UK investigations and financial crime: Horizon Scanning
As anticipated in our previous blog post on predictions for 2023, this year has brought about significant developments in investigations and a real focus on fraud. Looking ahead to the second half of 2023, we predict that developments affecting UK business or those doing business in the UK will include:
- continued reform of corporate criminal liability, including greater clarity on the new failure to prevent fraud offence and the implementation of the government’s new fraud strategy;
- increased litigation involving sanctioned Russian individuals and entities;
- an increased focus from the FCA and PRA on cooperation by firms and individuals subject to investigations;
- the introduction of an anti-greenwashing rule by the FCA as part of the broader regulatory focus on greenwashing, which is also an enforcement priority for the CMA and ASA; and
- further UK and EU legislative changes requiring companies to conduct due diligence and report on ESG risks, both in relation to human rights and the environment.
Fraud
Economic Crime and Corporate Transparency Bill
The Bill contains significant developments including: (i) an expansion of the role and powers of Companies House and (ii) a new failure to prevent fraud offence.
- Companies House as a regulator: The Bill includes significant reforms to the role of Companies House, giving Companies House improved investigation and enforcement powers. In particular, there is a focus on identity verification measures for new and existing companies, directors and persons with significant control and there will be enhanced information sharing powers between Companies House and other law enforcement agencies with a view to assisting money laundering and financial crime investigations.
- Failure to prevent fraud: Under the proposed offence for failure to prevent fraud, an organisation will be liable if it fails to prevent an associated person from committing a specified fraud offence, and the fraud is carried out for the benefit (directly or indirectly) of the company (or a person to whom services are provided on behalf of the company). Organisations will have a defence if they can prove that ‘reasonable procedures’ were in place at the relevant time, which were designed to prevent associated persons from committing an offence. The offence is likely to come into force in 2024. See our articles here and here and listen to our webinar here for more details on the proposed offence, the costs of implementation and what organisations should be doing now to prepare.
- Reform to the identification doctrine: On 15 June, a proposal was submitted for the Economic Crime and Corporate Transparency Bill to bring “senior managers” within the scope of who can be considered as the “directing mind and will” of a business. The extent of the impact of this will depend on how widely the term “senior managers” is interpreted in practice, but the reform is likely to make it easier to prosecute larger corporates for economic crime offences without having to rely on “failure to prevent” offences.
Anti-fraud strategy
In May, the UK government published its fraud strategy paper: Fraud Strategy: Stopping Scams and Protecting the Public.
The prevalence of fraud in the UK cannot be overstated: victims of fraud reported losing £2.35 billion in 2021 and recent research estimates fraud losses in 2021 equate to some £137 billion. UK Finance reported that in the payment industry, £1.2 billion was stolen through fraud in 2022. The new fraud strategy has three principal overarching objectives: “pursuing fraudsters”; “blocking fraud”; and “empowering people”.
The government intends its strategy to reduce fraud by 10% by 2025. While the report runs to nearly 70 pages, there are few proposals likely to reduce significantly the prevalence of fraud in the UK (in large part because the resourcing appears insufficient). The report does include two significant new changes that are underway: the creation of a Failure to Prevent Fraud offence (as set out above) and the imposition of duties to tackle fraud on social media platforms (with fines for non-compliance). See our blog here for more details.
Online Safety
Online Safety Bill
The Online Safety Bill (the OSB) is currently being reviewed by the House of Lords and plays a significant part in the government’s anti-fraud strategy. The OSB aims to enhance online safety through the introduction of legislation to protect both children and adults from illegal, harmful and fraudulent content online. Such legislation will set clear standards for companies that facilitate user-generated content, such as social media platforms and tech companies. The OSB will require social media platforms and search engines in particular to take specific steps to prevent paid-for fraudulent advertisements and user-generated scams from appearing on their sites. The new requirements will impose a legal duty of care to protect users from such fraud, prompting the removal of illegal, harmful or misleading content quickly once identified, and an additional duty to protect children from ‘harm’.
Ofcom will implement the new online safety regime. Further powers will be granted to Ofcom, to enable it to enforce online safety rules by creating codes of practice and imposing financial penalties for violations. Companies have the potential to be fined up to the greater of £18m, or 10% of their annual global turnover. Conduct may also give rise to criminal offences for senior managers who fail to respond to information and data requests from Ofcom.
Enforcement
So far in 2023, enforcement activity has largely focused on financial crime and anti-money laundering (AML), and we expect this to continue. Examples of recent enforcement decisions include FCA fines handed to UK banks, relating to AML and Listing Rules issues. In addition to the broader focus on financial crime and AML, we expect that the following will influence enforcement trends for the remainder of 2023 (in addition to ESG, which is dealt with below):
- Increased enforcement for breach of sanctions – As has been widely anticipated, we expect to see increased enforcement in light of the additional sanctions imposed as a result of the conflict in Ukraine. OFSI received resources to double the size of its investigations and enforcement teams during 2022, and, together with the NCA and the FCA, we expect there to be enhanced cooperation between the authoritiesand a greater focus on enforcement of any breaches of sanctions, particularly by financial institutions.
- An increased focus from the FCA and PRA on cooperation in enforcement –
- In a recent speech the FCA’s new joint Enforcement Head emphasised the importance she places on timely cooperation by firms, highlighted some positive examples, but stating that she often encounters “firms who have to be strong-armed into making things right, who seek to evade their responsibilities, who duck and dive to avoid doing the right thing”. The speech also emphasised the importance of the new Consumer Duty. The FCA has stated that serious breaches will be prioritised and that it will act “swiftly and assertively” where necessary.
- In addition, the PRA is proposing changes to their approach to enforcement, including introducing an Early Account Scheme (EAS). This would involve compelling firms to provide a detailed factual account based on their own investigation, together with relevant evidence. An enhanced settlement discount of up to 50% would apply where an investigation subject participates in the EAS and provides early admissions. However, the PRA has proposed that firms participating in the EAS would have to provide an attestation signed by a senior manager that there are no other related matters, relevant information or potential breaches of which the firm is aware. Depending on the exact formulation of this in practice, it could be quite a broad undertaking, particularly if an internal investigation has been conducted on an expedited basis.
However, this could have the scope to speed up resolution of PRA investigations substantially.
- Fewer SFO cases taken on – the HM Crown Prosecution Service Inspectorate has recently reported that the SFO has limited the number of cases it accepts, to ensure that existing cases are progressed effectively. Such a decision was taken in light of a lack of resourcing, resulting in overburdened staff. We expect this trend to continue, with the SFO focusing on fewer more significant matters. This may in effect lead to an informal quasi-declination process.
Information Sharing
We expect to see further steps taken towards facilitating data transfers from qualifying UK to US organisations, following statements issued in January, and then reiterated on 8 June 2023, in which the UK and the US announced a commitment in principle to establish a data bridge. From a UK perspective, this would align with the proposed EU-US Data Privacy Framework currently being assessed by the European Commission.
As it stands, UK businesses must have contractual obligations in place to ensure that protection and privacy standards are maintained when sending personal data to organisations within the US. The implementation of a data bridge will help to ease such a burden on businesses, whilst reducing costs and ensuring that the rights of data subjects are upheld. Further comment on this is set out in our blog here.
This follows information sharing agreements such as the Data Access Agreement entered into by the UK and the US in October 2022, enabling UK and US law enforcement to directly request data, rather than relying on the US-UK Treaty on Mutual Legal Assistance in order to access documents from the other jurisdiction – see our blog here for more information.
Sanctions
The UK Government has confirmed that as of 17 March 2023, Russia is the most sanctioned country in the world, with 1550 individuals and 180 entities subject to UK sanctions. As the scope of sanctions continues to increase, the English courts are already grappling with sanctions-related litigation and we expect to see more disputes arise as the year progresses.
The court in PJSC National Bank Trust & Anor v Boris Mints & Ors [2023] EWHC 118 (Comm), considered the effect of the Russian sanctions regime on litigation involving parties designated under sanctions. The decision confirms that sanctioned claimants can pursue proceedings in English courts and judgment can be entered in their favour without breaching sanctions. It was held that whilst a judgment can be an ‘economic resource’ and can create ‘funds’ for a sanctioned claimant, there is nothing to suggest that entering into a judgment would amount to ‘dealing’ with frozen funds. The decision confirms that sanctioned claimants can pursue proceedings in English courts and judgment can be entered in their favour without breaching sanctions. Such judgments will not require an OFSI licence. However, a licence will be required if the sanctioned party is required to pay costs to another party, provide security for costs or pay damages.
ESG
As expected, there has been increased attention on greenwashing from the FCA, Competition and Markets Authority and Advertising Standards Agency. It is expected that in Q3 2023, the FCA will impose an anti-greenwashing rule on all regulated firms, requiring firms to ensure that the name and marketing of their products reflect its sustainability profile. In addition, the FCA’s Policy Statement is expected to set out rules relating to sustainable investment labels and the qualifying criteria that firms need to meet in order to use a label.
In the EU, listed companies will be required to make ESG disclosures in their annual reports from 2024, as a result of the EU’s corporate sustainability reporting directive (CSRD), with other large companies required to do so from 2025. CSRD strengthens the existing Non-financial reporting directive (NFRD), including by requiring compliance with mandatory EU sustainability reporting standards (ESRS) being developed by the European Financial Reporting Advisory Group. Importantly for UK companies, CSRD will apply to non-EU companies with a branch or subsidiary in the EU, and at least €150 million of turnover in the EU.
Following closely behind CSRD is the proposed EU Corporate Sustainability Due Diligence Directive (CS3D), which will introduce new mandatory human rights and environmental due diligence obligations extending to the value chain, which will apply to both EU and non-EU companies, provided (in the case of non-EU companies) that they have a world-wide turnover of at least €150 million of which at least €40 million is generated in the EU. CS3D is therefore likely to apply to a large number of UK companies given that the EU remains the UK’s biggest export market. In the second half of 2023, the EU Parliament and Council will negotiate the final text of CS3D, which they hope to complete by the end of the year.
For its part, the UK government has repeated this year that it remains committed to strengthening the UK Modern Slavery Act (MSA) including by introducing mandatory disclosure criteria to be addressed in companies’ annual slavery and human trafficking statements, as well as establishing an enforcement body to monitor and impose penalties on companies for non-compliance. The government also confirmed in its 2023 Environmental Improvement Plan that it will introduce secondary legislation at the “earliest opportunity” to implement the 2021 Environment Act’s requirements on companies to undertake due diligence in relation to illegal deforestation in their supply chains.
With thanks to Grace Littlewood for her assistance with this post.