ECCTA 2023: Guidance for organisations on the failure to prevent fraud offence
The UK government has published its guidance on the implementation of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) in relation to the offence of the failure to prevent fraud.
As expected, the Home Office’s guidance is similar to that issued by the Ministry of Justice in relation to the UK Bribery Act 2010 (UKBA). It establishes a clear outline of the programme businesses will need to implement to evidence that ‘reasonable procedures’ have been put in place to prevent fraudulent behaviour by the company.
The issuing of the guidance sets off a nine-month implementation period (running to 1 September 2025) during which in-scope companies must prepare. The legislation only impacts large companies which are defined as having two out of three of the following criteria: 250 employees, £36m turnover and £18m of assets. Any fraudulent activity caught by the legislation must take place in the UK or have a nexus to the UK.
The guidance is helpful for companies because it aligns closely in its structure to the guidance provided for the UKBA and the Criminal Finances Act 2017 (CFA), in relation to preventing the facilitation of tax evasion, as illustrated in table below. As such the practices and procedures businesses will need should already be familiar.
Legislation | Provision | Legal defence requirement |
UK Bribery Act 2010 | Section 7: Failure of commercial organisations to prevent bribery | ‘Adequate procedures’ in place to prevent any associated person from paying a bribe |
Criminal Finances Act 2017 | Failure to prevent the facilitation of UK tax evasion (Section 45) Failure to prevent the facilitation of foreign tax evasion (Section 46) | ‘Reasonable prevention procedures’ in place to prevent the facilitation of tax evasion |
Economic Crime and Corporate Transparency Act 2023 | Section 199 covers the new offence of the failure to prevent fraud | ‘Reasonable fraud prevention procedures’ in place |
Understanding fraudulent behaviour as defined by ECCTA
The guidance sets out the types of fraudulent behaviour covered by the Act which it defines as ‘base fraud’ and reinforces the fact that the legislation is only interested in fraudulent behaviour that benefits the company. It is not related to fraud committed against the company. This is crucial, as companies need to ensure they focus on the right areas. Many companies are undertaking ‘fraud’ reviews, which focus principally on the controls and activities that prevent fraud against the company, rather than ‘by’ the company. These reviews will not be helpful in preparing a defence under section 199 of the ECCTA.
To get these reviews right, companies need to take account of the definitions of fraud set out in the Act to ensure they have a clear understanding of the types of fraudulent behaviour it includes and where their businesses might be exposed to risk. This will ensure that any review of reasonable procedures is clear, and correctly focused in terms of the defence offered by the ECCTA.
The specified fraud offences are all about ‘outward fraud’ that benefits the company and are listed in the guidance as follows: –
- False representationÂ
- Failure to discloseÂ
- Abuse of positionÂ
- Obtaining services dishonestlyÂ
- False accounting and false statements by company directorsÂ
- Fraudulent trading, andÂ
- Defrauding the RevenueÂ
The guidance provides a number of helpful scenarios which illustrate the type of fraudulent behaviour that is covered. These include an example of a company misreporting its performance to obtain investment and another example of a company misreporting its pollution in order to avoid a fine.
In addition to the failure to prevent offence, the guidance also includes the definition of an ‘associated person’ and, like the UKBA and CFA, the law does not allow an organisation to ‘outsource’ its fraudulent behaviour to another person or organisation.
Reasonable procedures to prevent fraud
To address these issues, the guidance sets out an established programme of activities defined as ‘reasonable procedures’. This follows the well-established six principles from the UKBA: top level commitment, risk assessment, proportionate risk-based prevention procedures, due diligence, communication (including training) as well as monitoring and review. These procedures will be familiar to anyone working in an ethics and compliance function, and it is welcome that the government is helping companies to align activities internally to avoid duplication and overlap.
The guidance emphasises good culture and tone from the top. It warns of the risk of ‘ethical fading’ whereby companies fall into the trap of thinking that this is just the way that things are done. It also sets out more details in the risk assessment section encouraging companies to think about motivation for and incentivisation of fraudulent behaviour. As in the UKBA and CFA guidance, it encourages a proportionate approach to the development of reasonable procedures and asks companies to ensure that their programme is aligned to the actual risks faced.
The alignment with the UKBA guidance and ‘adequate procedures’ logic is striking. Given the many similarities it should be possible for companies to build on their existing foundations to consider fraudulent behaviour by the company and how to prevent it. Many of the concepts of fraud by a company are similar in scope, logic and intent to the offences that a company is trying to prevent under the UKBA. The key new elements that emerge in the guidance are the dangers of greenwashing, false reporting, mis-selling and false claims; and the risks of cheating the public revenue, in whatever form that might take, such as overcharging for goods or services or under-reporting tax obligations.
In response to the legislation, GoodCorporation has been working with clients to help identify the risks of fraudulent behaviour within their organisations, reviewing practices and procedures to ensure compliance with this important piece of legislation. Our framework on Preventing Fraud, which had already anticipated much of what has been included in the guidance has now been updated. To find out more visit our fraud prevention services webpage or contact us directly.