Skip to main content

Clifford Chance

Clifford Chance
Better Business<br />

Better Business

Across the Board

Changes to the landscape for corporate criminal liability in the UK

Reforms will make it easier to prosecute companies for economic crimes

Better business 30 October 2023

The impending introduction of a new corporate criminal offence of ‘failure to prevent fraud’, along with reforms that permit the prosecution of companies for economic crimes committed by senior managers, underscores the ongoing shift towards holding corporates criminally responsible for offences committed by their employees and associates.

Fraud is now the most common crime in the UK, and prosecutors have increasingly expressed their frustration with the challenges in prosecuting companies for economic crimes.  In response, the UK Government has enacted legislation to broaden the circumstances in which corporates can be prosecuted, with the aim of instigating changes in corporate behaviour that will ultimately decrease offending.  We outline these changes below, along with the steps that companies can take to mitigate against the risks arising from these.

At a glance:

1. A new offence of failure to prevent fraud will soon come into force - large organisations may be held criminally liable for failing to prevent fraud committed by employees, agents and other associates of the company.

2. A company will have a valid defence if it can show it had reasonable fraud prevention procedures in place, or that it was an intended victim of the offence. As such, the law effectively places a compliance burden on firms. Businesses should start planning now to review and enhance their fraud prevention procedures.

3. In practice, businesses will have time to prepare and may find they are able to build upon existing compliance programmes that address bribery and tax evasion risks arising from similar ‘failure to prevent’ offences.

4. Separately, the reforms also expand the scope of persons whose criminal conduct can be attributed to a company, as expansion of the identification doctrine will make companies liable for economic crimes committed by ‘senior managers’ – a definition which includes all individuals who play a significant part in the company’s activities.

5. The reforms will come in over the coming months. The failure to prevent fraud offence is likely to come into force next year, once further government guidance has been published. The expansion of the identification doctrine to senior managers will come into force shortly before the end of this year.

 Here are the key implications for UK businesses:

 Have a plan

Having reasonable fraud prevention procedures in place will be essential to reduce the risk of the company being successfully prosecuted for failing to prevent fraud if a fraud occurs. This should also help reduce the occurrence of fraud, including fraud that the company may be liable for by virtue of being committed by a senior manager. These procedures should be implemented globally across corporate groups, given the wide jurisdictional reach of the new failure to prevent fraud offence.

Forthcoming government guidance on the failure to prevent fraud offence will provide important clarification, likely later this year or early next year. However, the government has already indicated certain steps that it expects businesses to take to prepare for the new offence, enabling a degree of planning to take place now.

New corporate criminal offence: failure to prevent fraud
  • Pursuant to this new offence, large companies can be held criminally liable for failing to prevent fraud committed by associates of the company.
  • Associates will include employees, agents and subsidiaries, and may also extend to suppliers, sub-contractors and other similar third parties, depending on the circumstances.
  • To fall within the new regime, the associated person must commit a fraud offence to directly or indirectly benefit the company, or to benefit a person to whom the associate provides services on behalf of the company. 
  • Parent companies can be guilty of the offence where fraud has been committed by an employee of a subsidiary, where the offence was committed for the benefit of the parent company. 
  • The underlying fraud must be a specified fraud offence. These extend beyond the core statutory fraud offences contained in the Fraud Act 2006, to offences such as those concerning false statements by company directors, false accounting, fraudulent trading and cheating the public revenue. A wide range of potential conduct is therefore covered. 
  • There is an exemption for small and medium sized companies. A subsidiary will not be exempt as a small or medium sized company if  the group headed by its parent company meets the 'large company' criteria.
  • The offence will apply to companies wherever they or their associates are incorporated or carry on business, provided the company has failed to prevent one of the specified UK fraud offences. Most of these can be committed either when the relevant acts, or when any gain or loss, occurred in the UK. A non-UK company could therefore be liable for failing to prevent a non-UK associate committing a fraud offence, where the fraud targeted UK victims. 
  • There are two specified defences available. First, a company will not be guilty where it was the intended victim of the underlying fraud offence. Second, a company will not be guilty if it can demonstrate that it had reasonable fraud prevention procedures in place, or that it was reasonable not to have such procedures.
 Fraud risk assessment

One such step is undertaking a fraud risk assessment. Typically, this might look to identify the company’s residual fraud risk rating, considering the level of fraud risk identified and overlaying the adequacy of the company’s mitigating controls. If necessary, remedial action should be taken to bring the company’s residual fraud risk rating within appetite.

The company’s risk registers should be revised and updated to reflect the assessment of the residual fraud risk.

 Culture and tone from the top

Demonstrating a high-level commitment to fraud prevention policies and procedures within the business is crucial. Senior management should not only oversee key actions but should actively convey the company’s approach to preventing fraud and other economic crimes. There should also be a transparent pathway for escalating fraud and other economic crime-related queries or incidents to senior management.

In addition to refreshing relevant policies and procedures, training should take place on these policies and procedures, with consequences of non-compliance outlined. It may be appropriate to tailor training to the role and seniority of individuals.

 Leverage existing processes

Many corporates already have a well-developed approach to financial crime risks and are familiar with ‘failure to prevent’ offences, given the ‘failure to prevent bribery’ and ‘failure to prevent the facilitation of tax evasion’ offences that are already law. Many of the steps that businesses should take in relation to the new fraud offence will be similar in nature to those already being taken in relation to bribery and tax evasion risks, meaning that companies should not need to start from scratch when considering the new offence.

For example, the fraud risk assessment is likely to require the input of many of the same stakeholders who will input into bribery and tax evasion risk assessments, so it may be possible to coordinate elements of these processes. Similarly, it may be possible to expand existing training given on bribery related matters to cover economic crime risks more broadly, including fraud.

 Look beyond fraud to broader economic crime risks

The expansion of the identification doctrine means that companies may be prosecuted for a broad range of economic crimes committed by senior managers. Consequently, companies should reassess their current approach to all economic crime risks, including those not covered by existing ‘failure to prevent’ offences, such as sanctions and money laundering.

If risk assessments related to other economic crime risks, such as bribery or tax evasion, have already been introduced in response to the existing ‘failure to prevent’ offences, it would be prudent to review these now to ensure they remain up to date.

Expansion of the identification doctrine
  • Currently, companies can be prosecuted for criminal offences committed by those considered to be the ‘directing mind and will’ of the company. Typically, this is limited to directors of the company and any delegates who have full discretion to act independently of the directors.
  • The legislative reform expands this rule in relation to economic crimes, providing that companies can be prosecuted for economic crimes committed by a senior manager of the company acting within the actual or apparent scope of their authority. 
  • ‘Senior manager’ will catch any individual who plays a significant role in the decision making, managing or organising of the whole or a substantial part of the business. This is deliberately broad and will extend to, for example, heads of division and members of the executive management team. It would not cover more junior employees who do not hold significant managerial responsibilities.
  • Economic crimes in scope include fraud, bribery, money laundering, tax evasion and financial services offences.
  • This reform is separate from the new failure to prevent fraud offence. There is no defence of reasonable procedures available to the company. If a senior manager has committed a relevant offence acting within the actual or apparent scope of their authority, the company will also be liable to prosecution for the offence.