The Economic Crime and Corporate Transparency Act 2023 (the ECCTA) received Royal Assent in October 2023. Among other reforms, the ECCTA introduced a new offence of failure to prevent fraud (the FTP Fraud Offence), which is expected to come into force by 2025.
In the latest in our series of briefings and podcasts on the ECCTA, this briefing focuses on the broad jurisdictional scope of the FTP Fraud Offence. You can also listen to our podcast on this topic here, and access our earlier briefings/podcasts on the ECCTA here.
The FTP Fraud Offence can be committed by all “large organisations” (as defined by the ECCTA) and their subsidiaries, wherever they are incorporated or formed. As such, in one sense the offence has a broader reach than that of the failure to prevent bribery offence under the Bribery Act 2010 (UKBA) (the FTP Bribery Offence), which only applies to companies and partnerships incorporated, formed or carrying on business or a part of a business in the UK.
In another respect, the FTP Fraud Offence is narrower than the FTP Bribery Offence: if a commercial organisation is within scope of the FTP Bribery Offence, it can commit this even if the bribery has no UK nexus whatsoever. By contrast, the scope of the FTP Fraud Offence will be determined by whether there is jurisdiction over the underlying (predicate) fraud offence.
The position can be summarised as follows, and further detail is set out belowi:
|Test for application
|FTP Bribery Offence
|FTP Fraud Offence
|Company which has ‘failed to prevent’
|Large organisations and their subsidiaries
|UK-incorporated organisation, or one which carries on a business (or part of a business) in the UK
|Organisation can be incorporated or formed anywhere, and carrying on business anywhere
|Predicate offence by associated person
|Bribery can occur anywhere
The question of whether the UKBA bribery offences apply (from a jurisdictional perspective) to the associated person briber is irrelevant
|Fraud can occur anywhere but must be subject to UKii jurisdiction
To complicate matters further, most of the underlying fraud offences specified by the ECCTA have broad jurisdictional scope and allow for part of any criminal conduct to take place overseas. Generally-speaking, the UK will have jurisdiction if a “relevant event” in relation to those underlying fraud offences (defined below) occurs in the UK. For example, a predicate fraud offence might occur where an overseas employee undertakes a fraudulent act at an overseas company (i.e. outside the UK) but some of the victims are in the UK.
We explore the jurisdictional scope of the FTP Fraud Offence further below, and consider the implications for in-scope organisations.
Recap: Overview of the FTP Fraud Offence
The FTP Fraud Offence can be committed by an in-scope organisation (a relevant organisation) if:
- an associate of the relevant organisation, such as an employee, agent or subsidiary, commits a predicate fraud offence specified by the ECCTA (listed below) over which the UK has jurisdiction (a relevant fraud offence);
- intending to benefit the relevant organisation or any person to whom (or to whose subsidiary) the associate provides services on behalf of the relevant body; and
- the relevant organisation did not have in place reasonable fraud prevention procedures. The government is due to publish guidance about such procedures, prior to the offence coming into force.
A relevant organisation will not be guilty if the offence was intended to benefit a customer, and the organisation was the victim of the fraud.
“Relevant organisations”: which organisations can commit the FTP Fraud Offence?
A relevant organisation is any body corporate or partnership which is classified as a “large organisation”, in addition to their subsidiaries. A “large organisation” is one which meets two or more of the following conditions in the financial year that precedes the underlying fraud offence:
- Turnover: more than £36 million;
- Balance sheet: more than £18 million; and
- Number of employees: more than 250 employees.
The offence applies to all of the above organisations, irrespective of their place of incorporation or formation.
“Relevant fraud offence”: which offences can be an underlying (predicate) fraud for the purpose of the FTP Fraud Offence and what is their jurisdictional scope?
As set out above, one essential ingredient of the FTP Fraud Offence is that an associate of a relevant organisation commits an underlying fraud which, for the purposes of the ECCTA, is a relevant fraud offence. Alternatively, the FTP Fraud Offence may be engaged if an associate of the relevant organisation aids, abets, counsels or procures a relevant fraud offence.
At presentiii, the ECCTA specifies that the following offences comprise a relevant fraud offence in England and Wales:
- Fraud Act 2006 (Fraud Act) offences, namely:
- Fraud by false representation / failing to disclose information / abuse of position (sections 1 – 4, Fraud Act);
- Participating in a fraudulent business (section 9, Fraud Act);
- Obtaining services dishonestly (section 11, Fraud Act);
- Theft Act 1968 (Theft Act) offences, namely:
- False accounting (section 17, Theft Act);
- False statements by company directors (section 19, Theft Act);
- Cheating the public revenue (common law offence); and
- Fraudulent trading under section 993, Companies Act 2006 (Companies Act).
For completeness, we refer to the position in England and Wales here and in the paragraphs directly below for simplicity but note that the relevant offences in Northern Ireland and Scotland are broadly equivalent.
Jurisdictional scope of the Fraud Act, Theft Act and common law offences
Save for the Companies Act offence of fraudulent trading, the above predicate offences all have a degree of extraterritoriality by virtue of sections 1 – 2, Criminal Justice Act 1993 (CJA). A person can be guilty of these offences if part of the relevant conduct takes place abroad, provided that a “relevant event” occurs in England and Wales (the Relevant Event Test). A Relevant Event means any act, omission or other event, proof of which is required for conviction of the relevant offence.
The CJA further specifies that, in relation to the Fraud Act offences of fraud by false representation / failing to disclose information / abuse of position (sections 1 – 4, Fraud Act), a Relevant Event will include (but is not limited to) the occurrence of any gain, loss or risk of loss.
This means that, for the purpose of the FTP Fraud Offence, a relevant fraud offence may be committed where not all of the underlying criminal conduct takes place in England and Wales.
Jurisdictional scope of the Companies Act offence of fraudulent trading
This offence is not subject to the Relevant Event Test but it can only be committed in respect of a business which is registered, or carrying out business in, the UK. The jurisdictional position is therefore more straight-forward, when compared to other relevant fraud offences.
There is a similar offence of “participating in a fraudulent business” which covers sole traders, partnerships, trusts and companies registered overseas under section 9, Fraud Act. That offence is also a relevant fraud offence under the ECCTA and is subject to the Relevant Event Test referred to above.
Companies and partnerships with UK operations or subsidiaries will no doubt already be assessing whether they meet the ECCTA’s “large organisation” criteria, and are therefore within scope of the FTP Fraud Offence. If so, relevant organisations will also likely be beginning to consider their existing fraud prevention procedures in anticipation of the government’s forthcoming guidance on “reasonable prevention procedures”. One preliminary question is whether to scope any risk assessment and procedural uplift activities by reference to the FTP Fraud Offence’s jurisdictional scope. In theory, if only part of a multinational group carries out activities in the UK (or has other UK touchpoints), it would be possible to focus only on that part, and some organisations may consider this to be a more efficient approach – particularly if the only reason for reviewing their fraud procedures is the advent of the new offence. Equally, relevant organisations may favour a broader, group-wide approach which is similar to that adopted in relation to anti-bribery and corruption controls. A broader approach would avoid the complexity of needing to identify all potential UK touchpoints within a group structure, and would help to ensure that groups have a robust, overarching framework for preventing fraud. That is highly desirable, irrespective of the applicability of the new offence.
Other companies and partnerships (i.e. ones which do not necessarily have UK operations or subsidiaries) should also consider whether they fall within scope of the FTP Fraud Offence. Prior to the ECCTA coming into force, the government’s impact assessment of the Act stated that foreign-domiciled corporates would only be impacted by the FTP Fraud Offence to the extent that they operate a UK branch or subsidiary. In contrast to this, a government factsheet on the ECCTA indicates that the scope of the offence is much broader, saying that it may be engaged, “if an employee commits fraud under UK law, or targeting UK victims, their employer could be prosecuted, even if the organisation (and the employee) are based overseas“. We think that the factsheet’s wider interpretation of the ECCTA is correct. In theory, it would be possible for an overseas relevant organisation – even one which does not have a UK branch or subsidiary – to be held liable for failing to prevent a relevant fraud offence, if a Relevant Event took place in the UK. For example, this could arise where a fraud takes place overseas but it targets UK victims, such as UK customers, UK owners or UK creditors of the relevant organisation. Overseas relevant organisations should therefore assess whether they have any existing or potential UK touchpoints and, in turn, may wish to review their fraud prevention procedures in advance of the FTP Fraud Offence coming into force, including in light of forthcoming government guidance.
i This summary relates only to the ‘failure to prevent’ offences. Companies can also commit offences of active or passive bribery, the ‘foreign public officials’ offence, and fraud offences, to which different jurisdictional tests apply.
ii We refer to the UK for simplicity, but note that the question would be one of jurisdiction in England and Wales, Scotland or Northern Ireland.
iii The Secretary of State may by secondary legislation remove or add further predicate offences within scope of the FTP Fraud Offence, provided the offence is (i) one of dishonesty, (ii) otherwise of similar character to those listed under the ECCTA currently, or (iii) a substantive money laundering offence (i.e. an offence under sections 327 – 329, Proceeds of Crime Act 2002).