How is your organisation affected?

The potential consequences of the offence are significant. Organisations may be held criminally liable where any employee, agent, subsidiary or other associated person providing services, commits a fraud intending to benefit the organisation or their clients and it is found that the organisation did not have reasonable fraud prevention measures in place.

The offence applies to larger organisations (including private and public companies, public bodies or charities) that meet two out of the following three criteria:

• more than 250 employees
• turnover of more than £36 million
• over £18 million in total assets

Where a parent company and its subsidiaries together meet two out of the three criteria, the group of companies may be in scope of the offence.

The failure to prevent legislation comes into play if one of nine base fraud offences is committed by an employee, an agent, a subsidiary or a person performing services for or on behalf of the organisation. The list of base offences is broad (it includes, for example, misrepresentation), further highlighting the need for risk reviews and thorough fraud prevention strategies.

1 Cheating the public revenue (common law)

2 False accounting (Theft Act 1968)

3 False statements by company directors (Theft Act 1968)

4 Fraudulent trading (Companies Act 2006)

5 Fraud by false representation (Fraud Act 2006)

6 Fraud by failing to disclose information (Fraud Act 2006)

7 Fraud by abuse of position (Fraud Act 2006)

8 Participation in a fraudulent business (Fraud Act 2006)

9 Obtaining services dishonestly (Fraud Act 2006).

The offence can also be triggered by aiding, abetting counselling, or procuring the commission of any the listed offences.

There is a requirement for a “UK nexus” for the failure to prevent fraud offence to apply. This has potential implications for overseas organisations.

The base fraud offence must have been committed under UK law, for example, because one of the fraudulent acts or its gain or loss took place in the UK.

If a UK-based employee commits a base fraud offence, the relevant organisation could be prosecuted regardless of where it is based or headquartered.

An overseas-based organisation could also be prosecuted if their employee or associated person commits a base fraud offence in the UK or targets victims in the UK.

If prosecuted, an organisation must prove to the court that it had reasonable fraud prevention measures in place when the fraud was committed or that it was not reasonable to have those procedures in place in all the circumstances. The standard of proof is on the balance of probabilities.

It will be for the courts to decide what is reasonable in individual instances. However, the guidance highlights the following as essential components of any fraud prevention framework:

• Top level commitment

• Risk assessment (this should be reviewed on a regular basis)

• Proportional risk-based prevention procedures

• Due diligence

• Communication (including training)

• Monitoring and review

It is therefore vital for organisations to demonstrate that they have provided all employees, directors and relevant associates with suitable, risk-specific training and communicated a clear message on fraud prevention at all levels.