The Economic Crime and Corporate Transparency Bill is to introduce new powers for UK authorities to prosecute organizations for failing to prevent fraud committed by their agents, or employees. Championed as a “game changer” in some quarters, the bill is still working its way through Parliament and has received real interest and support from across the spectrum throughout that journey. With fraud estimated by a Justice Committee report in October 2022 to account for more than 40% of all recorded crime[1] and by other sources to cost the UK £137 billion in 2021,[2] is the new bill destined to succeed?
Scope of the New Offense
The bill is still completing the Report stage of its progression through and therefore still has some way to go before it is finalized, but as drafted it will not affect small and medium businesses, or individuals, applying only to large organizations and agents, or associates, acting on their behalf.
The jurisdictional reach of the bill appears to be wide, however, and will apply extra-territorially to overseas organizations where employees commit fraud under UK law, or target UK victims.
Another key area is that, as currently defined, agents or “associated persons” of an organization will likely automatically include subsidiaries. This definition is wider than that specified under the UK Bribery Act, where subsidiaries are considered to be associated only in instances where they carry out activities on behalf of the parent organization.
Offenses Covered
While early discussions of the bill also considered the inclusion of a failure-to-prevent provision for sanctions and money laundering, these are not included in the current draft of the bill, with an acknowledgement that money laundering responsibilities are covered in existing legislation.
Schedule 10 to the current bill provides a comprehensive list of the fraud offenses that fall under the new bill, which include:
- The main acts of fraud under the Fraud Act 2006 (false representation, failure to disclose, and abuse of position)
- Obtaining services dishonestly
- False accounting
- The making of false statements by company directors
- Fraudulent trading as outlined under the Companies Act of 2006
- Cheating or defrauding the public purse
The new offense also requires the agent’s intention to derive benefit, directly or indirectly, for either their organization or those to whom services are provided, so it is likely that the interpretation of indirect benefit will spark further debate; for example, how would the law apply to an employee motivated in the main by personal gain, but who also knew (and intended) their actions would be to the benefit of their employer?
Areas Likely to Be Affected
Areas that are likely to benefit therefore include:
- those making misleading environmental claims to end users on behalf of their employers about products; and,
- the mis‑selling of, for example, financial products to a customer where the product was unsuitable and a commission was earned on the sale.
Digital Fraud Unlikely to Be Affected
As it stands, however, there are several key areas that are not covered by the bill, including internal fraud where the company is a victim, such as expenses fraud, and external fraud through digital channels. The last of these, cyber crime, or online-enabled fraud, now accounts for 53% of all fraud,[3] which would equate to over £70 billion at levels estimated for 2021.[4] Since the perpetrators of online scams are not typically agents or employees of search engines (or other platforms on which these scams are usually found), the new offense would not cover a search engine that ran an advert promoting a scheme later exposed as fraudulent, for example.
Defense—Reasonable Procedures
Under the new failure-to-prevent bill there will also be a complete defense in a familiar form, as found under the UK Bribery Act, for those organizations able to demonstrate reasonable procedures to prevent and detect fraud. Businesses covered by the bill will therefore need to conduct detailed and thorough fraud risk assessments to:
- identify their inherent fraud risks;
- evaluate the current controls environment; and,
- assess residual fraud risk.
To truly protect themselves against fraud, organizations covered by the bill would be unwise to limit the scope of the fraud risk assessment only to the offenses covered by the current draft.
The risk assessment should also be repeated periodically, to take account of the efficacy of the controls implemented in preventing fraud and adapt to the inevitable changes in the risk and operating environments as the business moves forward.
Cost of Implementation
The extent of the initial and ongoing work required to comply with the bill are reflected in expected costs of between £358 million and £452 million in the first year, and £47 million and £61 million annually thereafter, as estimated in the bill’s Impact Assessment.[5] While acknowledging both that not all fraud is perpetrated by large organizations and their associates, and that these are not trivial sums, even at the upper limit they amount to only 0.7% and 0.1%, respectively, of the total estimated non-digital UK fraud in 2021.
Next Steps
While some argue that the bill could potentially have gone further, particularly regarding smaller organizations and scope, it is of note that the existing bill provides for potential future extension—via Statutory Instrument—and the bill still has yet to be finalized. The new offence is unlikely to herald an end to the UK corporate criminal reform process and, while not a game changer in its current form, nor—yet—squaring up to some of the thornier areas of fraud today (such as via digital scams), it is part of the answer and should be a useful platform upon which to build.
With the bill expected to pass into law in the second half of 2023, large commercial organizations should ensure they have a robust risk assessment process in place and a fraud framework supported by procedures which are effective from both a design and operational perspective.
As with all workplace behaviors, the strength of the culture in which a business operates is always fundamental, so senior management should also take the opportunity to consider the tone from the top, discuss widely, and help embed an anti-fraud message along with changes in the control environment—in short, to encourage their associates to act with integrity.
___________________________________________
[1] “Fraud and the Justice System,” Justice Committee Report (22 October 2022), par. 3, https://publications.parliament.uk/pa/cm5803/cmselect/cmjust/12/report.html#heading-0.
[2] Jim Gee and Mark Button, “The Financial Cost of Fraud 2021—The Latest Data from Around the World,” Crowe UK (2021), p. 20, https://www.crowe.com/uk/insights/financial-cost-fraud-data-2021. Applying the global average loss rate due to fraud implies total losses to fraud of £137 billion each year, possibly more.
[3] “Fraud and the Justice System,” par. 3.
[4] “The Financial Cost of Fraud 2021,” p. 20.
[5] “Impact Assessment,” The Home Office, 23 November 2022, p. 2, https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1149596/Impact_Assessment_for_Failure_to_Prevent_Fraud__Home_Office_.pdf.