Why is fraud on the agenda?
Fraud is now on the agenda for most companies, especially those with a diverse set of risks from their operating ecosystem, like that of the food sector.
The main driver behind fraud’s new spotlight is The Economic Crime and Corporate Transparency Act 2023, which received Royal Assent on 26 October 2023.
As the name suggests, the Act is related to economic crime and corporate transparency and looks to cover company conduct, limited partnerships and other kinds of corporate entity. It also deals with issues aimed at strengthening the integrity of the Companies Register. Importantly, the Act is central to the Government’s effort to put fraud prevention at the top of the corporate agenda and encourage cultural change in respect of fraud prevention in the UK.
As part of this goal, the UK Government has introduced a new corporate offence of ‘failure to prevent fraud’ which is designed to mirror the corporate offence of ‘failure to prevent bribery’ that emanated from the Bribery Act 2010. Yet more red tape, I hear you cry?
Well, yes, but I hope to persuade you that such ‘red tape’ provides an opportunity to create a better society and a more sustainable financial approach for the benefit of us all.
What is all the fuss about?
In the case of economic crime, and particularly fraud, the Government has realised that there are too many loopholes currently being exploited. This is demonstrated by the level of reported fraud which now accounts for 41% of all crime in the UK.
Experts believe that reported fraud is only the tip of the iceberg, with many fraud incidents remaining undetected. Crowe’s Annual Fraud Indicator Report estimates that annual losses to fraud in the UK are £219bn; of that, losses in the private sector are estimated to be £157.8bn.
The vast cost of fraud to the UK economy, together with the widespread nature of the issue, creates very real pressure on UK businesses who must continue to operate in this hostile environment and maintain healthy margins. Fraud is not unique to any particular sector, but each sector has its own specific risks and challenges.
The UK food and beverage industry represents a perfect storm for fraud risk given the complex global supply chains involved, the need to maintain confidentiality around recipes and ingredients, disruption in the supply of specialist ingredients, and heavy reliance on reputation and consumer confidence.
These are all factors that create risk in terms of tempting bad actors to commit fraudulent acts to try and better the position of themselves and their business. Economic crime tends to increase during times of economic hardship, uncertainty or instability, where bad actors seek to cover losses or fund lifestyles they can no longer sustain. The UK economy has suffered a number of years of sustained pressure which can only add to this melting pot of risk.
What is the UK Government doing and why?
Evidently, the Government cannot rely on businesses to self-regulate. Recent research from Foot Anstey demonstrates that despite 45% of businesses having to act due to fraud caused by an employee or contractor in the last 12 months, only 47% of those surveyed had anti-fraud policies in place.
Over a number of years, the Government has introduced legislation designed to make the UK a clean place to do business, by putting responsibility on corporates to act in a way to prevent economic crime.
In 2010 the Bribery Act was introduced, creating a new corporate criminal offence of ‘failure to prevent bribery’. This was followed by the Criminal Finances Act in 2017, which created a ‘failure to prevent offence’ in relation to facilitating tax evasion. So we had two economic crime laws dealing with corporate transparency, which have now been joined by the introduction of the ‘failure to prevent fraud' offence through The Economic Crime and Corporate Transparency Act 2023.
The Government has stated that under the new offence, an organisation will be liable where a specified fraud offence is committed by an employee or agent, critically, for the organisation’s benefit, and the organisation did not have reasonable fraud prevention procedures in place.
It does not need to be demonstrated that company bosses ordered or knew about the fraud.
Importantly, the organisation will not be guilty of the ‘offence of failure to prevent fraud’ where the organisation itself was, or was intended to be, a victim of the fraud.
The offence applies to all sectors, but will only affect organisations meeting two of the three following criteria:
- More than 250 employees
- More than £36 million turnover
- More than £18 million in total assets
The offence captures the fraud and false accounting offences most likely to be relevant to corporations, namely:
- Fraud by false representation (section 2 Fraud Act 2006)
- Fraud by failing to disclose information (section 3 Fraud Act 2006)
- Fraud by abuse of position (section 4 Fraud Act 2006)
- Obtaining services dishonestly (section 11 Fraud Act 2006)
- Participation in a fraudulent business (section 9, Fraud Act 2006)
- False statements by company directors (Section 19, Theft Act 1968)
- False accounting (section 17 Theft Act 1968)
- Fraudulent trading (section 993 Companies Act 2006)
- Cheating the public revenue (common law)
By introducing this new corporate criminal offence, the Government is trying to create a culture change across the corporate world to close the loopholes that bad actors seek to exploit. The hope is that this will push corporates to gain a deeper understanding of their business, and operate their finances transparently (think Patisserie Valerie) and who they employ or do business with.
The draft guidance on reasonable or adequate procedures that sits alongside the ‘failure to prevent fraud’ offence is aimed at encouraging best practice to prevent the opportunity for fraud. The guidance mirrors the guidance for the ‘failure to prevent bribery’ offence which was governed by the following six principles:
- Proportionate procedures – procedures should be proportionate to the risk faced by the organisation and to the nature, scale and complexity of its commercial activities.
- Top-level commitment – there should be a commitment to prevention procedures by top-level management fostering a culture within the organisation in which bribery (or in this case fraud) is never acceptable.
- Risk assessment – assessment should be periodic, informed and documented.
- Due diligence – due diligence procedures should be applied taking a proportionate and risk-based approach in respect of those who perform or will perform services for or on behalf of the organisation.
- Communication (including training) – prevention procedures should be embedded and understood throughout the organisation and form part of both internal and external communication.
- Monitoring and review – ongoing monitoring and review of procedures and making improvements where necessary.
What 5 things can your business do now to prepare for this new legislation?
- Risk assessment – take the time to understand the different fraud offences caught by the Act, how your people define ‘fraud, and how fraud might be perpetrated within your business. For example, the offences included within the scope of the Act cover a broad range of conduct, from false statements in company accounts and other company documents such as sales materials and insurance claims, to mis-selling and rogue trading.
- Due diligence – if not already in place, you can begin to roll out updated due diligence procedures for employees and agents who perform or will perform services for or on behalf of your business. This should be proportionate and risk-based, and therefore must align with the specific roles and authority held by any employee or agent. For example, it would be prudent to subject all directors to enhanced due diligence as a matter of course. In addition, those with responsibility for corporate governance, procurement or finance may also require enhanced due diligence.
- Whistleblowing – ensure that your organisation has a whistleblowing policy in place so that employees (who are your eyes and ears) can anonymously report any suspicious behaviour or concerns they might have about a fellow employee or agent without risk of reprisal against them.
- Allocation of responsibilities – ensure that individuals within your organisation understand their responsibilities (and risk) and how they fit into any prevention procedures. It is particularly important that senior managers are fully aware of policies and procedures on fraud and other offences1 as the Act also brings in changes to the ‘identification doctrine’2 – a legal test for determining whether the actions of a natural person (i.e. individual) can be attributed to a corporate to create criminal liability for the corporate. Under current law, the natural person in question must be the ‘directing mind and will’ of the company for its actions to be attributed to the company. The changes mean that the ‘directing mind and will’ test will be replaced by a new test based on whether or not the individuals involved are considered to be senior managers of the company. This change applies to all companies not just large corporates. Not all offences will carry an adequate procedures defence.
- Make training relevant – internal training is an important part of developing adequate prevention procedures. It is essential to make such training relevant using real-life stories and examples to put the black letter law into its practical context. This aids employees in understanding their role in preventing fraud.
References
- Schedule 12 of the Act provides a list of offences to which the new identification doctrine will apply including theft, various fraud and tax offences, bribery offences under the Bribery Act, money laundering offences under the Proceeds of Crime Act 2002 and terrorist financing offences under the Terrorism Act 2000.
- s.196 of the Act