Following an announcement from the Home Office the new corporate criminal offence of failure to prevent fraud will come into force on 1 September 2025. On 6 November 2024 new guidance was published to assist relevant companies navigate the new offence and the prevention procedures to be implemented so that criminal liability can be avoided.
What is the offence?
The offence creates criminal liability for corporates where a fraud is committed by their employees, agents, subsidiaries, or other "associated persons" who provide services for or behalf of the organisation, where the fraud was committed with the intention of benefitting the corporate or its clients. There is however a defence available if an organisation can show that it had in place reasonable procedures to prevent fraud, tailored to the specific risk requirements of the organisation.
The Government has commented that it hopes that this new offence will drive companies to "build an anti-fraud culture, in the same way that failure to prevent bribery legislation has helped reshape corporate culture". Various prosecution agencies have supported the new offence as heralding the return to corporate self-reporting and deferred prosecution agreements.
Who does it apply to?
The offence applies to large organisations irrespective of sector that meet any two of the following criteria:
- More than 250 employees
- More than £36 million turnover
- More than £18 million in total assets
These criteria apply to the whole organisation, including subsidiaries, regardless of where the organisation is headquartered, or where the subsidiaries operate.
What should you do?
For those organisations caught by the new offence, it is essential that steps are taken now to put in place reasonable fraud prevention measures before the offence comes into force on 1 September 2025.
The guidance published by the Home Office provides advice on the procedures that can be put in place for the purposes of establishing an effective defence. The guidance refers to six broad principles, together with more detailed advice, which are intended to inform the approach of an organisation, by reference to their particular circumstances and risk:
- Top level commitment
- Risk assessment
- Proportionate risk-based prevention procedures
- Due diligence
- Communication (including training)
- Monitoring and review
For those companies that are already subject to regulation, the guidance is clear that the fact of compliance with existing regulations (for example, FCA-regulated entities, or those subject to the UK Corporate Governance Code) does not automatically mean that those organisations will have reasonable procedures in place for the purpose of managing their liability in this context. Additionally, the guidance specifically provides that, notwithstanding the remit of auditors to consider the risk of fraud, it will not be possible to rely solely on an audit for the purposes of establishing a defence of reasonable prevention procedures.
Following the publication of the guidance, there are now nine months for organisations to establish an effective fraud prevention framework before the offence comes into force. As Nick Ephgrave QPM, Director of the Serious Fraud Office commented: "The publication of this guidance means that time is running short for corporations to get their house in order or face criminal investigation."