‘Failure to prevent fraud’ offence now in force with UK’s regulator set to act

Since 1 September, a very important new corporate criminal offence has been in force – failure to prevent fraud. It’s part of the government’s Economic Crime and Corporate Transparency Act (ECCTA) and it makes large organisations criminally liable for frauds committed by employees and others working on their behalf. The Serious Fraud Office has already signalled it will use this new power aggressively. Its director, Nicholas Ephgrave, has warned: “Come September, if firms haven’t sorted themselves out, we’re coming after them… we can’t sit with the statute books gathering dust, someone needs to feel the bite.” For HR, this matters because investigators don’t just look at finance controls – they scrutinise people systems. Training records, onboarding processes and whistleblowing procedures are all evidence that can make or break a defence. We speak to a corporate crime specialist advising clients on this issue.

The key issue for HR is that liability doesn’t just turn on the actions of senior management. Any employee, agent, or contractor who commits fraud with the intention of benefiting the business can put the whole organisation at risk. The legislation provides firms with a defence if they can show they had “reasonable procedures” in place to prevent fraud. Government guidance sets out six compliance principles – covering areas such as top-level commitment, risk assessment, due diligence, and training – and, as we’ll hear, HR has a part to play across all of them.

That means ensuring recruitment and onboarding checks are robust, contributing to risk assessments with insight into workplace behaviours, and embedding training on fraud and business ethics so that policies are lived and understood rather than just written down. In any investigation, the SFO may well ask ‘Can you show us your staff training records?.’ If the answer is ‘sorry, no’ you may well have lost your only defence. 

The wider point is cultural. This isn’t a box-ticking exercise. The new offence is intended to drive genuine change in how organisations prevent fraud and promote ethical behaviour and, again, HR is central to delivering that.

So, clearly this is highly relevant to HR professionals so let’s take a closer look at the new laws and how they apply. Neil McInnes is a criminal defence and corporate crime specialist and earlier he joined me by phone to discuss it: 

Neil McInnes: “The offence of failure to prevent fraud under ECCTA, which is now in force, applies to large organisations which means either that they have more than 250 employees, a turnover of £36 million or above, or more than £18 million total assets. If the organisation falls into that category it is liable for frauds of a certain kind committed by people who are associated with the organisation, and those are called ‘associated persons’ who intend to benefit the organisation, or someone who they're performing services on behalf of the organisation for, such as a customer, and if they have that intention to benefit the organisation is liable unless the organisation can demonstrate it has put in place reasonable fraud prevention procedures.

It's important to just mention that ‘associated persons’ includes all of an organisation's employees. So any employee who does a fraudulent act intending to benefit the organisation can make the organisation liable. It might not be their only motivation - the employee may want to make a gain for themselves - but if they also have an intention to benefit the organisation then the organisation could be liable unless it has put in place. These procedures have a number of different principles which will be familiar to HR professionals if they've had any dealings with similar pieces of legislation, like the UK Bribery Act – there six principles are very similar. 

Where the HR function in an organisation can really be impactful in helping an organisation meet the compliance objectives of the Act is in thinking about those six principles and where they key in. Some of them are going to be areas around top-level commitment and resourcing where HR may well have a seat at that table, thinking about what an organisation needs to set that top level message - zero tolerance towards fraud - but it filters through the other principles as well. So it could filter into a risk assessment process where you need to think about the fraud triangle, as it's called, and where there might be opportunities, for example, for fraud to occur in an organisation. An HR professional may have particular insight to feed into that risk assessment, not as the only participant by any means – it’s got to be multidisciplinary to be successful – and they may also have a significant role in due diligence in terms of recruitment diligence where employees are onboarded, and selection criteria, which might, for example, pick up issues in recruitment that could lead to higher fraud risks. So perhaps an industry that is used to a high turnover of staff but there may, as a consequence, be conflicts of interest arising between a member of staff and their previous, or former, place of work and your organisation. Another principle which is particularly important might be training and the sorts of training around business ethics and fraud prevention which an HR team may well be part of the delivery module for in an organisation.”

Joe Glavina: “Nicholas Ephgrave, Director of the Serious Fraud Office, has been quoted saying: “Come September, if firms haven’t sorted themselves out, we’re coming after them.” How should HR leaders interpret that?

Neil McInnes: “Well, I think the Serious Fraud Office and other agencies responsible for the investigation and prosecution of fraud in the UK will see this piece of legislation as an opportunity for ensuring that they test whether organisations have driven ahead with good anti-fraud behaviours in the run up to the legislation that is now in force. We've got to bear in mind it is only in force just now and it will take some time for cases to be built by any law enforcement agency, but I think it's been a driver over a number of years for law enforcement agencies to think about corporate criminal liability, whether it's the UK Bribery Act, whether it's changes also in this legislation to how corporates can be liable because of the acts of their senior managers, and that's a separate part of the legislation, and all of these tools are now available to law enforcement agencies in the UK, and they will be expecting organisations that have had a lead in time to have planned for enhancements to their existing compliance programme. There's been guidance that's been available since November last year, and there has been a lead in time even before that, so there will be an expectation, inevitably, that if a law enforcement agency comes across a fraud issue that it wishes to investigate, well, what did an organisation do? It wouldn't be expected of HR professionals to be the lead voice in an organisation to have started that process, but I think that law enforcement agencies, when they're doing investigations, will often be interested in what records have been kept, what training has been done, and the information that HR will have there, will be very important to help an organisation meet any of the expectations of law enforcement, should there be an investigation.”

Joe Glavina: “I notice this new law has been widely described as a ‘cultural turning point’ for firms, not just a legal one? Thoughts on that.”

Neil McInnes: “Well, I think it starts with that principle of top-level commitment and whether there is a genuine message being sent that fraud will not be tolerated within an organisation. The other aspect of it, I suppose, is that increasingly you can't see a compliance programme as just a single-issue compliance programme. It has got to be joined up and HR perform a really important role in making sure that messaging across an organisation is delivered effectively. So when you think about cultural issues, you're talking about wider business ethics and the breadth of the failure to prevent fraud offence, coupled with existing legislation for bribery, for tax evasion, and other changes to corporate liability that have happened as well, mean that a holistic approach is necessary for an organisation and it has to be genuine. It cannot be a paper-based compliance response. It has to be embedded within an organisation and tested that it's working. So those are all aspects of the culture of an organisation which need to respond, and HR professionals will have a great deal of familiarity of the particular issues that different organisations may face culturally to get these messages across successfully.”

If you would like help with reviewing your organisation’s fraud prevention procedures please do get in touch with Neil – his details are on the screen for you. Alternatively, you can contact your usual Pinsent Masons adviser.

- Link to Out-Law article: ‘ECCTA: one month to go as businesses urged to review fraud prevention procedures’