Further to our recent update, on 7 November 2024, the UK government published its long-awaited guidance on the failure to prevent fraud offence; setting out the key principles businesses must follow to remain compliant with the law, and implement reasonable procedures to ensure the availability of a defence.
We are arranging discussions and training on the new offence and its application with our expert team – please sign up to receive updates and further information.
Application and scope of the offence
The new offence will:
- mean businesses will be held liable for failing to prevent a fraud from taking place, even if they did not intend or deliberately cause that fraud (strict liability) unless the business can prove it had ‘reasonable procedures’ in place to prevent it from happening, or can prove (in very limited cases) that it was reasonable for them to not have procedures in place.
- mean businesses can be bound by the actions of their ‘associated persons’; employees, agents, subsidiaries, or anyone providing services on behalf of the organisation (meaning the company does not need to commit the act itself)
- come into force on 1 September 2025 (allowing businesses to review and overhaul their existing compliance procedures now)
- apply to “all large, incorporated bodies and partnerships” (including companies, limited partnerships, statutory organisations (e.g. NHS trusts and some charities)
- affect small organisations where they provide services for or on behalf of large organisations (where they may be classed as their ‘associated persons’)
- cover all existing fraud offences, for example, fraud by misrepresentation (Fraud Act 2006) or fraud by false accounting (Theft Act 1968)
- also apply to those incorporated overseas but with a UK nexus (e.g. the fraud took place in the UK, or the gain or loss occurred in the UK)
The offence will make it much easier for large organisations to be prosecuted by the CPS and the Serious Fraud Office (the ‘SFO’) for their connection to / involvement with fraud, with the SFO Director Nicholas Ephgrave announcing on 7 November that the SFO are “determined to act swiftly” and stressing that “time is now running short for corporations to get their house in order, and so I urge those affected to review their new responsibilities and prepare to meet them”.
This strong warning is worth heeding; for comparison, the failure to prevent bribery offence introduced in July 2011 has afforded the SFO multiple opportunities to prosecute and enter into deferred prosecution agreements and plea agreements with companies where previously the required criminal intent would not have been made out.
It has never been more important to ensure that your business is playing an active role in the prevention of economic crime, and is protecting itself from rogue actors by ensuring that it has clear procedures and training in place.
Reasonable procedures
An organisation whose associated persons have committed fraud will, from 1 September 2025, only be protected from prosecution if they had ‘reasonable procedures’ in place at the time to prevent the crime from happening.
It will not be enough that they did not play an active role or encourage the offending, or that no one senior knew about it. So what should those reasonable procedures look like?
The guidance sets out six principles for developing these procedures:
- Top level commitment
- Risk assessment
- Proportionate risk-based prevention procedures
- Due diligence
- Communication (including training)
- Monitoring and review
The guidance then provides non-prescriptive examples as to how companies can demonstrate that their procedures follow these 6 principles.
What is clear is that each organisation will need to have evaluated its existing policies and procedures in line with the new guidance and offence, and ensured that their policies are not generic; but instead tailored to the risk profile of their business, and genuinely committed to and communicated by its top level governance.
The guidance suggests, for example, that there needs to be a clear governance framework, with direct senior involvement, or a clearly designated individual e.g. a Head of Ethics and Compliance who should be responsible for the oversight of relevant procedures.
The guidance is keen to stress, however, that it is not a safe harbour:
- “even strict compliance with the guidance will not necessarily amount to having reasonable procedures where the relevant body faces particular risks arising from the unique facts of its own business that have not been addressed.” and
- “organisations cannot rely on this [guidance] alone, and should take legal advice on how the offence affects them”.
It is therefore important to consider the individual profile of your business, and whether your current procedures would be enough in the event of a fraud offence being committed.
How can we help?
Our team would be happy to discuss your business’ requirements with you and provide tailored legal advice as necessary to get you ready for September 2025.
