Applicability of the offence
Pursuant to section 199 of ECCTA, a large organisation will commit a criminal offence where an employee, agent, subsidiary, or other “associated person”, commits a fraud intending to benefit the organisation , unless it can demonstrate that it had in place reasonable fraud prevention measures to prevent such misconduct.
The Government reinforced the purpose of the creation of the Offence in its Guidance: to encourage organisations to take greater responsibility for fraud prevention, whilst implementing more effective prevention measures.
Although the Guidance sets out good practice for all organisations, the Offence itself only applies to large , incorporated companies and partnerships across all economic sectors in the UK. The Offence also applies to companies and partnerships incorporated or formed outside the UK, if the base fraud offence was committed under the law of any part of the UK.
The categories of fraud that fall within the scope of the Offence differ slightly between England & Wales, Northern Ireland and Scotland, but broadly include practices such as fraudulent trading; fraud by false representation; participation in a fraudulent business; false accounting; and obtaining services dishonestly.
Relatedly, for the individual to be considered an “associated person”, they must be operating in the capacity of a person associated with the large organisation at the time of committing the fraud (and not, for example, in their personal life).
If convicted, the penalty for a large organisation will likely be a significant fine.
What should organisations do to in preparation?
The Guidance proposes six principles, which should inform the fraud prevention measures implemented by large organisations. However, the Guidance is emphatic in its instruction that the principles are flexible and to be applied proportionately. Large organisations are encouraged to look beyond the wording of the Guidance, to consider their sector-specific needs, risks and existing regulations.
The six principles will be familiar to most large corporates – they mirror the UK Bribery Act and the Criminal Finances Act as they apply to the corporate criminal offences of failure to prevent bribery and the facilitation of tax evasion respectively.
- Top level commitment - which emphasises the role of senior management, partners and directors in leading the charge against fraudulent activities within large organisations. This includes clear governance, formal statements of commitment and leading by example. An open, anti-fraud culture should be established from the top down.
- Risk assessment – the cornerstone of every robust compliance regime, which requires large organisations to assess, record and review the risk of associated persons committing a fraudulent act within the scope of the Offence. Amongst the practical recommendations made by the Guidance in this regard, organisations are prompted to remain focused on the three key elements of a fraud offence, namely “opportunity, motivation and rationalisation”.
- Proportionality - a vital consideration in the implementation of fraud prevention measures. Proportionality is twofold; risk and potential impact should be taken into account. Large organisations with particularly complicated practices may need to implement more stringent prevention measures, whilst those operating under existing regulatory regimes should consider whether they are already compliant with the Guidance, potentially reducing their workload.
- Due diligence - which many large organisations will already undertake in relation to employees, clients and those providing services for them. Due diligence procedures in consideration of the Offence should have a specific focus on fraud-based risk and should be conducted on all associated persons.
- Communication - referring specifically to the effective communication of fraud prevention and whistleblowing policies within an organisation. Such policies need to be imbedded at each level of an organisation, with senior and middle management ensuring that they do not undermine organisational standards themselves. The Guidance also encourages communication through frequent and specific training, and publicising the outcome of fraud investigations as a deterrent for fraudulent behaviour. The latter will need to be handled with care.
- Monitoring and review - it is crucial that organisations continuously monitor, review and update their fraud prevention measures. This involves detecting fraud attempts; carrying out investigations; and continuously assessing the effectiveness of fraud prevention measures. An organisation should seek internal and external feedback on its fraud prevention measures, remaining alive to changes in the wider risk environment.
Next steps
It will be important for organisations to consider whether they fall within the scope of the offence, both in terms of size and territoriality. However, the Government does advise that all organisations adhere to the Guidance as a means of good practice.
An organisation will then need to determine what changes need to be made, taking into account the Guidance and any existing or overlapping regulatory regimes.
The Offence will come into force on 1 September 2025; large organisations will have less than a year to make essential and potentially substantial changes to their fraud prevention procedures if they are to successfully embed reasonable procedures to prevent fraud.
Nick Ephgrave, Director of the Serious Fraud Office, has highlighted this urgency, stating “The publication of this guidance means that time is running short for corporations to get their house in order or face criminal investigation” . It therefore seems pertinent that organisations begin to implement changes as a priority, obtaining legal advice if they have any uncertainties.
