There has been a lot written about the potential impact of this bill when it becomes law. It could create new corporate offenses, including failure to prevent fraud and money laundering as well as altering the test for corporate criminal liability. We consider below what that may mean in practice for companies when reviewing the adequacy of their procedures.
Will the expansion of failure to prevent money laundering and fraud lead to more frequent prosecutions?
In relation to money laundering, the FCA (financial conduct authority) obtained the power to prosecute companies for breach of the Money Laundering Regulations in December 2007. In the decade and a half since then, it has prosecuted one company, Natwest in 2021, for breaches of the Money Laundering Regulations. Until now, the FCA’s approach was influenced by having a regulatory alternative available, and the difficulties of prosecuting under the Money Laundering Regulations. Why prosecute if you can go down a simpler and faster regulatory route and achieve a bigger financial penalty? The risk to companies of prosecution will therefore increase with this bill as prosecution for failure to prevent may be a more practicable option than prosecuting under the somewhat cumbersome Money Laundering Regulations.
Larger and more complex organizations have historically been difficult to prosecute – the most obvious case of this being that of SFO (serious fraud office) v Barclays. Lisa Osofsky’s comment that this meant, “I can go after main street but I can’t go after Wall Street” was noted by Margaret Hodge during a debate on the Bill. A new failure to prevent fraud offenses coupled with an expansion of corporate criminal liability will greatly enhance the ability of prosecuting agencies to pursue larger companies with more complex management structures.
One question is, who will do the prosecuting? Whether it is the SFO, the CPS (crown prosecution serivce), the FCA, or some combination of agencies, if a new law is enacted that creates failure to prevent money laundering offenses, then it is likely that there will be more frequent prosecutions. This in turn makes it prudent that companies can establish that they have adequate systems and controls in place to prevent any new criminal offenses that are created.
Will any new law lead to greater enforcement - follow the money
One thing to keep an eye on in addition to the final form of the legislation is whether the government commits new funding to the SFO and the other agencies tasked with investigating and prosecuting the offenses created. As Lord Garnier KC (the former Solicitor General) pointed out when he spoke in the House of Lords debate on the bill, “the Serious Fraud Office, in my view, is woefully underfunded, and as a consequence performs inadequately." Without additional funding, how will any new law be effectively enforced?
The lack of adequate funding for the SFO is peculiar given that it has for some time been a substantial net contributor to the exchequer. The recent prosecution of Glencore resulted in total financial penalties of £281 million. The SFO’s 2022-23 operational budget is approximately £58 million. Interestingly the £300 million allocation from the Economic Crime Levy, which was announced by the Treasury in a statement on March 27, did not specifically refer to any additional funding for the SFO.
Publication of Guidance
There could be a significant time lag between the Bill receiving Royal Assent and coming into force. The Bribery Act received Royal Assent on April 8, 2010, and did not become law until July 1, 2011. This was to enable the guidance to be published and for corporates to have at least 3 months to consider the guidance before the law came into force. The time between the new law being passed and coming into force will be a key period to enable companies to assess how the legislation will impact them and for them to develop or revise their existing controls.
What should corporates do now?
Currently, corporates may be experiencing collective fatigue with the idea of further policies and controls to create and implement, particularly following the extensive efforts they have made in dealing with sanctions following Russia’s invasion of Ukraine, and in the context of a stressed economy.
The good news is that it is unlikely that new offenses under the legislation will require an entirely new set of controls and procedures. However, corporates that already have specific anti-fraud controls in place will likely still need to adapt them in the light of any statutory guidance produced by the Government. Companies that do not have specific anti-fraud controls will want to consider whether they need to put new controls in place or whether they can enhance their existing controls.
Those wanting to get ahead of the curve should start by taking stock of any anti-fraud policies and controls currently embedded within their businesses and consolidating them in one place. Subsequently, a review and gap analysis should be conducted to assess the appropriateness of these measures in light of business-specific risks and updated as new fraud risks emerge. For example, representations related to sustainability and the resulting risk of ‘greenwashing’ is an emerging area for which previous anti-fraud measures may not be fit for purpose.
Much of the guidance and experience obtained by businesses and prosecutors with regard to the S.7 Bribery Act offense will also be relevant. On top of updating policies, controls, and training, companies should ensure that they have the relevant expertise to manage business-specific fraud risks whether that be through dedicated internal resources or external assistance. Currently, compliance teams are filled with anti-bribery, sanctions, and increasingly ESG (environmental, sustainability, and governance) experts, but rarely is this expertise aimed at the wider offense of fraud which may have a varying impact across different business groups and functions. Additionally, leveraging available data and technology to detect fraud may be a baseline expectation of regulators. Corporates may also wish to enhance the internal audit function, and any existing audit committee and document top-level executive commitment to ensuring books and records are accurate.
Regardless of the details of the legislation, corporates will need to demonstrate significant investment and action in preventing fraud, and other offenses created, across their business. The guidance issued by the government should make it clear whether companies need a specific standalone set of procedures in place to prevent fraud or whether it is sufficient to cross reference, rely upon, and where necessary augment their existing anti-fraud controls.
Reecha Patel also contributed to this article.