Publication
Proposed changes to Alberta’s Freedom of Information and Protection of Privacy Act
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
United Kingdom | Publication | May 2024
A new “failure to prevent fraud” offence (the FTPF Offence) has been introduced as part of the Economic Crime and Corporate Transparency Act (the Act).
The Act received Royal Assent on 26 October 2023. It is expected that the new FTPF Offence will come into force after an implementation period following guidance being issued on ‘reasonable procedures’ by the government. This is expected in early summer 2024, so the new offence could come into force in late 2024 / early 2025.
This forms part of broader reforms of UK corporate criminal liability (which also replace the “directing mind and will” test for corporate criminal liability with a new “senior managers” test which is likely to make prosecuting organisations for criminal offences much easier more generally (for more detail please see here)). This change to the corporate criminal liability is already in effect.
Coupled with the renewed focus of the Serious Fraud Office (SFO), Financial Conduct Authority (FCA) and other authorities on the prevention of fraud, this offence is expected to significantly shift the landscape for organisations both in the UK and internationally, in a similar way to the impact of the UK Bribery Act (UKBA) more than a decade ago. In particular, it shifts the focus from organisations as victims of fraud (inward fraud) to make it easier for organisations to be prosecuted for fraud committed by employees or third parties that the organisation benefits from (outward fraud).
It also effectively requires many organisations to make significant enhancements to – or implement - fraud compliance programmes in order to prevent a wide range of fraud offences.
The new offence makes an organisation liable if it fails to prevent a specified fraud offence (see details below) from being committed where: (i) an employee or agent commits the fraud; and (ii) the fraud is intended to benefit the organisation or a person to whom services are provided on behalf of the organisation.
Importantly, the offence has a defence of “reasonable procedures” to prevent fraud. This means it effectively requires organisations to review and enhance their anti-fraud systems and controls to cover fraud committed for their benefit by employees, subsidiaries or third party agents.
The scope of application of the new offence has been a subject of debate. The new offence applies to ‘large organisations’. The threshold for this would be met where an organisation satisfies two or more of the following conditions in the financial year preceding the year of the offence: (i) more than 250 employees: (ii) more than GBP 36 million turnover; and / or (iii) assets of more than GBP 18 million.
In practice, however, smaller organisations will still have to consider putting in place, or reinforcing, their anti-fraud procedures – given that they may be the ‘associated person’ of a large organisation, meaning the large organisation will likely require them to have in place reasonable procedures to prevent fraud.
Non-UK companies may be more likely to be caught by the new offence than by offences under the UK Bribery Act. It will apply to companies where part of the offence takes place in the UK – such as a meeting or communication in the UK – or where there are victims in the UK (which could include investors or counterparties). It will also apply for certain offences where there is a gain in the UK.
In practice, this makes the jurisdictional scope somewhat unpredictable and means that whether a company is subject to the offence will vary depending on the specific circumstances in which the fraud takes place, as well as from transaction to transaction, and as a company’s investor, counterparty and consumer profiles change.
Non-UK companies with no UK nexus, but who use a third party for services that operates in part in the UK may therefore be brought within the jurisdiction of the offence.
As a result, non-UK companies will therefore need to assess whether the acts of their employees, subsidiaries, or agents are likely to give rise to liability for the company under the new offence. Multinationals will need to consider whether enhancements to their anti-fraud policies and procedures are rolled out group-wide, or just in jurisdictions/business units with exposure to the UK.
The offence applies to the fraud and false accounting offences which the government considers are most likely to be relevant to large corporations. These are:
The types of conduct that could be caught are broad. To name a few examples, offences could arise out of warranties and representations made in transaction documents, prospectuses, annual reports, and insurance claims; false statements by directors to shareholders; or by third parties misrepresenting the quality of products or services to increase sales and improve the financial outlook for the company.
Crucially, there would have to be dishonest intent for an offence to be committed.
The underlying offence of cheating the public revenue may also cross over with organisations’ existing obligations under the failure to prevent tax evasion offences introduced under the Criminal Finances Act 2017 and so it may be possible for organisations to build on existing procedures already in place in this regard.
The “failure to prevent” model will make it easier to prosecute organisations compared to the previous position, in which an organisation will only be held liable for fraud where a “directing mind and will” (or, following the expansion of this doctrine by the Act, a “senior manager”) has been directly involved. In practice, it has been very difficult to attribute liability for fraud to organisations, particularly large international groups.
There will also be an increased risk of private prosecutions being brought by individuals who are victims of fraud.
We also envisage an increase investigations by the SFO (and other authorities) into fraud related offences, and in the number of organisations entering into deferred prosecution agreements (DPAs) in relation to fraud, effectively settling the case without any formal requirement to admit criminal liability. Once the offence is in force, organisations which identify conduct covered by the new offence will have to consider carefully the risks and benefits of a DPA, particularly given the risk of parallel civil claims.
The government has announced that it will produce specific guidance providing organisations with information about what reasonable procedures will look like (akin to the UKBA adequate procedures guidance). This is expected in early summer. Specific guidance for financial institutions is anticipated, but other sector specific guidance is not anticipated. As part of this, the government will also likely need to clarify how, for regulated firms, this will interact with existing financial crime processes required.
Given the time it takes to put in place effective compliance policies and procedures, pending the guidance being published and as a first step, organisations should consider whether any existing fraud risk assessment covers outward fraud: in our experience of speaking to clients the majority of organisations do not have this in place already. The risk assessment should be reviewed by reference to fraud issues the organisation and/or its peers have encountered. As highlighted above, there are a broad range of potentially complex offences covered and therefore risk assessments will need to be wide ranging and incorporate input from a number of different functions within an organisation. Organisations should make sure that the individuals tasked with conducting a risk assessment and putting in place procedures have a sufficient understanding of the offences covered: it is therefore important that legal and compliance are closely involved to ensure the nuances of the offences are addressed both in the risk assessment itself, and in policies and the procedures to implement them. Our article on how to conduct effective risk assessments can be found here.
Based on the results of their risk assessment, organisations should ensure that their anti-fraud policies, systems and controls manage the risks identified effectively, including:
Other changes have been introduced through reforms to the role of Companies House. For more information on these, please see our article here.
Publication
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
Publication
On December 15, amendments to the Competition Act (Canada) (the Act) that were intended at least in part to target competitor property controls that restrict the use of commercial real estate – specifically exclusivity clauses and restrictive covenants – came into effect.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023