Focus on ‘senior managers’ with UK’s new failure to prevent fraud offence

As we highlighted week, a new offence - the ‘failure to prevent fraud” - is on the way and it’s one that HR professionals need to prepare for. It will put the spotlight on employers’ fraud prevention measures as well as what senior managers in the business have and haven’t done to help prevent fraud. We’ll speak to a criminal defence and corporate crime specialist about the new offence and what HR needs to do to be ready for it.

The Economic Crime and Corporate Transparency Act 2023 received Royal Assent on 26 October last year designed to combat economic crime, including fraud, money laundering and the financing of terrorist activities. The new laws are coming into force on a piecemeal basis given the need for guidance to be published on certain provisions of the Act before they can come fully into effect, and whilst this new offence, failure to prevent fraud, is not yet in force employers do need to be ready for it. 
When it arrives it will result in large businesses being held criminally liable where a person associated with it, such as an employee, commits a fraud intending to benefit the organisation and the business did not have reasonable procedures in place to prevent the fraud. The offence is effectively one of strict liability, albeit there is a complete defence if the business can show that, at the time of the fraud, it had ‘reasonable procedures’ in place to prevent fraud, including whistleblowing policies and procedures. The government has published draft guidance setting out what those procedures should look like, and we await the final guidance after which the new offence will come into force.

The Act is designed to make it easier to bring successful prosecutions against large corporates. It strengthens the legal test for determining whether the criminal actions of individuals can be attributed to a company. It extends it from the so-called ‘directing mind and will’ approach which tended to focus on just the highest-ranking executives in the business, to ‘senior managers,’ a much broader concept. That new test came into force on 26 December last year. 

So, clearly this is something HR professionals should know about so let’s hear more about it. Neil McInnes is a specialist in this area and earlier he joined me by video-link from the London office to discuss the Act: 

Neil McInnes: “So, this is a piece of law that is already in force, it came into force on Boxing Day 2023. It changes the traditional view of corporate criminal liability, so how a company can be liable for the acts of others. Previously, it had to be really, really senior management, so the directing mind will have the company the people making those decisions at board level. The new law takes it down to a significant tranche of senior managers who are not at that level, and their acts, if they do something criminally wrong across a whole range at the moment of economic crimes, not just fraud but a whole range of economic crimes, their acts can be attributed to the company, so the company's liable for their criminal acts. So as an organisation you need to be thinking, well, who are the senior managers? It’s going to be anyone performing some sort of significant role in the management of part of a business. That could be a branch manager, it could be a head of HR, it could be a range of other people in significant functional roles who would never before have been the directing mind or will of the company but now are senior managers and their acts could lead to criminal liability for a company and we could talk about how we deal with that now and what we're seeing companies are doing to respond to that.”

Joe Glavina: “Yes, tell me more about that, Neil.”

Neil McInnes: “So one of the things that we're doing, and we're working with a number of clients on, is thinking about risk assessment. So, when you're looking at your financial crime risk assessment, are you incorporating a sense check on who might be the senior managers under this new definition? Once you’ve done that, once you've identified those people, you might be thinking about, are we sufficiently protecting against risks that those sorts of people could create and are we doing things to support them? So are we giving them enhanced training on economic crime? Are we onboarding them into organisations with sufficiently robust due diligence and vetting? So special measures are being thought about by organisations because of this change to corporate criminal liability bearing in mind there's likely to be quite a lot of litigation and judicial scrutiny over who a senior manager is in future years, but preparing now, thinking about compliance measures that might be focused a bit more on those people within an organisation is prudent now.”
Joe Glavina: “Picking up on that risk assessment point. Who would conduct that?”

Neil McInnes: “Well a range of people can do it and it depends on the organisation. We sometimes facilitate workshops with a group of managers across different parts of a business and go through financial crime risks, we're looking at are they likely to occur, we might be looking at what existing measures are there to mitigate risks that are created, and then perform some sort of gap analysis, what else might need to be done to reduce the risks and mitigate the risk by way of extra compliance systems and controls or other measures that could be considered so. So, you'd normally need for a workshop a group of people within the organisation in different roles so you can test across the organisation different financial crime risks, whether it's fraud, risk, corruption risk, or others.”

Joe Glavina: “Moving on to whistleblowing policies, most clients, if not all of them, will have a whistleblowing policy already. In terms of reviewing that policy to reflect the new offence, who should be doing that? Is that a job for HR?”

Neil McInnes: “It's probably a job for a mixture of people, HR, other legal and compliance functions. Whistleblowing should be seen not just as owned by one part of an organisation. In fact, the trend is to see whistleblowing systems very much promoted by senior management at board level, and a number of different stakeholders feeding into it. It’s not to say that organisations necessarily need to change their policies but it's a good moment to review and ask has our policy met the kind of current expectations of government and law enforcement about a best-in-class whistleblowing system? Does it work? Even if you're not amending the policy, you might decide if the policy is relatively recent, let's just test if people know about it, how it works. Let’s do some surveys of our people to see if they feel confidence in the system. That's the kind of question that law enforcement will want to know, that your compliance programme is robust enough, that you've tested how people feel about it and that's your people. Many times organisations do all the hard work, put all the policies in place, but they haven't checked whether they're actually working, whether people feel confident in them, including all of their people.”

Joe Glavina: “So what are the action steps for HR professionals, Neil? The new offence is on its way so I guess some sort of communications campaign to make sure staff know about it?” 

Neil McInnes: “I think it's about a coordinated strategy. This is not a piece of legislation that falls on the desk of HR alone. So, it's about having effective internal stakeholder engagement across a number of different parts of the business. This new law, we've found, a number of people have been involved in organisations discussing it and coming up with a plan. So it's HR, it's legal, its compliance, it's the finance department, because if you're thinking about prevention of fraud so often the finance team will have the systems and controls and need to be thinking about enhancements to those as part of this process. So, it’s a three-way handshake, at least, within an organisation all sponsored, all supported and promoted by a designated senior leader.”

Joe Glavina: “Anything else, Neil? A final message?.”

Neil McInnes: “Well, I think that this law change shines a light on the fact that handling these areas is becoming increasingly sensitive because investigations that go wrong, if they're not run by the right people within organisations, if they're not bringing in the right resources within the organisation, if they go wrong then further down the line we've seen in the public domain over the last few years how that has become, often for organisations, a scandal of some kind. So getting these systems around whistleblowing right, supporting whistleblowers, making sure there's no victimisation of whistleblowers at any part in the process and keeping them informed of what you as an organisation are committed to and, crucially, the culture of the organisation to support people who come forward is the way to go because if you don't do that you run the risk that someone doesn't feel supported and your investigation into their concerns is criticised later and that could involve external criticisms, reputational damage, law enforcement interest and the like. So, really worth investment at the front end to get these systems working effectively.”

Neil and his team have prepared a detailed guide on the new offence of failing to prevent fraud and it’s available now from the Out-Law website. That’s ‘Failure to prevent fraud under the UK's Economic Crime and Corporate Transparency Act’ and we’ve included a link to it in the transcript of this programme.

LINKS
- Link to Out-Law guide: ‘Failure to prevent fraud under the UK's Economic Crime and Corporate Transparency Act’