Your Liability for Fraud: Are You Looking the Right Way?

A new criminal offense in the UK imposes liability on corporates that fail to prevent certain fraud offenses (i.e. a predicate offense) being committed by their agents, employees and other third parties acting on the company’s behalf such as, contractors, service providers and even subsidiaries and affiliates.

The “failure to prevent fraud” offense, set out in the Economic Crime and Corporate Transparency Act 2023, comes into force Sept. 1. Like other corporate financial crime offenses in the UK, it is a strict liability offense, leaving corporates criminally responsible regardless as to their knowledge or endorsement of the underlying criminal offense. The only defense is to have “reasonable fraud prevention procedures.”

Corporates have long considered their fraud risks and taken steps to manage them. However, what differs with this new offense is that it focuses on outward rather than inward fraud. Most corporate compliance programs focus on protecting the corporate’s assets from fraud in a situation where the corporate would be the victim (inward fraud). This offense protects the public from frauds committed on the corporate’s behalf — outward fraud — and consequently many corporate compliance programs will simply not be up to scratch to mitigate the risks of the new offense.

Fraud under the new offense

The offense specifies seven underlying or predicate fraud offenses for which corporates can be liable. These predicate offenses are extremely broad.

In particular, fraud by false representation criminalizes any reckless or deliberately dishonest false representation made in order to obtain a gain for the corporate (or loss for another, such as a competitor). What non-UK lawyers often find surprising is that this offense is committed at the point of making the representation; in other words, it is a pure conduct offense. It does not matter whether the potential victim believes it, goes through with a transaction or suffers an actual loss. Statements do not need to be untrue to be false; simply misleading is sufficient.

In addition to fraud by false representation, there are a range of less-obvious offenses capable of being predicate offenses, such as false accounting, false statements by directors, obtaining services dishonestly and cheating the public revenue (a common-law offense amounting to causing a loss to the UK Government).

Together, these offenses create risks for a wide range of business activities and divisions. Activities related to marketing, promotion, sales, reporting and investor relations are all likely to have some degree of additional risk. To manage these new risk exposures, corporates should consider direct representations made to specific individuals, as well as representations made to the world at large, such as in investor reports and on websites (even a representation on a website is capable of being a disclosure to the market).

Compliance

UK Corporate Crime Law Puts ‘Senior Managers’ in the Hot Seat

by Ben Boorer

January 23, 2025

As Britain’s landmark economic crime law takes effect later this year, organizations face expanded liability and unclear guidance on compliance

Read moreDetails

Extreme extra-territoriality

The new failure to prevent fraud offense has a very broad territorial scope.

The offense will apply if any part of the predicate fraud offense has a UK nexus. That is, where any act or omission occurs in the UK or where any of the parties (including potential victims) involved are UK individuals, regardless of their actual presence within the territory of the UK. This includes non-UK corporates that sell or market to UK persons. False representations made on websites are, therefore, particularly susceptible because of the conduct nature of fraud by false representation.

Listed entities on foreign stock markets will also need to be cautious in cases where they have UK investors. Practically, this means that most corporations listed on exchanges outside the UK will need to comply with the new rules, even if they have no operations within the UK. Consequently, the new offense opens a non-UK listed corporate to the specter of parallel proceedings from its domestic regulator or exchange and the UK’s Serious Fraud Office in cases where it has made false representations to an international class of investors.

Many corporates will be unknowingly caught within the scope of this new offense by virtue of its extreme extra-territorial application.

Reasonable fraud prevention procedures

Corporates may avail themselves of a statutory defense if they can demonstrate that they had in place reasonable fraud prevention procedures at the time the predicate offense was committed.

The UK government has issued guidance as to what may constitute reasonable prevention procedures. There are six principles covering management tone, risk assessments, proportionate policies and procedures, due diligence, communication and training, and monitoring and continuous improvement. These closely mirror the guidance on adequate procedures under the Bribery Act 2010.

As noted above, many corporates will have in place a compliance program to address fraud risks. Corporates in regulated markets or that are listed may already have regulatory obligations in this regard.  However, such obligations likely only focus on inward fraud risk, where the corporate, and indirectly its shareholders, are the victim. Additionally, controls in place to manage inward fraud will typically focus on finance teams.

Corporates will need to conduct risk assessments, identify their third parties and the representations they are capable of making (whether authorized or not) and the potential harm that could occur. These considerations are likely to focus controls on a different and potentially larger group of internal teams and divisions: sales and marketing, investor relations, public relations and communications seem to be obvious higher risk activities.

Four things to think about first

Corporates have approximately seven months (at the time of writing) to implement reasonable fraud prevention measures. Corporate counsel and compliance professionals should consider the following four priority items quickly to this incoming risk:

• Conduct, update or renew fraud risk assessments: Fraud-specific, and particularly outward fraud-specific, risk assessments are a priority to prepare. Assessments should identify the risks, current controls and necessary additions to mitigate or manage outward fraud risks.
• Review your due diligence processes: Implementing effective and proportionate due diligence procedures is essential to managing outward fraud risk. This can take time, will likely require significant upskilling and may need technical support and/or involvement from many different internal stakeholders. The sooner your review starts, the better.
• Consider what representations will exist on Day One: Review your current representations — particularly on higher risk or controversial topics like representations about products, climate impacts, ESG issues and financial positions. Some of these are likely to be tightly managed. Any that are not may need to be removed or updated prior to the new offense coming into force.
• Develop a plan to make this business as usual: Consideration should be given to how to manage the new offense risks on an ongoing basis and proportionately with other compliance risks. This could mean incorporating risk assessments into annual processes, bringing outward fraud within the scope of internal reviews and audit or using existing training models to deliver risk-based training.