The new corporate criminal offence of failure to prevent fraud will come into force on 1 September 2025. The offence has been heralded by the Serious Fraud Office as a gamechanger in the fight against fraud in the UK. Big corporates now have a target on their back, with the SFO’s director Nick Ephgrave predicting a return to the big corporate settlements of recent times.
What’s clear is that the new offence is not a simple copy-and-paste of the existing failure to prevent offences under the Bribery Act 2010 and the Criminal Finances Act 2017. There are some similarities – businesses can be liable for failing to prevent misconduct by associated persons and it is a defence for a business to show that it had in place adequate or reasonable prevention procedures.
But there are some important differences.
The first is that the new offence can be committed only by a ‘large organisation’. A ‘large organisation’ is one that fulfils two out of three criteria: more than 250 employees; more than £36 million turnover and/or more than £18m in total assets.
These criteria are measured by looking at the aggregate figures across a parent company and its subsidiaries, wherever in the world they are located.
The second point is that where the other failure to prevent offences deal with a targeted category of wrongdoing (bribery and tax evasion), fraud is a much wider criminal concept which is reflected in the number of 'base' offences a large organisation can be deemed to have failed to prevent. From offences under the Fraud Act 2006, the Theft Act 1968 and the Companies Act 2006, the new failure to prevent offence encompasses misconduct as wide ranging as greenwashing, false accounting and cheating the public revenue.
Thirdly, there are key technical differences in the drafting of the new offence which are likely to have a big impact in how it is used.
Jurisdiction: The new offence applies where an associated person commits a base fraud offence under the law of any part of the UK. Accordingly, there needs to be a 'UK nexus', meaning that one of the underlying fraudulent acts took place in the UK, or that that the gain or loss occurred in the UK. The jurisdictional scope of the offence is somewhat unpredictable. Under the Bribery Act, jurisdictional reach is much cleaner. Whilst wide, it is clearly defined by reference to what is a 'relevant commercial organisation'.
Associated Persons: Certain categories of persons – employees, agents, subsidiaries of a relevant body – are automatically associated persons for the purposes of the failure to prevent fraud offence. This is a marked shift from the approach taken in connection with failure to prevent bribery, where the government guidance states that a subsidiary 'may' be an associated person, depending on the circumstances. Whilst this removes some uncertainty, it undoubtedly increases the risk faced by global companies operating a subsidiary model.
Benefit: Perhaps most significantly, the new offence captures fraud committed by associated persons with an intention to benefit a business, whether directly or indirectly. This means that the 'intention to benefit the organisation does not have to be the sole or dominant motivation for the fraud'; the offence can apply where an associated person’s primary motivation was to benefit themselves, but where their actions incidentally benefit a relevant organisation (for example, where a rogue employee inflates sales figures to boost their bonus). This is entirely at odds with the failure to prevent bribery offence, where the Ministry of Justice guidance provides that 'the fact that an organisation benefits indirectly from a bribe is very unlikely, in itself, to amount to proof of the specific intention required by the offence'. Consider now the risk for a parent company, where its overseas subsidiary defrauds a local customer with an incidental benefit to the parent company, for example a bigger dividend payout.
Finally, a note for solicitors. The government guidance cites professional advisers, such as 'external lawyers, valuers and accountants', as an example of those who provide 'services to', as opposed to 'services for or on behalf of', a relevant organisation. It follows that such advisers would not be associated persons for the purposes of the offence. We would expect to see greater nuance in this analysis in due course; if services provided by a solicitor are merely transactional, it might follow that an adviser is only providing 'services to' their client. But there are obviously scenarios in which a lawyer is acting as an agent for their client where they would be performing 'services for and on behalf of' the relevant business.
Businesses have less than eight months to prepare for the new failure to prevent fraud offence. The UK government is clear about its enforcement priorities and the new offence is just one part of an expanded and ambitious effort to crack down on fraud. The new legislation is nuanced, and challenging for organisations to navigate. Fundamentally, it presents new enforcement risks for businesses. Lukewarm words at the end of existing bribery or internal fraud policies are not going to cut it. The time for action is now.
Olga Tocewicz, Reuben Vandercruyssen and Olicia Williamson practise at Hogan Lovells International LLP
No comments yet