The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

With the implementation deadline for the UK’s ‘failure to prevent fraud’ offence rapidly approaching, organisations should be entering into the final stages of their preparations. 

Over the past 18 months, we’ve helped financial services clients, across a range of sizes and sectors get ready for the new offence. In each case, our approach has drawn on our advisory experience across the UK’s two other ‘failure to prevent’ offences, bribery and tax evasion. 

Below, we share three key takeaways from our recent engagements to help you finalise your preparations ahead of 1 September implementation deadline

1. Fraud prevention is a business-wide issue, so look to leverage a broad range of assets and accelerators

The first place to start has always been understanding an organisation’s risk exposure and how proportionate their existing procedures are. 

In the case of failure to prevent fraud, internal fraud isn’t new, therefore it’s important to consider what is already in place, especially from previous Fraud Risk Assessments (FRAs) and Risk & Control Self Assessments (RCSAs) that many business units perform every year. These should be expanded though, with business-specific failure to prevent risk scenarios, focusing on areas where coverage may be lacking, such as mapping ‘associated persons’ or instances where a firm is a beneficiary rather than a victim of fraud. This method of identifying fraud which benefits the organisation might be a new way of undertaking a FRA. In our experience, counter-fraud teams have had an important role to play in explaining the differences to teams who are unfamiliar.

As there is often overlap, it is also important to take stock of existing data and controls that might exist in relation to the other corporate criminal offences (bribery and tax evasion), or which sit in different parts of the business, for example in relation to ESG etc.

2. Ensure you bring a broad range of risk and compliance teams together as you prepare 

The in-scope base offences go beyond the Fraud Act 2006 (misrepresentation, failure to disclose and abuse of position) and include participation in fraudulent business, obtaining services dishonestly, cheating the public revenue, false accounting and statements by company directors and fraudulent trading. This broadening brings a need to think more laterally about where risks can arise and where controls might exist. Counter-fraud teams should engage with Finance, HR, Procurement, IT, Legal, Compliance, Sales, Marketing, and other economic crime functions alongside the first line Business Units to uncover in-scope scenarios. This ensures that all potential risks and controls are considered, and any gaps are identified.

3. Remember to keep jurisdictional exposure at the forefront of your preparations

A frequent area of difficulty we’ve supported organisations navigate across all three failure to prevent offences has been jurisdictional exposure. As with the failure to prevent bribery and tax-evasion offences, the failure to prevent fraud offence has a distinct international component. 

When preparing, it’s crucial to remember that the legislation applies to organisations outside of the UK. As a reminder, the UK Government factsheet notes ‘if an employee commits fraud under UK law, or targeting UK victims, the employer could be prosecuted, even if the organisation (and the employee) are based overseas’. 

Overseas entities that meet the criteria could be prosecuted under the legislation, regardless of where they were incorporated or formed. As such, organisations should ensure preparations include a legal and jurisdictional analysis to determine where the offence may apply. This includes examining the parent – subsidiary relationship and the structural set-up of organisations to ensure bases are covered. 

What happens next

Recent developments suggest that the Serious Fraud Office will be testing the ‘adequate procedures’ defence for the first time in a suspected failure to prevent bribery case, signalling a clear intent to enforce legislation. 

With the deadline rapidly approaching, organisations still preparing for the offence will need to ensure they establish reasonable procedures at pace. If you’re still behind the curve, and are looking to progress quickly, please see our other blog for additional information on what can still be done.