The Failure to Prevent Fraud Offence: Are you prepared?
The Failure to Prevent Fraud Offence: Are you prepared?
On 26th October, the Economic Crime and Corporate Transparency Act (the ECCTA) received Royal Assent, introducing the "Failure to prevent fraud offence" into the UK law.
This new offence puts responsibility onto businesses to be proactive in their fraud risk management initiatives. There is no better time than now to review and update your organisation’s fraud risk management strategy, making ensure it considers emerging risks and controls so that your organisation is well equipped to deal with fraud when it happens.
What does the ‘failure to prevent fraud’ offence mean?
For many businesses, the new ‘failure to prevent fraud’ offence will bring big changes. It may even change the way they operate, as the ECCTA will require businesses to take responsibility to embed appropriate fraud prevention measures.
Under this new legislation, a large organisation will be liable if a “associated person” commits a fraud offence intending to benefit the organisation (whether directly or indirectly). The only defence would be that the organisation had reasonable fraud prevention procedures in place or could demonstrate that it was reasonable not to have such procedures in place. The offence would lead to prosecution, resulting in financial penalties of potentially unlimited fine in addition to reputational damage, regulatory scrutiny and loss of business opportunities.
An "Associated Person" is defined as an employee, agent, or subsidiary of the organisation, as well as any others who perform services for or on its behalf which potentially could extend to the organisation’s suppliers.
Fraud can have devastating consequences for not only individuals but also businesses, employees, shareholders and other stakeholders. The introduction of this new offence should encourage businesses to prioritise fraud prevention and ensure they have robust measures in place to protect their interests and those of their stakeholders. The potential for an unlimited fine should be act as a warning to any business which may have previously put ‘fraud risk management’ on the back burner.
Does the legislation apply to my business?
It applies directly to large organisations in all sectors who meet two or more of the following criteria below:
- More than 250 employees
- More than £36million turnover
- More than £18million in assets
Small and medium sized businesses are currently exempt from the legislation, although the legislation includes a power for these requirements to be modified or removed.
Even if your business is exempt from the legislation due to its size, there are sound business reasons to understand and even comply with the legislation. This is an excellent opportunity to reassess your business’ fraud risk management and appreciate the long-term benefits of implementing an effective fraud risk management framework. You may also be planning for growth that will take your organisation into the scope of the legislation. In this case, we would advise you to prepare to comply with the legislation as soon as possible. Finally, your organisations may be the “associated person” of a large organisation who will require their business partners to have a reasonable fraud prevention procedure in place.
What does my organisation need to do now?
The Government will publish specific guidance to support organisations in relation to the procedures deemed ‘reasonable’ in preventing fraud but has not stated when. However, we anticipate it will align with the guidance for the UK Bribery Act and the Corporate Criminal Offence under the Criminal Finances Act. In the meantime, businesses can take several steps to prepare and work towards compliance, including considering the following questions:
- When did your organisation last undertake a Fraud Risk Assessment (strategic and/or operational), and how often are your key controls evaluated for relevance and effectiveness?
- What is your organisation’s anti-fraud culture and what is the quality of the fraud awareness training, if provided, for your staff?
- Does your organisation have a fraud policy, and when was the last time you updated your fraud policy to ensure they are in-line with current legislation, best practice and addressing the emerging fraud risks that your business faces?
- How effective are your whistleblowing arrangements? Would your staff know what to look for and how to respond to suspicions of fraud?
- How does your organisation respond to allegations of fraud? Do you carry out root cause analysis of the misconduct and implement measures to mitigate the issues?
- Does your organisation carry out due diligence for new employees and third parties to protect your organisation from fraud committed by “associated person”?
To find out more on the latest Fraud trends, download our FraudTrack Report where you can see the huge variety of reported fraud cases and trends across industries and geographical location. We also look at fraudsters’ career types, motivations, physical location, and their social environments and backgrounds.
How we will help
Our team of experts will help you develop a comprehensive fraud risk management framework. Our work can include any or all of the following example areas of work:
Fraud Risk Management Framework
We will carry out a maturity assessment of your fraud risk management framework, comparing to the COSO principles and any other relevant industry guidance for combatting fraud and financial crime. Based on the review analysis, we will then work with you to develop a plan to enhance your fraud risk management framework tailored to your organisation’s circumstances and needs.
Fraud Risk Policies
We will help review or develop your fraud risk related policies and procedures by working closely with you to ensure that your policies are practical and effective. We can also provide support to help you implement your policies and procedures, ensuring that they are communicated effectively to your employees and stakeholders.
Fraud Risk Assessment
We will review or conduct fraud risk assessments to evaluate your strategic and operational fraud risk and evaluate the effectiveness of relevant controls.
Fraud Prevention and Detection
We will help you design and implement fraud controls (both preventative and detective measures), assess the effectiveness of existing controls and devise a tailored remediation plan as needed.
Fraud investigation and remediation
We will help business respond to suspected fraud incidents quickly and effectively, identify the root cause of the fraud and develop a remediation plan to prevent future incidents. Our approach is collaborative, and we will work closely with you throughout the process to ensure that you are fully informed and involved in the decision-making process.
Anti-fraud Training
We will develop and deliver an anti-fraud training programme to ensure consistent awareness throughout your organisation of the fraud risks your organisation faces. Training sessions can be conducted online or in-person and can vary in duration based on your needs.
It has always been crucial for organisations to keep fraud at the forefront of their decision-making and consider the risks that they could face. This is more true as failing to do so could now lead to criminal sanctions. Preventing fraud cannot be a ‘one-off’ exercise. Fraud risk management should be an integral part of your enterprise-wide risk management process and should be re-assessed on a periodic basis. This ongoing assessment will also help evaluate whether current controls and processes remain effective.
To discuss your fraud risk framework and compliance with the new legislation, please get in touch with a member of our Forensic Accounting team.
Key contacts
Sannan Khan
Partner - Forensic Services
0121 265 7283
sannan.h.khan@bdo.co.uk
Georgina Connor
Director – Forensic Accounting and Valuation Services
07920 727 582
Georgina.Connor@bdo.co.uk