A. Background
In May 2023, the UK government published its “Fraud Strategy” paper in which it set out its plan to reduce fraud on 2019 levels by 10% by December 2024.1 The UK government has now made it easier to prosecute companies for economic crime offences.
The Economic Crime and Corporate Transparency Act 20232 (the Act) follows the Economic Crime (Transparency and Enforcement) Act 2022 in handing new tools to prosecutors and authorities to tackle economic crime.
The most significant changes that feature in the Act are the introduction of a new “failure to prevent fraud” offence and the replacement of the common law “directing mind and will” test for corporate criminal liability for economic crimes with a new statutory “senior manager” test.
Under the former framework, organisations could only be held criminally liable for fraud offences where it could be shown that there was a “directing mind and will” of the company involved.
The High Court in 2018 stated that to be considered a “directing mind and will” of the company, the individual directors need to be the ultimate decision maker; that is, they needed to have fully delegated to them the responsibility and authority to do the act in question, with Lord Justice Davis setting out at paragraph [122] of the judgment:
“[T]hat the individuals had some degree of autonomy is not enough. It had to be shown, if criminal culpability was capable of being attributed to [the company], that they had entire autonomy to do the deal in question”.
As a result, it has been markedly more difficult for prosecutors to establish corporate liability for a company’s principal decision-makers for an offence in large companies where there are often numerous layers of management and decentralised business decisions. Conversely, it has historically been much easier to prosecute smaller companies, which will invariably have fewer directors and less formal delegation to subcommittees.
B. The key changes
The “senior manager” test
How is “senior manager” defined?
Under the new test, an organisation can be held criminally liable under the so-called “identification doctrine” if a senior manager “acting within the actual or apparent scope of their authority” commits a relevant crime. Only specified economic crimes are in scope so the elevated liability will only apply where any of those offences are committed.
A senior manager is defined as “an individual who plays a significant role in:
i. the making of decisions about how the whole or a substantial part of the activities of the body corporate or (as the case may be) partnership are to be managed or organised; or
ii. the actual managing or organising of the whole or a substantial part of those activities”.
The person’s actual title will be irrelevant providing they fall within the scope of the definition.
What offences are in scope?
The Act applies the senior manager test to a broad spectrum of relevant, principally economic offences including theft, false accounting, fraud, fraudulent trading, bribery, money laundering, terrorist financing and certain tax evasion offences.
Practical application
The senior manager test applies to senior managers of a body corporate or partnership, with the definition of a body corporate including those incorporated outside of the UK. This is in contrast to the failure to prevent offence (which applies only to “large organisations”), as the senior manager offence applies to all organisations, regardless of size.
It can therefore be assumed that offences will be capable of being committed by senior managers who are UK nationals or are foreign nationals who commit an offence in the UK or are located in the UK at the time of the offence.
This may give rise to a situation whereby a non-UK domiciled company, with UK senior managers, is found liable for an offence committed by those managers.
The scope of the offence is limited, however, in that where a relevant offence is committed wholly outside of the UK, an organisation will not be liable unless it would be guilty of that offence were it to have been committed by the organisation itself and not the senior manager.
The senior manager offence came into force on 26 December 2023, two months following the Act receiving Royal Assent, meaning that organisations need to be alive to the increased risk posed by the extension of corporate criminal liability in this area, which is discussed in more detail below.
The “failure to prevent fraud” offence
The “failure to prevent fraud” offence expands corporate criminal liability by holding a “relevant body” accountable where they or their customers were intended to benefit from fraud committed by an associated party and have failed to have reasonable prevention procedures in place.
The offence is one of strict liability with a statutory defence of having reasonable policies and procedures in place to prevent fraud.
Unlike the senior manager offence, the failure to prevent fraud offence has not yet come into force and will do so following the release of guidance by the UK government. This guidance is expected imminently, initially being planned for Q1 2024, with the offence to come into force following a brief preparatory period, which could be as little as six months meaning that the offence should come into force by late 2024.
Who is in scope?
The scope of the offence has been subject to continued scrutiny and amendments by the House of Commons and the House of Lords with the latter favouring a broad approach to capture all organisations. The offence is, as initially proposed, limited to “large organisations”, to avoid disproportionate regulatory burdens on small and medium-sized enterprises (SMEs).
The definition of a “large organisation” covers companies and partnerships where two or more of the following conditions in the financial year that precedes the year of the fraud offence are met:
(a) A turnover of more than £36 million
(b) A balance sheet total of more than £18 million
(c) A total number of employees of more than 250
In contrast to the senior manager test, the failure to prevent fraud offence applies to “relevant bodies”, which means a “body corporate or a partnership (wherever incorporated or formed)” that meets the test for a large organisation. Non-UK entities are therefore in scope.
A “relevant body” will commit an offence where there is a failure to prevent fraud by an “associate” with this definition, including:
(a) An employee or an employee of a subsidiary, agent or subsidiary undertaking; or
(b) A person who otherwise performs services for or on behalf of the relevant body.
What offences are in scope?
An organisation will be liable where a specific fraud is:
(a) Committed by an “associate”;
(b) For the benefit of the organisation or any person to whom services are provided on behalf of the organisation; and
(c) The organisation did not have reasonable fraud prevention procedures in place (unless it was not reasonable to expect them to have such procedures).
The following offences will be in scope:
- Fraud by false representation (section 2 Fraud Act 2006)
- Fraud by failing to disclose information (section 3 Fraud Act 2006)
- Fraud by abuse of position (section 4 Fraud Act 2006)
- Obtaining services dishonestly (section 11 Fraud Act 2006)
- Participation in a fraudulent business (section 9 Fraud Act 2006)
- False statements by company directors (section 19 Theft Act 1968)
- False accounting (section 17 Theft Act 1968)
- Fraudulent trading (section 993 Companies Act 2006)
- Cheating the public revenue (common law)
An interesting omission in the above list is money laundering offences, the explicit exclusion of which was subject to a House of Commons vote, meaning that those offences will continue to be covered by the pre-existing Money Laundering Regulations. It should also be noted that the Act specifically envisages offences being added to the list, including relevant money laundering offences under the Proceeds of Crime Act 2002.
The types of conduct that can be caught by the new offence are broad and could include the misconduct of an employee or agent in reference to warranties, and representations in transaction documents, prospectuses, annual reports and insurance claims might also lead to an organisation being liable.
Which organisations are in scope?
The UK government released a factsheet during the legislative process which stated in relation to jurisdiction that “If an employee commits fraud under UK law, or targeting UK victims, their employer could be prosecuted, even if the organisation (and employee) are based overseas”.3
There are no territorial qualifications on who is caught by the definition of an “associate” within the Act, and it remains to be seen whether this will be clarified further in later (presumably non-binding) guidance.
Accordingly, in addition to the possibility of foreign companies being liable where they maintain a UK presence or subsidiary, there is also the possibility of liability where an offence is committed within the UK regardless of the domicile of the body corporate or partnership.
It would also appear that jurisdiction will be predicated on the underlying fraud offence committed. This may mean that a relevant body can be liable under a failure to prevent offence, even where it has no UK presence, if an associate commits an in-scope offence.
Practically, this allows for a foreign organisation to be prosecuted under the failure to prevent offence where, for example, it fails to prevent an associate, whether they are a UK-based associate or not, from committing an offence outside of the UK where there is an intended loss or gain in the UK.
C. How will the new offences impact organisations?
These changes should make it significantly easier for UK authorities to hold organisations accountable. The “failure to prevent” offence and the “senior manager” test supplement each other to make it more likely that organisations can be successfully prosecuted and fined for economic crime offences.
Organisations prosecuted under the new offences are expected to face unlimited fines, and sentencing will likely be akin to the Sentencing Council Guidance for fraud, bribery and money laundering.
When looking at what will constitute “reasonable procedures” by way of a defence to liability under the failure to prevent fraud offence, the guidance will likely follow that set out in the Ministry of Justice Guidance on the UK Bribery Act and the “reasonable procedures” laid out in the HMRC guidance to the Criminal Finances Act 2017.
What is the extra-territorial effect of the new offences?
The definition of a “body corporate or partnership” within the senior managers offence includes those incorporated outside of the UK meaning a non-UK company could be liable where an offence is committed by a UK national senior manager or a foreign national, where the offence is committed in the UK.
On the failure to prevent fraud offence it is likely that foreign organisations can be caught where an employee or agent commits fraud under UK law, or targeting UK victims provided the organisation meets the “large organisation” definition.
When do the offences come into force?
The senior manager offence came into force on 26 December 2023, two months following the Act receiving Royal Assent.
The failure to prevent fraud offence has not yet come into force and is awaiting the publication of guidance by the UK Home Office, following which there will likely be a six-month adjustment period before the offence comes into force. On this basis it is expected that the failure to prevent provisions will be in force towards the end of 2024.
Practical steps
Organisations should look to take the following steps:
- Conduct risk assessments specifically focused on fraud risk and the risk of other economic crime and/or review any such assessments previously carried out to see if they remain fit for purpose.
- Review and amend policies and procedures to account for these risks in a proportionate way.
- Train employees, agents and senior management to identify risks and to mitigate them if they are spotted.
- Ensure appropriate methods are in place for reporting and reviewing any suspicions.
- Identify individuals and relevant roles that may fall into the definition of “senior manager” and consider whether additional training is required.
- Establish procedures for the ongoing monitoring of the above to ensure continued compliance.
Failing to take adequate steps could lead to a potential world of pain for organisations where it is clearly the purpose of the Act to make it easier to target organisations for economic criminal offences.
While it is too early to say whether the new offences will see a marked uptick in prosecutions, it is clear that the compliance landscape for organisations has now changed and become more onerous.
- gov.uk
- legislation.gov.uk
- gov.uk
In-depth 2024-068