The Economic Crime and Corporate Transparency Bill is soon expected to be passed into law. It creates a new corporate offence of "Failure to prevent fraud" which could see businesses hit with unlimited fines where they have failed to prevent their employees from committing acts of fraud, even if management were unaware of the fraud. We set out key information that employers need to know about this new offence and what action to take to avoid liability.
When could your organisation be liable?
An organisation will be guilty of failing to prevent fraud if a person associated with their organisation (for example, an employee or agent) commits a specified fraud offence with the intention of benefiting, whether directly or indirectly, the organisation.
The list of relevant fraud offences caught by this new rule are set out in Schedule 13 of the Bill and include false accounting, fraudulent trading and obtaining services dishonestly.
The range of persons for whose fraudulent actions an organisation could be liable is broad. It includes anyone who “performs services for or on behalf of” the organisation. This could, for example, include consultants, secondees, non-executive directors and volunteers.
Does the fraud have to benefit your business?
For an organisation to be liable, the fraudulent individual must commit the fraud offence with the intention of benefiting, directly or indirectly, the organisation. It is unclear whether the organisation will be liable where the fraudulent individual commits the offence for purely personal gain, with no intention of benefiting their employer, even if there is an unintentional gain for the employer. However, given the government’s stated intention to discourage organisations from turning a blind eye to fraud by employees which may benefit them, the offence is likely to capture fraud which inadvertently benefits an organisation with the fraudster’s intention being largely irrelevant.
An organisation may also be liable, even where it does not, itself, benefit from the fraudulent action. The offence captures fraudulent offences intended to benefit persons to whom the fraudulent employee provides services on behalf of their employer, for example, if an employee commits a fraud offence to benefit one of their employer’s clients, the employer may be liable for the fraudulent act.
Can you escape liability if you had no knowledge of the fraud?
There is no requirement for the employer to have knowledge of the fraudulent actions of their employees. Failing to prevent fraud is a strict liability offence, which means that management does not need to have sanctioned or even be aware of the fraud in order to be found liable.
Is there any defence available?
Employers can, however, be reassured that they will have a defence if they can demonstrate that, at the time when the fraud was committed, they had in place “such prevention procedures as it was reasonable in all the circumstances” to expect them to have. The government will be under a statutory duty to publish guidance on what preventative procedures are considered reasonable, although these will inevitably be nuanced and employers will no doubt need to exercise their discretion and independent judgement as to what procedures should be put in place. The new offence will not come into force until the government publishes this guidance.
There may also be circumstances where it is reasonable for an organisation to have no fraud prevention procedures in place, for example, organisations where the risk of fraud is extremely low. In such a case, the employer may still be able to benefit from the defence to failure to prevent fraud.
Are smaller businesses exempt?
Only large organisations will initially be liable for failing to prevent fraud. For these purposes, a large organisation is defined as a corporate body or partnership which satisfies two or more of the following conditions:
- Turnover of more than £36m
- Balance sheet total of more than £18m
- More than 250 employees (taken as an average across the twelve months preceding the year in which the fraud offence was committed)
What can your organisation do now to mitigate the risk of liability?
It is uncertain when the government will publish its guidance and the new offence will come into force. In the meantime, organisations should take the following steps to prepare for the new rules:
- Identify the types of people performing services for or on behalf of your business, including external consultants, casual workers, secondees, etc. (for whose fraudulent actions your organisation could become liable).
- Conduct a risk analysis of fraudulent behaviour across your business, highlighting areas of high risk.
- Review and expand existing fraud prevention policies and procedures.
- Update HR policies, including disciplinary and whistleblowing procedures.
- Review employment contracts.
- Consider staff communications and training.