After years of debate and calls from the Serious Fraud Office (‘SFO’) to change the law, and months of discussion in Parliament, the Economic Crime and Corporate Transparency Act 2023 (the ‘Act’) received Royal Assent last Thursday, 26 October 2023, introducing (among other reforms) a new failure to prevent (‘FTP’) fraud offence and an expansion of the basis on which companies can be held criminally to account (the ‘identification doctrine’). According to the Government’s press release, these reforms provide prosecutors with ‘game changing powers to hold companies criminally liable for malpractice’.
The new FTP fraud offence is not expected to come into force for some time since it is subject to the Government issuing accompanying guidance (explained below) whereas the provisions of the Act which expand the scope of the identification doctrine will be enacted by the end of December 2023.
We will be considering these reforms in detail across a series of podcasts and briefings in upcoming months (for which, do subscribe to our blog at https://hsfnotes.com/fsrandcorpcrime/), and for now, note below the key developments since our last update on the topic.
Our previous briefings analyse the key elements of the failure to prevent fraud offence and identification doctrine reforms and some of the more recent developments before the Act was passed.
1. The FTP Fraud Offence (sections 199-206 of the Act)
Under the Act, a FTP fraud offence is committed where:
- an ‘associated person’ of a ‘relevant body’ (ie. a ‘large organisation’) commits a relevant ‘fraud offence’;
- intending to benefit (directly or indirectly) the relevant body or any person to whom, or to whose subsidiary, the associate provides services on behalf of the relevant body; and
- the relevant body did not have in place reasonable fraud ‘prevention procedures’.
No offence is committed where the relevant body was (or was intended to be) a victim of the fraud offence. Like other failure to prevent offences, failure to prevent fraud will be subject to the deferred prosecution agreement regime.
Please see our briefing for further analysis of ‘an associated person’, relevant ‘fraud offence’, and reasonable ‘prevention procedures’, concepts which remain as trailed in the draft Bill.
Applies to ‘large organisations’ only
The scope of the offence continued to be the subject of Parliamentary debate in recent weeks (for which, see our briefing), and following a ‘ping pong’ process between the House of Lords and House of Commons on the appropriate size of the organisation which should be in scope, the Act provides that the offence applies to ‘large organisations’ only. An organisation will be in scope if it meets two out of three of the following criteria (in the financial year that precedes the fraud offence):
- more than 250 employees;
- more than £36 million turnover; and
- more than £18 million in total assets.
If resources held across the corporate group cumulatively meet the size threshold, that group of companies will be in scope of the offence.
The Secretary of State may by secondary legislation amend the above criteria and remove the limitation to large organisations entirely. Therefore, there remains a risk (albeit a somewhat remote one at present) that small and medium-sized enterprises could be brought into the scope of the Act in the future.
When is the offence in force?
As stated above, the FTP fraud offence will come into force once the Government publishes guidance on procedures which can prevent organisations from committing a fraud offence (for more, see our briefing). There should be a public consultation on the guidance which will likely take place during 2024 and we are not therefore expecting the new offence to be in force until the latter part of next year or early 2025.
2. Identification doctrine reforms (sections 196-198 of the Act)
The Act also imposes corporate criminal liability on companies for economic crime offences committed by their ‘senior managers’. Under the Act, if a senior manager of a body corporate or partnership, acting within the actual or apparent scope of their authority, commits a ‘relevant offence’ (e.g. bribery, fraud, money laundering), then the organisation itself will be criminally liable. This is a significant departure from the existing identification doctrine which has historically made it challenging to bring criminal prosecutions against companies in England and Wales. For more information on the changes and their impact, see our briefing here.
As stated above, these reforms will be enacted by the end of December 2023.
Nick Ephgrave, the new director of the SFO, has said that ‘this is the most significant boost to the SFO’s ability to investigate and prosecute serious economic crime in over 10 years‘ and ‘big businesses can no longer turn a blind eye to fraud.’ These amendments to the law are significant and should, without a doubt, make it easier for prosecutors to bring criminal cases against corporates. The practical impact of the reform to the identification doctrine will likely flow through over the coming years, as complex fraud offences typically take a number of years to investigate and prosecute, and companies will over the coming months need to consider their ‘reasonable procedures’ response to the failure to prevent fraud offence.
We will be considering the reforms in a series of podcasts and accompanying briefings in more detail over the upcoming months and will continue to monitor for key developments in this area including with respect to the public consultation on reasonable fraud prevention procedures. Any companies considering how best to address these new developments, and (in due course) the scoping of any reviews of their ‘reasonable procedures’ should contact any of the below HSF team members to discuss further.