.gif)
As featured in TL4 FIRE Magazine Issue 16 | FIRE Starters Edition
The UK’s Economic Crime and Corporate Transparency Act (ECCTA) – which became law in October 2023 – is part of a trilogy of new legislation in support of the UK Government’s three-year Economic Crime Plan (2023-2026) to clamp down on dirty money funnelled through the UK. The ECCTA aims to improve corporate criminal liability in the UK and drive a change in corporate culture.
True to its name, the ECCTA introduces greater transparency and accountability across a number of areas, all of which should have a material impact on anti-fraud and asset recovery work on UK-related matters and make it easier for prosecutors to hold corporates to account for economic crimes:
- Corporate reform will provide Companies House greater authority as the gatekeeper to the registry;
- Transparency reforms for limited partnerships;
- Improvement to real estate transparency and the register for overseas entities;
- Stronger regulations around the misuse of crypto assets;
- Changes to the Identification Principle; and
- The introduction of a failure to prevent fraud offence to hold companies criminally liable for fraud committed by an employee.
In this article, I take a closer look at these last two elements – implications of the expansion to the Identification Principle and the new Failure to Prevent Fraud offence – reforms which can have extraterritorial reach to both companies and conduct outside of the UK. The reforms to the identification principle took effect from 26 December 2023 and the new FTPF offence could come into force in early 2024.
The Identification Principle Simplifies the Attribution of Corporate Criminal Liability
With changes to the Identification Principle, the ECCTA has sought to simplify the attribution of criminal liability to specific individuals bringing into scope a wider range of employees able to trigger corporate criminal liability. If a “Senior Manager” of a corporation or partnership acting within the scope of their authority now commits a relevant offence, then the organisation is also guilty of the offence. A Senior Manager is defined as an individual who play a significant role in managing the corporate’s activities or making decisions about how such activities are managed.
This means that prosecutors will no longer have to prove that the ‘directing mind and will’ of a company were complicit in a fraud, an area which has proven troublesome for law enforcement. Previously, it was a requirement for a senior member of the corporation, often sitting on the board, to have been aware of the criminal conduct for criminal charges to be levied on the corporate. That proved a high bar for prosecutors to satisfy and was frequently criticised when dealing with large corporates with often complex management structures.
Failure To Prevent Fraud Is Now An Offence, For Large Companies
To mitigate the difficulty in proving corporate criminal liability, the ECCTA has introduced the ‘Failure to Prevent’ (FTP) Fraud offence intended to benefit the corporate. This brings the fraud offence into line with the current legislation preventing bribery and tax evasion. However, instead of attaching criminal liability to the corporate, the ECCTA attributes a strict liability offence for failure to prevent the fraud. In further contrast to the existing failure to prevent bribery and tax evasion, section 199 of the ECCTA limits the scope of the Failure to Prevent Fraud offence to large corporates.
This proved a bone of contention when passing the bill through the House of Lords and Commons where amendments to the scope of the act were passed back and forth. It was eventually restricted to large corporates by the House of Commons due to the potential compliance burden it would place upon small businesses.
To qualify as a “large” corporate, and fall into the crosshairs of the FTP Fraud offence, an organisation must meet at least two of the three criteria per the Companies Act 2006 during the financial year preceding the offence: have more than 250 employees, more than £36 million turnover, and more than £18 million in balance sheet assets.
One of the key aspects of the reform is its extraterritorial reach. If an employee, agent or subsidiary commits fraud under UK law, or targeting UK victims, the corporation could be prosecuted, even if the corporate (and the employee) are based overseas.
Organisations will be able to avoid prosecution if they have reasonable procedures in place to prevent fraud, and there may be circumstances where it is reasonable to have no fraud prevention procedures in place where the risk is extremely low. The home secretary is due to publish statutory guidance on the expectations for ‘reasonable procedures’, and the offence will not come into force until this guidance is available.
Whether these changes will lead to a greater number of court cases and enforcement action remains to be seen. However, once the Government produces the statutory guidance, it will be important that all large corporates act to ensure they have “reasonable procedures” in place to have a defence against any employee actions.
Even before this, large corporates could be taking the following minimum steps to build out their FTP Fraud risk assessment:
- Identify and define ‘Senior Managers’ within their organisation who would qualify under the Identification Principle,
- Review existing fraud risk assessments to consider the risk of fraud that benefits the company,
- Review and reinforce anti-fraud policies and procedures within their organisation, and
- Deliver training to ensure that qualifying employees are aware of the updated legislation.
The ECCTA reforms mean that large companies can be found guilty of the fraudulent conduct of employees, subsidiaries and agents and that companies of all sizes can be prosecuted for the fraudulent actions of their ‘senior managers’, as they will not have the reasonable procedures defence.
The original publication is also available at – https://thoughtleaders4.com/fire/fire-knowledge-hub-view/fire-magazine-issue-16-fire-starters-edition-2024
.png)
.png)
