Publication
COP29: It’s all about the money and paying to survive in this climate-challenged world
The 29th Conference of Parties (COP 29) will be held in Baku, Azerbaijan between 11 and 22 November 2024.
Global | Publication | June 2024
European watchdogs have long been focusing on enforcement against corporate crime with a great focus on anti-corruption, economic sanctions and money laundering. In recent years, a new focus is emerging – the fight against fraud is increasingly promoted to the front of enforcement agenda. This change in the enforcement landscape has significant implications on corporations which are active in Europe. As fraud is a wide concept which encompasses a great range of activities, the exposure of each organisation may be unique and so require a bespoke approach in establishing appropriate systems and controls.
In this blogpost, we canvas some recent fraud-related legislative developments across major European jurisdictions. That overview reveals that fraud is becoming a prominent item on the enforcement agenda. Considering those developments, we turn to explore some practical steps corporations active in Europe may consider implementing in preparing for the changing landscape.
European Union
A major step in the fight against fraud on a European Union level has been the creation of the European Public Prosecutor’s Office (EPPO), which started operating in June 2021. EPPO has a mandate to investigate and prosecute directly before the national courts criminal misconduct related to the EU budget. The vast majority of its cases relates to different forms of fraud, including VAT fraud, subsidy fraud and misappropriation of public funds. Ever since its establishment, EPPO has been an active enforcer and in 2023 alone, it opened 1371 investigations, which is a 58 percent increase as compared to 2022.1
EPPO’s track record of effectiveness, especially in relation to cross-border misconduct, may come from its structure (a single office with decentralised structures in 42 locations in various Member States), as well as from its close cooperation with Europol and national enforcement authorities. EPPO’s enforcement efforts are likely to increase even more in the future as may be indicated by a comment by European Chief Prosecutor, Laura Codruța Kövesi, that about 90 percent of fraud in the EU still remains off the enforcement authorities’ radar.2
France
In France, fraud is generally not considered as a separate criminal offence but can rather form a material element of several criminal provisions under the French Criminal Code, including swindling, breach of trust, extortion and falsification. In particular, tax evasion is at the centre of France's fight against fraud and the French authorities take an increasingly rigorous approach when it comes to detecting and prosecuting tax fraud.
The introduction of the 2018 Anti-Fraud Act represented a first step in strengthening France's criminal legal arsenal against tax fraud. The number of suspected tax fraud cases that is on the radar of the public prosecutor is continuously rising as the 2018 Act introduced a duty for the French tax administration to refer significant cases to the public prosecutor.
More recently, new efforts to strengthen the levers for combatting tax fraud in France have been adopted. The French Parliament approved the French Finance Act (FFA) for 2024 (Loi de finances pour 2024) which was published on 30 December 2023 and took effect in January 2024. The FFA created, among other measures, a new and autonomous criminal offense for the provision of instruments that facilitate tax fraud (article 1744 of the French Tax Code). Individuals or legal entities that make available “legal, tax, accounting or financial means, acts or instruments, with the aim of enabling one or more third parties to fraudulently evade the assessment or payment of all or part of taxes” can now be prosecuted and face severe penalties for their complicity in tax fraud.
Germany
Like France, Germany is also focusing heavily on tax fraud and has been at the forefront of criminal investigation and prosecution of tax fraud related to the payment of dividends, also known as ‘dividend stripping’. In 2021, Germany’s highest court, the Federal Court of Justice, clarified that a dividend stripping scheme, called ‘cum-ex’ transaction, is considered fraudulent and amounts to criminal tax evasion. The decision prompted a wave of investigations and prosecutions which are continuing.
In the past few years, accounting fraud has also been on German legislative and regulatory agenda. On 3 June 2021, the German legislator has passed the Act to strengthen the Financial Market Integrity (Gesetz zur Stärkung der Finanzmarktintegrität), which fundamentally reformed the accounting control procedure (Bilanzkontrollverfahren), to strengthen the integrity and stability of the German capital market.
Portugal
In Portugal, in December 2021, the Parliament enacted a law which created a General Regime for the Prevention of Corruption and related offences (Regime Geral de Prevenção da Corrupção, RGPC).4 The regime started to apply to large companies in June 2023, and will start to apply to mid-size companies in June 2024 (i.e. companies with 50 or more employees). While the name suggests a focus on corruption, the new regime also covers “related offences”, which include fraud-adjacent misconduct, such as embezzlement or subsidy fraud.5 The new piece of legislation obliges large and mid-size companies to conduct risk assessment related to corruption and related offences, and to create and implement a prevention plan.
The implementation of RGPC is being supervised by the National Anti-Corruption Mechanism (Mecanismo Nacional Anticorrupção, MENAC). MENAC will be able to issue administrative penalties for non-compliance with the RGPC. However, its supervision is also likely to result in enhanced detection and criminal enforcement of corruption and related offences, including fraud.
The Netherlands
A recent study conducted in the Netherlands and Belgium revealed that 79 percent of the organisations that participated experienced internal and external fraud (attempts) and that a majority of them suffered actual damage as a result of that. The biggest concerns of organisations regarding fraud and scams are the loss of (online) data and other forms of cybercrime.6 Dutch enforcement authorities, in particular the Dutch Public Prosecution Service (Openbaar Ministerie), are increasingly focusing on cybercrime as a form of fraud and have committed themselves to strengthen enforcement thereof under the Dutch Cybersecurity Strategy for 2022-2028. Recently, joint efforts of enforcement authorities participating in an international taskforce, including Dutch authorities, have led to a significant breakthrough in the fight against cybercrime by taking down the criminal operation of the LockBit ransomware group.7
And similar to its neighbour Germany, the Netherlands is heavily focused on combating large-scale dividend stripping and other forms of tax fraud. The Dutch Public Prosecution Service believes that dozens of people and institutions were involved in dividend stripping that has cost the Dutch Tax Administration (Belastingdienst) EUR 26 billion in missed taxes since 2000.8
United Kingdom
The UK government considers fraud as the most common crime, accounting for over 40 percent of all offences in England and Wales together.9 To respond to this threat, in May 2023, the Home Office launched the Fraud Strategy, which aims to strengthen anti-fraud enforcement and to empower the public to report fraud.10
As a part of that effort, UK legislators have recently reformed the rules on corporate liability (to expand this so that companies are found liable for a range of economic offences where these are committed by ‘senior managers’ – see our article here for more information) and introduced a new criminal offence of ‘failure to prevent fraud’.11This offence is expected to enter into force this year. The failure to prevent fraud offence will make it an offence for a company to fail to prevent fraud committed by its ‘associated persons’ (which includes employees, subsidiaries and third parties), where the fraud is committed for the benefit of the company or its clients. The only defence will be to show that the company had in place ‘reasonable procedures’ to prevent fraud. This demonstrates a commitment to combatting fraud, and also emphasises the importance of robust corporate compliance programmes.
The new offence applies to ‘large’ companies12 (although in practice small companies may also be required to implement reasonable fraud prevention procedures, as they may be the ‘associated person’ of a large company).
Importantly, the jurisdictional reach of the offence is broad. It will apply to non-UK companies where part of the offence takes place in the UK – such as a meeting or communication in the UK – or where there are victims in the UK, which could include investors or counterparties. It will also apply for certain offences where there is a gain in the UK. This means that whether a company is subject to the offence will vary depending on the specific circumstances in which the fraud takes place. Many multinational companies are therefore conducting risk assessments and enhancing fraud procedures on a global basis.
Further information on the offence can be found in our UK team’s article here.
In light of this increased focus on combatting fraud, corporations operating in Europe may want to consider revisiting their current internal systems and controls aimed at addressing fraud risks. That risk encompasses at least: (i) active fraud, that is practices in which the company, its employees or those operating on its behalf engage in fraudulent activities for the benefit of the company and / or the individual themselves; as well as (ii) passive fraud, that is incidents when companies themselves are the victim of fraudulent activity. Most companies tend to have compliance programmes targeting passive or ‘inward’ fraud, but very limited – if any – procedures addressing active or ‘outward’ fraud. In light of the evolving legislative framework, companies therefore may have some considerable work to do to enhance and / or implement an effective fraud prevention programme.
Steps that corporations may consider implementing in preparing for the growing risk of fraud include the following:
Fraud is increasingly becoming an area of attention for corporations operating in Europe. In various jurisdictions, legislative changes reflect the increasing attention that enforcement authorities pay to the combat against fraud. Corporations wishing to prepare for the changing landscape should consider the dual risk of fraud – active and passive – for their organisations, taking into account their activity and areas of exposure. Revisiting their own compliance programmes and updating existing systems and controls to meet the growing challenge is essential to mitigate the risks and allow organisations to stay out of trouble.
For more information, please don’t hesitate to contact the authors.
Publication
The 29th Conference of Parties (COP 29) will be held in Baku, Azerbaijan between 11 and 22 November 2024.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023