It is no great secret that criminal enforcement in the United Kingdom against corporations has lagged behind our counterparts in the United States and other jurisdictions. In recent years the UK government has introduced a number of reforms intended to increase the ability to “hold organisations to account if they profit from fraud committed by their employees."1 We explore in this briefing the proposed introduction of a ‘failure to prevent’ offence applicable to all sectors and the expansion of the ‘identification principle.’
WHAT IS FAILURE TO PREVENT?
The introduction of a ‘failure to prevent’ offence in the United Kingdom through the Economic Crime and Corporate Transparency Bill (Bill) increases the burden of managing and mitigating the risks of financial crime on companies and individuals within businesses with compliance responsibilities. This follows the recent trend of introducing similar offences of failing to prevent bribery and tax evasion. It may also go some way to mitigate challenges with prosecuting companies in the United Kingdom that have been borne out in recent high-profile cases.
A United Kingdom government factsheet most recently updated on 20 June 2023 confirms the purpose of this new offence is to “clos[e] loopholes that have allowed organisations to avoid prosecution in the past”. Under the new provisions, in order for a failure to prevent offence to be committed, a fraud or false accounting offence2 must be committed by an employee or an agent of the company, for the company’s benefit, and the company must be found not to have had reasonable fraud prevention measures in place. Crucially, it is not necessary for the prosecution to demonstrate that any officers or executives of the company knew about the fraud.
It is expected that this new failure to prevent offence will encourage companies to expand their financial crime risk prevention programmes and drive a cultural shift in the UK market to reduce fraud.
IDENTIFICATION PRINCIPLE
In addition to the introduction of the failure to prevent offence, the United Kingdom government has more recently proposed the expansion of the identification principle, which it expects will further enhance the ability of prosecuting agencies in the United Kingdom to secure convictions against companies for fraud offences.
WHAT IS THE IDENTIFICATION PRINCIPLE?
In the United Kingdom, the identification principle requires the involvement of the “directing mind and will” of a corporate for guilt to be attributed to the corporate. In most cases only the most senior officers of a company, such as chief executives or members of the board, can be characterised as possessing the requisite ‘directing mind and will’ of the corporate entity.
Serious questions have been raised in recent years about whether the UK identification doctrine is fit for purpose when prosecuting agencies are generally only able to secure convictions against smaller companies. Large complex corporates are seemingly able to distance themselves sufficiently in order to avoid any such conviction. The expansion of the principle as proposed by the government could go some way to mitigating the issues with securing a conviction in these sorts of cases.
WHAT IS NEW?
In a United Kingdom government factsheet released on 16 June 2023, the government set out its proposal to expand the identification principle to bring “senior managers” within the scope of the identification principle. This proposal will only apply to fraud, bribery and money laundering offences and is intended to be brought into law through the Bill. Such a change is likely to lead to an increase in prosecutions of corporates for the index offences, e.g. fraud, bribery and tax evasion.
The Bill is currently in its final stages in the House of Lords, and a number of amendments were proposed by peers in July 2023. One amendment proposed by the House of Lords intends to remove the provision stating that the failure to prevent offence would only apply to ‘large firms.’ ‘Large firms’ were previously defined in the Bill (using the standard Companies Act 2006 definition) as organisations meeting two out of three of the following criteria: more than 250 employees, more than £36 million turnover or more than £18 million in total assets.
Careful attention will need to be paid as the Bill continues to progress through the legislature in order for firms to understand their specific obligations and which provisions might apply to their operations. This will include undertaking a comprehensive and tailored assessment of the relevant financial crime risks.
WHAT DOES THIS MEAN FOR YOUR BUSINESS?
The potential widening of the scope of criminal law with the introduction of a failure to prevent offence and the expansion of the identification principle to include more junior officers both serve to increase the potential exposure of businesses to criminal prosecution. We have set out below some steps companies and compliance officers might consider taking to mitigate this risk:
- Early Engagement: Compliance professionals and companies can significantly benefit from taking early advice and engaging in advance with key stakeholders in the business (e.g. senior management) about the upcoming changes. This provides adequate time for any measures to be put in place ahead of the changes becoming law.
- Fraud Risk Assessment and Policy Updates: Businesses and internal compliance teams should review any existing fraud risk assessments against the proposed reforms and consider whether adequate safeguards are in place. Compliance teams might consider seeking advice from outside counsel as fraud risks can be complex and can overlap with other areas of compliance such as anti-bribery and corruption or anti-money laundering requirements. Any changes or updates to policies should be continually reviewed and updated to ensure compliance with future regulatory changes and emerging risks.
- Training: Training should be provided to all employees to reflect any updates to policies and procedures, and to bring employees up to speed on the proposed reforms and increased liabilities for the business. Training should be delivered regularly and refreshed if any updates are made to policies and procedures.
- Due Diligence: When engaging with new stakeholders companies should always conduct due diligence. This may need to be expanded in light of any exposures identified in the revised fraud risk assessment. This might include the need to conduct more intensive background checks on new contractors or increased scrutiny on potential conflicts of interest, particularly where senior managers are involved in light of the expansion of the identification principle.