The Economic Crime and Corporate Transparency Act 2023 (ECCTA) received Royal Assent on 26 October 2023 in the face of a UK "fraud epidemic".1 As described under question 9.3 of the ICLG Corporate Investigations 2024 - England and Wales chapter, two key reforms in the ECCTA to address this epidemic were the introduction of a "failure to prevent" (FTP) fraud offence, and reform of the "identification doctrine" for fraud and other economic crimes.
Broadly, the FTP fraud offence will make "large organisations"2 strictly liable if an "associated person"3 commits a fraud offence intending to benefit the organisation, unless the organisation could prove that it had "reasonable procedures" designed to prevent the offending.
The reform of the identification doctrine significantly expands the category of persons who could be "identified with" a commercial organisation for the purposes of attributing criminal liability in economic crimes from "directing minds" (usually Board directors) to "senior managers" (so broadly defined as potentially to include department heads, for example).
Ultimately, the reforms are aimed at organisations being held criminally liable for the wrongdoing of individuals (or legal persons) acting on their behalf, with a view to those organisations taking steps to prevent the wrongdoing in the first place.
The reform of the identification doctrine is already in force. The FTP fraud offence will not become law until Government guidance in relation to what would be considered "reasonable procedures" has been published. Neither reform will have retroactive effect.
While organisations are already taking steps to enhance their anti-fraud procedures, it will inevitably take time for relevant offences to be investigated and prosecuted. In time, however, we should expect a significant upturn in corporate prosecutions. The pervasiveness of fraud risk, and the multiple routes by which fraud allegations could be made (e.g. by customers, commercial partners and whistleblowers) and pursued (e.g. by private prosecution, civil action, as well as by law enforcement), means that the FTP fraud offence is likely to be significantly more impactful on businesses than even the watershed FTP bribery offence.
Prosecutions will of course depend on law enforcement having the resources and ability to bring those cases. FTP offences however are easy to commit and difficult to defend. Sentencing guidelines provide for enormous fines / financial penalties and law enforcement will be able to recover its costs following a successful prosecution or deferred prosecution agreement. Prosecutions of / Deferred Prosecution Agreements (DPAs) with large organisations will therefore generate significant returns for Government coffers – incentivising the Government, at least, to find law enforcement funding.
The question remains: will these reforms put a dent in the fraud epidemic? Firstly, there is of course a limit to what commercial organisations can do to prevent individuals from committing dishonesty offences. Fraudsters are prolifically successful because people are predisposed to believe one another, particularly those who look and sound the part. Someone who is determinedly dishonest will usually be able to find weaknesses to exploit; and measures to prevent the last fraud may be circumvented on the next. (Such realities are unlikely to garner much sympathy however for an organisation arguing the reasonableness of its procedures).
Secondly, the FTP model has seen a preoccupation with securing outcomes against organisations, with an astoundingly high proportion of non-prosecutions and failed prosecutions of individuals following DPAs and convictions of organisations for FTP bribery. There are complex reasons for this, not least that some DPAs were agreed on the assumption that offences had been committed when they had not. However, the risk is plain. Punishing organisations for wrongdoing which they may be able to do little to prevent, while the individuals who allegedly perpetrate the wrongdoing walk away free, will do little to deter crime, and may in fact achieve the opposite.
Footnotes
1. https://www.rusi.org/explore-our-research/publications/commentary/fraud-emergence-uk-epidemic
2. Organisations are "large" if they meet two out of three of the following criteria: more than 250 employees; more than GBP 36 million turnover; and more than GBP 18 million in total assets. The Government has stated that the offence will be kept under review and the threshold at which companies are excluded may be amended in future.
3. An "associated person" is an employee, agent or subsidiary, or someone otherwise performing services for or on behalf of the relevant body.
Originally published by ICLG.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.