The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

The introduction of this offence contains a new legal risk for firms which must be addressed and mitigated as part of a robust compliance programme.

The offence, created by the Economic Crime and Corporate Transparency Act 2023 (ECCTA), creates a new strict liability offence, of "failure to prevent fraud" which will apply to 'large organisations' where an in-scope offence is committed by a person associated with that organisation.

Scope and applicability

The offence will apply to UK Finance members where they meet at least two of the following criteria: (i) more than 250 employees, (ii) over £36 million in turnover, or (iii) more than £18 million in total assets. However, the guidance is clear that all firms should be reviewing their controls in light of the new offence, and it appears inevitable that there will be an extension in due course, either to all firms (in line with the Bribery Act) or firms thought to pose a greater fraud risk (following the AML model). It is likely that the FCA will also consider that supervised firms should calibrate existing fraud controls in light of the new offence, whether or not they are strictly in scope.

Understanding the offence

The scope of strict liability is relatively narrow, applying only where a fraud offence is committed by a person 'associated' with the firm (such as an employee, agent, or subsidiary) where there is an intention to benefit the organisation or its customers. Importantly, the intention to benefit the organisation doesn't have to be the primary driver, so for example, misleading statements to customers driven by an intention to hit sales targets will benefit the firm where it increases profits.

Defence against liability: reasonable procedures

Although there is no standalone requirement to put in place controls to prevent fraud (and no criminal liability will arise in the absence of a crystallised fraud offence), having reasonable controls in place may act as a defence to corporate liability. Boards should therefore be keen to mitigate legal risk as far as possible to prevent the inevitable reputational and financial consequences of an investigation and prosecution. The alternative is for firms to argue that it would be reasonable for them not to have fraud controls in place. For large in-scope organisations, particularly where a fraud occurs which is of the magnitude and seriousness to justify an SFO investigation, it will be a significant challenge to persuade the courts that such controls were not required.

What should firms be doing? 

The Government has issued guidance, setting out at a high level features of a reasonable fraud compliance programme.

The guidance sets out that "reasonable" processes will be based on six principles: top-level commitment, risk assessment, proportionate procedures, due diligence, communication (including training), and monitoring and review.

UK Finance is due to publish sector-specific guidance for financial services firms, but as a starting point, firms should review their existing controls and bolster with the following: 

• A risk assessment to identify and record potential fraud risks, including both fraud against the business (which is the basis of most firm's existing controls) and the risk that persons associated with the firm will commit a fraud benefitting the firm.
• Develop and implement or strengthen policies and procedures to address those risks across the organisation, subsidiaries, and relevant third parties.
• Nominate an individual to oversee fraud risk management and regularly review fraud prevention procedures to mitigate emerging risk.
• Provide training, including tailored training to employees and associated persons.
• Establish mechanisms for identifying and investigating potential fraud and ensure regular Board updates through reliable MI.
• Foster a culture of compliance, with Board-level communications articulating the organisation's approach to fraud prevention.

Dentons failure to prevent fraud roundtables

Many financial services firms have been keen to collectively discuss approach. Dentons Corporate Crime team are facilitating this through roundtable events and webinars with specialist lawyers and industry peers during February in London and Edinburgh. Register your interest by clicking this link.