A new ‘failure to prevent’ fraud offence will shake up corporate compliance

The ‘failure to prevent’ concept is being expanded to fraud, false accounting and money laundering

The UK government have announced they are pushing ahead with a game-changing new regulation to expand the ‘failure to prevent’ family of offences to failure to prevent fraud. 

The announcement came during Parliamentary debate over the Economic Crime and Corporate Transparency Bill which aims for a wide-reaching attempt to tackle all aspects of economic crime, along with reform of Companies House.

Within the failure to prevent fraud offence, there could also be a separate offence of failure to prevent false accounting, and potentially a failure to prevent money laundering offence for the regulated sector. 

Proposed amendments could even see corporate officers jailed if they take a decision, or fail to take a decision, that could lead to economic crime such as fraud, false accounting or money laundering being committed.

What is failure to prevent?

Under UK law, a corporation can face a criminal prosecution if it fails to prevent certain actions being undertaken by their employees or even contractors. Failure to prevent encompasses a wide array of compliance failures, from not having the right policies in place, to a lack of procedures to even training courses that aren’t effective in delivering the right information to employees. 

Currently, UK law recognises two corporate criminal offences under the ‘failure to prevent’ principle. These are failure to prevent the facilitation of tax evasion, and the failure to prevent bribery.

In both these cases, a business can avoid prosecution if it has reasonable procedures in place in the case of tax evasion, and adequate procedures in place in the case of bribery. Reasonable and adequate procedures essentially mean the same thing in practice, the only difference is that following a risk assessment, deciding to have no procedures can be considered reasonable to prevent the facilitation of tax evasion, but having no procedures could not be considered adequate to prevent bribery.

Who does it cover?

The amendments are not final yet, but if it is modelled on previous failure to prevent laws against bribery and tax evasion, then it could cover all businesses in the UK, or those with a UK nexus. This can mean as little as having an office or staff in the UK.

It’s unclear at this point whether the new failure to prevent offences will cover all businesses, or only the regulated sector.

The original amendment was introduced by former justice secretary Robert Buckland who had gathered cross-party support in Parliament to introduce the failure to prevent fraud offence. This was also recommended by a report from the House of Lords in November 2022. 

Robert Buckland then withdrew his amendments when the security minister Tom Tugendhat told the House the government would move an amendment to bring about the offences.

There is still discussion over whether the government will introduce a single failure to prevent fraud offence, or separate offences of failing to prevent fraud, false accounting and money laundering.

The failure to prevent fraud and failure to prevent false accounting would cover all businesses in the UK, like the existing corporate tax evasion and bribery offences, whereas the failure to prevent money laundering would only affect the regulated sector. 

What are the proposed amendments?

The legislation is not yet finalised and won’t be until it is passed by the House of Lords and House of Commons, however the initial amendments that were proposed introduced the following regulations:

NC4 – Offence of failure to prevent fraud, false accounting or money laundering
This new clause introduces a new criminal corporate offence for failure to prevent fraud, false accounting and money laundering, by aligning it with other corporate criminal offences.

NC5 – Identification doctrine
This new clause reforms the “identification doctrine,” so that a body corporate commits an economic crime offence where the offence is committed with the consent, connivance or neglect of a senior manager or senior managers.

NC6 – Failure to prevent fraud, false accounting or money laundering: individual liability
This new clause introduces direct criminal liability for corporate officers who take a decision, or fail to take a decision, that knowingly results in an offence being committed.

A Labour amendment seeks to introduce an Economic Crime Committee of Parliament. This new clause would oblige the Secretary of State to establish an Economic Crime Committee of parliament to examine and oversee regulatory, enforcement and supervisory action against economic crime.

What happens next?

The legislation is currently going through its readings in the House of Lords, after having passed the Commons. Since the government has committed to bringing forward these offences, it is highly likely these will make it into the final law. 

This will probably be passed within the next few months, but there will likely be further guidance to come from HMRC on how the finalised offences will actually work.

Based on the failure to prevent tax evasion and failure to prevent bribery offences, the key element for a business is to ensure they have reasonable or adequate procedures to prevent the offence from occurring. Procedures normally mean:

  • Have a policy on how you will prevent economic crime, including fraud, false accounting, and if relevant, money laundering
  • Undertake a regular risk assessment on fraud and the other offences
  • Risk-based procedures for specific parts of the business, such as gifts registers to prevent bribery
  • Training for all staff, and in particular enhanced training for high risk staff
  • Statements from senior managers around preventing fraud and economic crime
  • Regular reviews and ongoing monitoring of higher risk clients and areas of the business

See our Failure to Prevent Tax Evasion Course and our Failure to Prevent Bribery Course, or contact us for more information.

Download your guide to failure to prevent now and stay on top of this game-changing new regulation that’s set to shake up corporate compliance.

Download the guide

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.