Failure to prevent fraud: When is the law coming into force?

In a major move to combat corporate fraud and protect victims, the UK government is creating a new “failure to prevent fraud” offence, marking a significant shift in how businesses will be held accountable. The legislation targets large organisations and could see them hit with hefty fines if employees commit fraud for their benefit, even if executives were unaware.

Why is this happening?

Existing powers to fine and prosecute organisations and their employees for fraud often face loopholes, allowing some companies to escape accountability. This new offence plugs those gaps and encourages a shift towards stronger internal controls.

Fraud, the most common crime in the UK, can take various forms, impacting individuals, other businesses, and even taxpayers. The new offence aims to deter such acts and offer greater protection to victims.

While small and medium-sized enterprises (SMEs) are often victims of corporate fraud, the offence will only apply to large organisations based on specific size criteria, ensuring proportionality and minimising undue burden.

The new failure to prevent fraud law forms part of broader reforms of UK corporate criminal liability which replaces the “directing mind and will” test for corporate criminal liability with a new “senior managers” test which is likely to make prosecuting organisations for criminal offences easier. 

How does the law work?

The offence covers fraud and false accounting committed by employees or agents for the organisation’s benefit, provided reasonable fraud prevention procedures weren’t in place.

Organisations can avoid prosecution by having “reasonable” procedures, defined by government guidance, but the onus is on them to demonstrate these measures.

Unlimited fines, tailored to specific cases, will be the penalty for convictions. However individual liability for company bosses is excluded, focusing instead on organisational accountability.

Who does failure to prevent fraud apply to?

The offence applies to all large corporations, subsidiaries, partnerships, and even large non-profits and public bodies. While the Economic Crime and Corporate Transparency Act has received royal assent, the law will enter into force once the government has published guidance acceptable fraud prevention measures.

The offence list initially targets specific fraud and false accounting offences deemed most relevant to corporations, with potential future expansion within the realm of economic crime.

Implications for Businesses

This new legislation necessitates stronger internal controls and fraud prevention systems. Risk assessments, training and clear communications are all vital tools for reasonable procedures. 

Where does the law apply to?

The offence applies even if the organisation and employee are based overseas, as long as the fraud targets UK law or victims.The introduction of the “failure to prevent fraud” offence represents a significant step in the UK’s fight against corporate crime. Its focus on organisational accountability and the potential for heavy fines means businesses should take fraud prevention training seriously.

Sign up for our failure to prevent fraud webinar here.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.