UK’s new failure to prevent fraud offence and how it impacts non-UK companies

What is the new offence?

The new offence will make a ‘large’ organisation liable if it fails to prevent a fraud offence (see details below) where:

1. it is committed by its employees, subsidiaries or service providers (each an associated person); and
2. where the fraud is intended for the benefit of the company or a person to whom the associated person is providing services on behalf of the company.

An organisation is a ‘large’ organisation if it satisfies two or more of the following conditions in the financial year preceding the year of the offence: (i) it has more than 250 employees; (ii) it has more than GBP 36 million turnover; and/or (iii) it has assets of more than GBP 18 million. In practice, however, smaller organisations will still have to consider putting in place, or reinforcing, their anti-fraud procedures, given that they may be the ‘associated person’ of a large organisation, meaning the large organisation will require them in the charter party, for instance, to have in place reasonable procedures to prevent fraud.

The only defence to the failure to prevent fraud offence is for the organisation to have in place reasonable fraud prevention procedures. Importantly, these procedures will need to focus on fraud for the benefit of the company (whereas many companies’ current anti-fraud policies, if any, would focus on protecting the company from becoming a victim of fraud).

Scope of the new offence

The offence applies to the fraud and false accounting offences which the UK government considers are most likely to be relevant to large organisations. These are:

• fraud by false representation (section 2, Fraud Act 2006)
• fraud by failing to disclose information (section 3, Fraud Act 2006)
• fraud by abuse of position (section 4, Fraud Act 2006)
• obtaining services dishonestly (section 11, Fraud Act 2006)
• participation in a fraudulent business (section 9, Fraud Act 2006)
• false statements by company directors (Section 19, Theft Act 1968)
• false accounting (section 17, Theft Act 1968)
• fraudulent trading (section 993, Companies Act 2006)
• cheating the public revenue (common law)

The types of conduct that could be caught are broad. Offences could arise, for example, out of warranties and representations made in transaction documents, prospectuses, annual reports, and insurance claims. Crucially, there would have to be dishonest intent for an offence to be committed.

The “failure to prevent” model will make it easier to prosecute organisations compared to the current position, in which an organisation will only be held liable for fraud where a “directing mind and will” has been directly involved.

For a more detailed summary of the new offence please see UK failure to prevent fraud offence: What do you need to do now? | Global law firm | Norton Rose Fulbright

How will the new offence apply to non-UK companies?

Non-UK companies may be more likely to be caught by the new offence than the UK Bribery Act ‘failure to prevent’ offence. The new offence’s extraterritorial jurisdiction operates in a very different way to the ‘failure to prevent’ bribery offence under the UK Bribery Act and gives non-UK organisations very little certainty: whether or not they are within its jurisdiction will vary depending on the facts of the fraud in question.

Under the UK Bribery Act, the ‘failure to prevent’ offence applies to companies and other organisations “carrying on a business, or part of a business in the UK”. Non-UK companies can, therefore, assess whether or not they are likely to be caught by the UK Bribery Act by reference to the nature and location of their business operations. By contrast, the new failure to prevent fraud offence will apply to a non-UK company where an employee, subsidiary or service provider commits a fraud offence under UK law for the company’s benefit. This could be triggered:

1. where part of the offence takes place in the UK – such as a meeting or communication in the UK;
2. where there are victims in the UK (which could include investors or counterparties); and / or
3. (for certain underlying fraud offences), where there is a gain in the UK.

This means that whether or not a non-UK company is subject to the jurisdiction of the failure to prevent fraud offence will vary from transaction to transaction, and as its investor, counterparty and consumer profiles change. But it is likely that a shipping company contracting with a multinational company will be obliged under the agreement to put measures in place to prevent committing an offence.

Many non-UK companies will therefore now need to establish whether the acts of their employees, subsidiaries, or agents are likely to give rise to liability for the company under the new offence (and if so the extent to which they should reinforce their anti-fraud compliance programmes). Multinationals will need to consider whether enhancements to their compliance policies and procedures should be introduced group-wide, or just in jurisdictions/business units with exposure to the UK and it is likely that, as part of this assessment, they will require ship operators to adopt these procedures through more extensive and demanding charter party terms and audit requirements. However, simply agreeing to English law in contractual documents will not in and of itself mean that the Act is applicable.

Another factor which companies need to consider is that even where they do have in place anti-fraud policies and procedures, most focus on circumstances where the company is the victim, rather than the beneficiary of fraud. Even companies with very sophisticated compliance programmes will have to consider whether their current procedures cover the new offence – and in many cases the answer will be no.

What should non-UK companies be doing now?

The UK Government is expected to produce specific guidance providing organisations with information about what reasonable procedures will look like in early summer. This is expected to follow a similar format to the UK Bribery Act adequate procedures guidance. Pending guidance being published and as a first step, UK shipping organisations should enhance their existing risk assessment to cover outward fraud, so that they can begin to build upon and / or implement reasonable fraud prevention procedures. See our article here for practical tips on conducting risk assessments.

In parallel, non-UK shipping organisations and multinationals should assess any potential UK nexus (for example in terms of UK counterparties, UK investors/consumers, decisions or communications taking place in the UK, or the extent to which its associated persons operate in the UK) in order to determine whether they are likely to be caught by the new offence, and if so where a jurisdictional trigger is most likely to arise. Non-UK shipping companies will also need to consider the requirements of counterparties on transactions who might require them to have robust anti-fraud procedures in place as part of the counterparty’s management of its own fraud risk.

If a UK nexus is identified, these organisations should then determine ownership of the fraud risk assessment, how this should be conducted and where this should be focussed, and reinforce their compliance policies and procedures accordingly, for example consider relevant training, due diligence and financial controls.