The final UK Government guidance on failure to prevent fraud has now been published Economic Crime and Corporate Transparency Act 2023: Guidance to organisations on the offence of failure to prevent fraud (accessible version) - GOV.UK.
This guidance offers organisations crucial advice on the corporate criminal offence of failing to prevent fraud, which will take effect on Sept. 1, 2025. This timeline provides companies with the opportunity to implement the necessary measures.
Fraud accounts for 40% of all crime in England and Wales1, making it the most prevalent type of crime in the UK, these new measures are part of a broader government initiative to reduce fraud and protect potential victims.
Introduction to the Guidance
With the enactment of the Economic Crime and Corporate Transparency Act (ECCTA) in October 2023, the UK has fortified its stance against corporate fraud. A key element of this legislation is the Failure to Prevent Fraud (FTPF) offence, which applies to organisations that fail to prevent their associated persons from committing fraud offences that benefit the organisation. This accountability requires businesses to bolster their internal controls and proactively tackle fraud risks.
These principles are intended to be adaptable and outcome-focussed, accommodating a wide range of situations that organisations may encounter and ultimately, the measures to prevent fraud should be proportionate to the level of risk involved.
The ECCTA predominantly targets large organisations, defined as those meeting at least two of the following criteria:
- Employing over 250 people
- Generating more than £36 million in turnover
- Possessing over £18 million in total assets
Nonetheless, smaller businesses are encouraged to adopt these practices as a proactive safeguard in anticipation of growth or possible expansion of the legislation. If the relevant criteria are met, the offence has the potential to extend across the UK and under specific circumstances, has extra-jurisdictional reach.
The guidance echoes previous advice on managing bribery and corruption risks, emphasising leadership commitment, risk assessments, proportionate procedures including due diligence, and continuous monitoring. However, recurring fraud incidents suggest that lessons learned from past cases are not leading to the full implementation of new processes.
This article will examine the guidance and recommendations, their implications for businesses, and past failures to highlight areas needing improvement to drive meaningful change.
To this end, the guidance calls for relevant organisations to embed the following six principles in their fraud prevention frameworks:
- Top-level commitment
- Risk assessment
- Proportionate risk-based prevention procedures
- Due diligence
- Communication (including training)
- Monitoring and review
Below are our key takeaways from the guidance with respect to these principles, as well as our suggested considerations for organisations in navigating compliance with this new offence.
Corporate Culture and Fraud
The guidance highlights the necessity for “leading by example and fostering an open culture” where employees feel empowered to identify and challenge misconduct.
Indeed, the Association of Certified Fraud Examiners' 2024 Report to the Nations reveals that 43% of fraud cases were discovered through tips2 — three times more than the next most common detection method, clearly showing how crucial culture is to preventing and detecting fraud.
Yet, wrongdoing often goes unchecked, especially if driven by senior colleagues or ingrained in the organisational fabric. A notable example is Tesco Plc, which, in 2017, entered into a Deferred Prosecution Agreement after overstating profits in 2014. The Serious Fraud Office’s Statement of Facts3 highlighted that Tesco’s financial targets pressured employees to manipulate results to meet budgets, misleading the stock market. Such environments, where performance incentives encourage misreporting, emphasise the need for open channels for employees to raise concerns. If senior executives permit unethical practices, opportunities to challenge such behaviour become limited or discouraged.
Governance Shortcomings
Within the same top-level commitment principle, the guidance specifically calls for "clear governance across the organisation" in respect of their fraud prevention framework.
Fraudulent activities often aim to present a more favourable financial position to attract investment and allay viability concerns. Shareholder pressure for continuous financial growth can create a climate where unethical practices are not only encouraged but deemed necessary to meet targets.
Mitigating these risks can involve appointing non-executive directors to ensure decisions align with stakeholder interests. However, governance failures occur when boards lack active oversight and fail to challenge senior executives. This issue was evident in the Steinhoff scandal, where profits were overstated over eight years by fictitious contracts, exemplifying governance breakdowns occurring at companies with dominant CEOs and uninformed boards.4 Similarly, Toshiba’s accounting scandal involved profit overstatements driven by target pressure, with issues unchallenged due to “silent shareholders” and a lack of fresh perspectives.5
Top-level commitment is crucial, extending to business leaders, boards, and oversight committees.
High-Risk Functions and Internal Controls
As noted above, two of the best practice principles include risk assessment and proportionate risk-based prevention procedures.
Fraud prevention undoubtedly relies on identifying potential opportunities for fraud and implementing measures to mitigate these risks. High-risk areas often include finance, sales, and procurement functions. In fact, the ACFE 2024 Report to the Nations identifies that over half of the reported fraud cases stem from operations, accounting, sales, customer service, and upper management.6
Robust internal controls are essential to prevent process deviations. However, loopholes are often exploited, as seen in the 2024 CPS prosecution of a council employee who accepted bribes through inflated invoices.7 Even large corporations like Netflix have faced similar issues, with procurement fraud occurring when IT contracts were awarded based on kickbacks.8 Weak controls in payroll functions also enable fraud, as demonstrated by a 2023 case of payroll exploitation and embezzlement from a property business.9
Fraudulent accounting, often perpetrated by finance professionals, involves manipulating subjective accounting policies. The Patisserie Valerie scandal serves as a prominent example of such practices.
Leveraging Data for Fraud Prevention
Within the monitoring and review principle, the guidance calls for the consideration of data-driven approaches to fraud detection, suggesting also that, for certain organisations, AI tools could be leveraged in this regard.
Harnessing the power of data analytics is a key strategy in the fight against fraud. By effectively utilising data, organisations can identify patterns, detect anomalies, and predict potentially fraudulent activities before they escalate. While recommending data analytics for fraud prevention is straightforward, companies must understand their data and how it interrelates to realise its potential.
The use of data analytics allows for real time monitoring and automated alerts, enabling businesses to respond swiftly to suspicious activities. By integrating advanced technologies such as machine learning and artificial intelligence, organisations can enhance their ability to detect fraud with greater accuracy and efficiency.
Additionally, data driven insights can help organisations identify high risk areas and allocate resources more effectively to mitigate these risks. By continuously refining and updating their data analytics capabilities, companies can stay ahead of fraudsters and protect their assets, reputation, and stakeholders.
Closing Remarks
The publication of the UK Government's final guidance on the FTPF offence marks a significant step forward in the nation's efforts to combat corporate fraud. The transition period before the failure to prevent offence comes into force, provides the opportunity for companies to enhance their internal controls and adopt proactive measures to mitigate fraud risks.
The guidance emphasises the importance of fostering a corporate culture that empowers employees to report misconduct, strengthening governance structures, and leveraging data analytics to anticipate and prevent fraudulent activities.
In light of the guidance, companies should consider incorporating a broader scope of fraud risk into their assessments, re-assessing the appropriateness of their control environment, and ensuring leadership fully understands the scope of risk and is armed with the right information and assurances that controls are appropriate.
By prioritising leadership commitment, rigorous risk assessments, and continuous monitoring, businesses can not only comply with the new regulations but also build a more resilient and transparent organisational framework. As companies implement these strategies, they contribute to a collective effort to uphold integrity and accountability, thereby protecting their assets, reputation, and the broader community from the damaging effects of fraud.
Sources
[1] National Crime Agency - Fraud - National Crime Agency
[2] https://legacy.acfe.com/report-to-the-nations/2024/
[3]https://webarchive.nationalarchives.gov.uk/ukgwa/20210301134047/https://www.sfo.gov.uk/download/deferred-prosecution-agreement-statement-of-facts-sfo-v-tesco-stores-ltd/, page 15
[4]https://www.researchgate.net/publication/328111855_Steinhoff_collapse_a_failure_of_corporate_governance
[5] https://business.columbia.edu/sites/default/files-efs/imce-uploads/CJEB/Corporate%20Governance/CG%20update%20%232.Alicia%20Ogawa.Toshiba%20and%20the%20Myth%20of%20Corporate%20Governance.pdf
[6] https://legacy.acfe.com/report-to-the-nations/2024/
[7] https://www.cps.gov.uk/cps/news/former-council-employee-jailed-after-roofing-work-fraud-0
[8] https://www.justice.gov/usao-ndca/pr/former-netflix-executive-sentenced-30-months-bribes-and-kickbacks-netflix-vendors#:~:text=%E2%80%9CMichael%20Kail%20used%20his%20highly,that%20Kail%20will%20now%20serve.%E2%80%9D
[9] https://www.cps.gov.uk/west-midlands/news/cps-statement-sentencing-man-who-stole-more-ps340k-his-employer & https://news.sky.com/story/office-manager-who-swindled-bosses-to-fund-luxury-lifestyle-ordered-to-pay-back-six-figure-sum-13198260
© Copyright 2024. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.
