Recent weeks have seen several notable developments in the UK criminal enforcement landscape:
- The UK government (HMG) has committed to publishing “in early summer” its much-anticipated guidance on what in-scope corporates need to do to be able to avail themselves of the reasonable procedures defence to the new strict liability corporate offence of failing to prevent fraud.
- The Director of the Serious Fraud Office (SFO) has also reiterated his desire for the agency to bring the first prosecution under the new offence.
- The National Crime Agency (NCA), the UK’s lead law enforcement agency for serious and organised crime, has been granted new statutory powers to direct the SFO to perform specified tasks where the matter involves serious or complex fraud, emphasizing the increased formal (and informal) collaboration between UK law enforcement agencies on fraud investigations.
The New Failure to Prevent Fraud Offence: Guidance and Enforcement Risk
The new strict liability corporate criminal offence of failing to prevent fraud is due to come into force later this year. The new offence forms part of a suite of significant measures contained within the Economic Crime and Corporate Transparency Act 2023 (the Act)—including a new broader means of corporate criminal attribution that is already in force—that make it significantly easier for corporate criminal wrongdoing to be investigated and prosecuted in the UK. Previous alerts discussing the new measures in detail can be found here and here.
Once the Act is in force, the new offence provides that large UK and foreign corporate entities face potentially unlimited fines if a person associated with them (broadly, anyone who performs a service on their behalf, including employees and contractors) commits a specified fraud offence intending to benefit the entity or anyone else to whom the associate provides services on behalf of the entity. A large foreign company whose employee commits fraud in the UK, or targets UK victims, for the company’s benefit would, in the absence of being able to establish that it had reasonable fraud prevention procedures in place, potentially be liable under the new offence.
No offence can be committed where the corporate entity was, or was intended to be, a victim of the underlying fraud. Critically, the Act provides a statutory defence for the corporate entity where it had in place fraud prevention procedures that were “reasonable in all the circumstances” or where it was not reasonable in all the circumstances to expect the entity to have any fraud prevention procedures in place.
Before the offence comes into force, HMG is required to issue guidance containing further details on what constitute reasonable fraud prevention measures. When the guidance will be issued and what it will say are inevitably of interest to in-scope corporates as they prepare for the introduction of the new offence.
When and What?
On 2 May 2024, in a written response to a parliamentary question, Lord Sharpe of Epsom confirmed that HMG hopes to publish the guidance “in early summer” and that the offence “will come into effect after an implementation period of six months” following the issuance of the guidance. In practice, this means that the guidance is due imminently and the new offence will not come into effect before the end of 2024 or the start of 2025, at the earliest.
The precise ambit of the final guidance remains unknown, but we can be confident that it will not deviate far from the six nonprescriptive principles found in the Ministry of Justice–issued UK Bribery Act guidance, namely:
- risk assessment;
- due diligence;
- proportionate procedures;
- communication (including training);
- monitoring and review; and
- top-level commitment.
Of these, putting in place a documented risk assessment is likely to be both the starting point and the central tenet of any reasonable fraud prevention procedures. The focus of the risk assessment should be on supplementing existing or previous risk assessments (for example, prior bribery, money laundering and facilitation of tax evasion risk assessments) to take into account any additional areas of the business where associated persons could commit fraud that benefits the organization. The breadth of the specified fraud offences means that criminal liability could technically attach to a wide range of corporate conduct. Amongst many other areas, this might include:
- financial and regulatory reporting (asset valuations, related-party disclosures, revenue recognition practices and liability statements);
- nonfinancial reporting (ESG disclosures and modern slavery statements);
- asset management (processes and controls around procurement and cash/inventory);
- tax (corporate tax, transfer pricing and goods classification); and
- M&A activity (representations to investors, buyers and sellers).
A Real Threat of Enforcement?
While a key objective of the new offence is to drive corporate cultural change and encourage corporates to prevent fraud from taking place in the first instance, the enforcement risk to in-scope corporates should not be overlooked. Giving evidence to the UK Parliamentary Justice Committee on 14 May 2024, the Director of the SFO was clear, “I want [the SFO] to be the first organization to take a prosecution forward based on the duty to prevent fraud … that would be a wonderful thing to do.”
NCA Tasking Order
On 10 May 2024 the National Crime Agency (Directed Tasking) Order 2023 came into force, granting the Director General of the NCA the power to task the Director of the SFO on matters relating to the investigation of suspected incidents of serious or complex fraud.
However, the NCA is precluded from directing the SFO in respect to its prosecutorial functions and must pay the SFO for the expense incurred by the SFO in performing the directed investigative activity. Notably, the order amends section 2 of the Criminal Justice Act 1987 to permit the SFO to exercise its compulsory powers (compelling companies and individuals to provide the SFO with relevant documentation and information and in respect to which failing to comply without a reasonable excuse is a criminal offence) for purposes of following a direction given by the NCA.
Long-term writers of SFO jeremiads will conclude that this is the first step towards the ultimate closure of the SFO and the agency being folded into the NCA (a proposal now almost a decade old, first proposed by then Home Secretary Theresa May). Others will say it is nothing more than a formal addition of the SFO’s investigative powers of compulsion to the NCA’s toolkit, in appropriate cases, and the inverse of the regular tasking of the NCA by the SFO to make use of the NCA’s powers of arrest. The truth probably lies somewhere between the two positions. What cannot be argued against is the increasingly collaborative nature of serious and complex fraud investigations in the UK. One need only look at the list of those other agencies and relevant third parties involved in the five SFO investigations opened since the new Director took office in September 2023: company administrators (Safe Hands Plans Limited), the Solicitors Regulation Authority and the Metropolitan Police (Axion Ince), the NCA and the UK Civil Aviation Authority (AOG Technics Ltd) and the NCA (the Signature Group and the Carlauren Group).