Independent investigations central to UK’s ‘failure to prevent fraud’ offence, says lawyer

The Home Office has published its long-awaited guidance on the offence of failure to prevent fraud. The new law, introduced by the Economic Crime and Corporate Transparency Act 2023, will come into force on 1 September 2025 and will place significant obligations on organisations to ensure they have adequate procedures in place to prevent fraud committed by employees, agents, or others associated with their business. Failure to do so could result in criminal liability for the organisation, with penalties including unlimited fines. We’ll take a closer look with an eye on the investigation stage. 

The Home Office guidance sets out six principles which provide a comprehensive framework for preventing fraud, including ensuring prevention measures are proportionate to the risks, maintaining top-level oversight, assessing risks regularly, and fostering a culture of compliance. It emphasises the importance of due diligence, effective communication and training, and regular monitoring to keep procedures effective and up to date. 

Before the Christmas break, white collar crime expert Neil McInnes talked to this programme about HR’s role in preparing businesses for the new offence. He spoke about conducting risk assessments, arranging tailored fraud awareness training, and strengthening whistleblowing and resource allocation. We’re returning to this to hear more from Neil about what HR can do at the onboarding stage, when vetting potential newcomers to the business, and how, if they are recruited, the monitoring that should take place thereafter to help identify any ‘bad apples’. And then, if a fraud is detected, of course, there will be a need for an investigation so what does that involve and what is HR’s role. 

First, the vetting stage, Neil again:

Neil McInnes: “From an HR perspective, there are particular touch points that HR directors and HR teams should be thinking about, offering up their experience to help the organisation support reasonable prevention procedures. So the first area that I would highlight is when you're thinking about fraud prevention procedures, one area is your people coming into an organisation. Are there suitable pre-employment checks and vetting procedures that are risk based, that are adequate to meet the risks of a threat that someone comes into the organisation who's a bad apple? That will be a fundamental part of the proportionate procedures principle where, I expect, the knowledge and insight of HR teams will be invaluable to enrich that compliance response. The second area is around monitoring and review and making sure that fraud prevention procedures are kept under review and are working effectively. I think this is one of the first types of compliance guidance of its kind that the UK government has released that has talked about effective investigations in quite high-level terms, but with some really important key notes. For example, the guidance talks about investigations being independent, being clear about their internal client and purpose, being appropriately resourced, being empowered and scoped, including through legal advice, and being legally compliant and fair to all parties. In this context, unpacking some of that, and bearing in mind the corporate criminal risks that could arise from a fraud that affects an organisation, it's rarely going to be the case that an HR professional on their own should be conducting an investigation into a fraud that has a wider impact. It’s going to have to be a triage process that involves other stakeholders to make sure that that investigation is suitably independent and the right people are involved in conducting it. So this is the first time, really, we've seen guidance of this kind, relating to this type of compliance legislation, talking about investigations and what the hallmarks of an effective investigation are.”

Joe Glavina: “How would these investigations differ from investigations that you are already helping clients with such as, for example, bribery. Is this taking a different approach?”

Neil McInnes: “I don't think it's taking a different approach to how a bribery investigation should occur. I think it's bringing fraud investigations up to the level that people have been adopting for bribery investigations. So you would not be conducting a bribery investigation, typically, just as a business unit or an HR function within that business unit, it would be escalated because of the corporate criminal risk that can arise from bribery. Now we have that corporate criminal risk arising from, perhaps, an employee fraud and so it needs to be planned using an investigation protocol that has components that are legal, compliant, HR, internal audit, to make sure that investigation isn't part of the problem, essentially.”

Joe Glavina: “When the guidance talks about independent investigations what does that mean exactly? Typically you’d have HR involved along with a line manager, but they're obviously not as independent as if you bring in external lawyers, for example. So what’s the right approach?” 

Neil McInnes: “Independence in the context of investigations is always going to be fact specific. It's perhaps easiest to give examples of problems that can arise in investigations that aren't sufficiently independent. So, let's take an investigation into a suspected fraud of a senior manager in a regional business unit. If it's the regional business unit’ s HR, or legal, function that is tasked with conducting that investigation, where they might be wearing a number of different hats because they're looking after that business unit, that might not be sufficiently independent and some other part of the organisation might need to respond instead, making sure that investigation is independent. In other cases, it might need to be an external firm, whether a lawyer or non-lawyer, involved in making sure the fact finding is sufficiently independent, but it's not in every case. I think it depends on the facts, and it's incredibly fact sensitive.”

Joe Glavina: “Your final thoughts, Neil?” 

Neil McInnes: “Well I think clients are now needing to grapple with a range of different factors to make sure investigations are going to meet the standards that will be expected if anything ever got looked at by law enforcement if there was a substantiated problem. That means that there's more pressure to make sure those who conduct investigations are adequately trained in how to do them. There are also regulatory obligations that have come into force, or have come into play, including on in-house lawyers to make sure that they are complying with their regulatory obligations by the SRA, with new guidance there. So I think there's just a lot more focus on what an investigation, a good internal investigation, looks like with the understanding that if there is a problem for an organisation later, their response, their investigation of the problem, will be part of the piece that is looked at by law enforcement to assess whether, overall, an organisation had reasonable prevention procedures and therefore a defence, or not, to a corporate criminal liability that arises.”

I mentioned the programme we posted shortly before Christmas on HR’s role in conducting risk assessments, arranging tailored fraud awareness training, and strengthening whistleblowing and resource allocation. That’s: ‘Key role for HR ahead of UK’s new failure to prevent fraud offence, says lawyer’ and is available now for viewing from the Out-Law website.

- Link to HRNews programme: ‘Key role for HR ahead of UK’s new ‘failure to prevent fraud’ offence, says lawyer’