Fraud ‘reasonable procedures’ guidance will emphasise need for procedural assessment

Upcoming UK government guidance concerning the Economic Crime and Corporate Transparency Act 2023 (ECCTA) (376 pages / 3.7 MB) will set out the reasonable procedures businesses should introduce to prevent fraud. In addition to introducing a new corporate offence of failure to prevent fraud by associated persons, ECCTA has reformed the law of corporate criminal attribution for a wide range of economic crimes.

David Lister, forensic accounting specialist at Pinsent Masons, said: “The new legislation highlights the importance of a ‘current state assessment’ to allow businesses to build on existing procedures and processes.”

The Home Office is aiming to publish guidance on the new offence of failure to prevent fraud and the reasonable prevention defence this summer, six months before it comes into effect.

Ahead of this, Penny Dunbabin, senior policy lead at the Home Office’s fraud policy unit, set out what businesses should expect from the guidance at a webinar hosted by Pinsent Masons.

This includes clarity on who will be considered an ‘associated person’. Associated persons under EECTA include employees and those who provide services for and on behalf of a business. The Act sets out an important distinction between those who provide services to a business, who are not associated persons, and those providing services for or on behalf of a business, with these people considered an associated person under the Act.

To be liable, the associated person must intend to benefit either the organisation which they are working for or providing services on behalf of; or another group company, a customer or client of the organisation who the associated person provides services to on behalf of the business.

The failure to prevent fraud offence applies to all UK and foreign organisations that carry on business or part of a business in the UK which fulfil two of the three criteria in the financial year preceding the fraud offence: a turnover of more than £36 million, a balance sheet total of more than £18 million, or more than 250 employees.

It applies to fraud offences under the Fraud Act 2006; Theft Act 1968 and Theft Act (Northern Ireland) 1969, such as false accounting or making false statements; fraudulent trading under the Companies Act 2006; cheating the public revenue; and Scots common law fraud.

The new reasonable procedures defence will be applicable where a business can prove that at the time the offence was committed it had reasonable procedures to prevent fraud by associated persons in place, or that it was not reasonable in all the circumstances to expect such procedures to be in place.

While the final guidance is yet to be issued, businesses should act now to ensure compliance with the ECCTA as a whole by conducting a fraud risk assessment, particularly as the change to the attribution of corporate criminal liability is already in force.

ECCTA has reformed the ‘identification doctrine’ which was how criminal liability was attributed to a company; the offence had to be committed by ‘the directing mind and will’ of the company. Now, certain economic crimes committed by “senior managers” who are acting within the scope of their actual or apparent authority can be attributed to the company for the purposes of holding that company criminally liable.

The meaning of “senior manager” under ECCTA is an individual who plays a significant role in the decision-making or actual management of the whole or a substantial part of a business.

The economic crimes for which a company can be held criminally liable for the actions of its senior managers include fraud, bribery, sanctions breaches, money laundering and certain financial services offences under FSMA, among others.

Melanie Ryan, corporate and regulatory investigations expert at Pinsent Masons, said: “This is a transformative change to the law which significantly increases the risk of corporate criminal liability being established.”