could result in criminal liability for the business if an 'associated person' of the business commits any of the wide range of fraud-related offences in scope with intent to benefit the business or a client. For more detailed information on the businesses in scope and the specifics of the offence, please refer to our previous article on the new failure to prevent fraud offence.

The Guidance has a section summarising the offence, some case studies, and the same six key principles for ‘reasonable procedures’ as guidance on previous failure to prevent type offences: top level commitment, risk assessment, prevention procedures, due diligence, communication, and monitoring and review. But it will feel a bit different, including with unusual cross references to practitioner guidance and U.S. Department of Justice compliance evaluations. No offence specific updates have been proposed to the sentencing guidelines yet.

The Guidance has gone part-way towards addressing some of the initial legal uncertainty. However, there is still considerable ambiguity as to how the offence will be prosecuted if the business does not benefit from the fraud, or where it is a victim of the fraud.

What “intent to benefit” must be shown on the part of the associated person?

The associated person must have intended to benefit, directly or indirectly, the business or a client in order for the offence to have been committed.

As feared, the Guidance states that benefitting the business or a client does not have to be the associated person’s sole or even dominant motivation. It gives the example of a salesperson engaging in mis-selling to increase their own commission but in doing so, it can be “inferred” that they also had an intention to increase the company’s sales, because the benefit to the salesperson is contingent on the benefit to the company.

What is an "indirect" or "non-financial" benefit?

Despite ‘benefit’ not being defined in the offence, the Guidance states that the intended benefit may be financial or non-financial and direct or indirect.

There is very little in the Guidance on ‘indirect benefit’, giving only the example of a fraud intended to confer an 'unfair business advantage'.

The suggestion that the intended benefit can be a non-financial benefit is interesting, given that loss or gain for fraud offences has been traditionally limited to money or other property only. 

The Guidance does not provide any further explanation, referring simply to an “unfair business advantage” and “a fraud that disadvantaged a competitor”. Both those examples are likely to equate to an intent to financially benefit the business directly or indirectly in any event. It is difficult to think of an example of a fraud committed by an associated person with intent to give a non-financial benefit to an organisation. However, given the base offences do not include ‘non-financial’ benefits this is perhaps a stretch by the Guidance.

What if the benefit to the business is minimal, when compared to the benefit to the fraudster?

The Guidance explicitly states that there is no minimum threshold for organisations, but that prosecutors will apply a public interest test before deciding to prosecute. They are referring here to the two stage test (evidential and public interest) under the Code for Crown Prosecutors that prosecutors (including private prosecutors) are required to apply when assessing whether to pursue any prosecution, so this does not give much away.

The ‘victim’ defence remains disappointing in scope

The ‘victim defence’ only applies where the fraud was carried out with intent to benefit the business’s clients and the business is a victim or intended victim of the fraud. The Guidance clarifies that intent is important here and that an organisation would not be considered a 'victim' merely because it suffered indirect harm in these circumstances, such as reputational damage, as a result of the fraud by the associated person.

Extra-territorial scope of the failure to prevent fraud offence 

The failure to prevent fraud offence applies to all large UK and non-UK businesses and their subsidiaries, provided the underlying misconduct is caught by one of the listed fraud offences. The failure to prevent fraud offence therefore differs from the s7 Bribery Act failure to prevent bribery offence, which only applies to a non-UK business if it carries out at least part of its business in the UK. 

The complexities of how the different underlying fraud offences apply extraterritorially means that clear guidance for multinationals is extremely important. It is not always easy imposing ‘home rules’ on overseas operations. Businesses need to be able to point to this government guidance to help justify revised policies overseas. In addition, multinationals based outside the UK need to know to what extent they should implement new group wide prevention procedures.

The Guidance states that for groups based outside the UK, whether it is appropriate to adopt group wide policies “depends on the extent to which the activities of organisations within the group take place in the UK or give rise to a risk of fraud involving victims in the UK.” It confirms that the offence will not apply to UK organisations whose overseas employees or subsidiaries (and presumably, associated persons) commit fraud abroad with no UK nexus. However, the Guidance is very light on examples of overseas conduct that will be caught.

The role of the Pensions Regulator and Financial Conduct Authority in prosecuting this offence

Where a fraud offence also constitutes a breach of regulations, the guidance expects that prosecutors and regulators will work together to deliver coordinated resolutions, taking public interest considerations into account. However, it recognises that, in some cases, regulators could choose to prosecute the offence of failure to prevent fraud themselves. Perhaps one of the most interesting insights into the future policing of this offence in the Guidance is the reference to the fact that other regulators such as the Pensions Regulator and Financial Conduct Authority will have the ability to use it.

Our next blog post will consider practical tips for large organisations to ensure they have reasonable procedures in place to prevent fraud.

Related capabilities