Failure to prevent fraud: What's the current status and what should organisations be doing now?

The new UK failure to prevent fraud offence is a game-changing offence. It makes it much easier to prosecute UK and non-UK companies for fraud, and will have a similar impact to the UK Bribery Act (which has resulted in multiple large deferred prosecution agreements under the ”failure to prevent bribery” offence). The UK government has said that it expects the “offence will encourage more companies to implement or improve prevention procedures, driving a major shift in corporate culture to help reduce fraud”.

In short, the new offence will make companies liable for fraud committed for their benefit (or the benefit of their clients) by employees, subsidiaries and third party service providers. The only defence for the company will be to have had in place reasonable procedures to prevent fraud. 

We are receiving queries from clients about when the UK government’s “reasonable procedures” guidance is due to be published, when the offence will come into force and what they should be doing now to prepare. 

In summary:

• we expect the “reasonable procedures” guidance to be published in early November 2024 (it was originally due to be published early this year). UK Finance is also due to publish sector-specific guidance for financial institutions (see here for more detail on the implications of the new offence for financial institutions);
• the offence will then likely come into force after a nine-month implementation period i.e. July or August 2025; and
• it is important that organisations take steps now to conduct a risk assessment in relation to the new offence, assess what relevant policies and procedures they already have in place and consider where enhancements need to be made.

We have published a series of articles summarising the offence, how to approach risk assessments, putting in place policies and procedures, and considerations in relation to tone from the top and training. We will be updating these when the final guidance is published. 

Many organisations have already started their preparation for the new offence, recognising that the reasonable procedures guidance will be high level, and that the procedures need to be tailored to the risks faced by each organisation.

We have summarised below some key considerations based on our experience of advising clients. 

Let us know if you would like help with understanding the new offence, how it might apply to your organisation or how to approach risk assessments, programme enhancement and training.

1. Ownership of risk assessments and procedures enhancement needs to be considered: fraud does not have one natural home in many organisations: many of our clients have put in place a cross-functional working group to input on risk assessments and enhancements to procedure. 
2. Senior management sign-off is likely to be expected: we expect the reasonable procedures guidance to set an expectation that senior management, the board or a designated individual sign off on the risk assessment and the procedures – it is important to involve them from the outset.
3. Extra-territorial jurisdictional issues needs to be considered in how procedures are designed: the new offence has a much broader jurisdictional scope than the UK Bribery Act (and less certain). It applies to both UK and non-UK companies wherever there is some kind of jurisdictional hook (for example conduct in the UK, gain or loss in the UK, or victims of fraud in the UK). Companies with global operations therefore need to decide whether or not to implement global anti-fraud procedures.
4. Organisations need to understand the details of how the offences operate in practice and conduct a detailed risk assessment: assessing how the underlying offences could arise in your organisation is crucial in order to put in place effective anti-fraud procedures. This is a detailed process which is likely to require a detailed understanding of the offences and input from Finance, Sales, Legal etc. (a UK government factsheet estimates this will take between 100 and 130 hours). See further our article on conducting risk assessments.
5. Most organisations do not have comprehensive anti-fraud policies and controls which address fraud for the organisation’s benefit: many clients have in place anti-fraud policies and procedures;  however in most cases, these focus on protecting the organisation from becoming a victim of fraud rather than preventing fraud for the organisation’s benefit. As a starting point, it is worth checking fraud policies, financial crime contractual provisions and third party due diligence and monitoring processes.  See further our article on putting in place policies and procedures.
6. Fraud training requires real thought: the underlying offences are complex and to a large extent turn on whether there has been dishonesty. This means there are a lot of grey areas (particularly compared to bribery, where the principles are generally easier to understand). In our experience scenario-based training which helps employees spot and escalate issues is crucial. Messaging from senior and middle management is also very important. See further our article on training and tone from the top (and middle).