Menu
In a bid to hold large organisations to account if they benefit from fraud, the Economic Crime and Corporate Transparency Act 2023 (ECCTA) introduced a new corporate criminal offence of “failure to prevent fraud” (‘the offence’). Under the offence, large organisations may be held criminally liable when an associated person commits a fraud intending to benefit the organisation, if the organisation did not have “reasonable procedures” in place to prevent the fraud.
The Home Office has now published a Guidance on the Offence (just in time for International Fraud Awareness Week), and key points are summarised below.
1. Who is an “associated person”?
These include:
The corporate offence can only take place if the person commits the base fraud while acting in their capacity as an associated person.
2. Large organisations only
A “large organisation” in this context has the same definition as set out in the Companies Act 2006 – an organisation is considered large if it meets at least two of the following three criteria:
These criteria apply to the whole organisation, including subsidiaries (regardless of where the organisation is headquartered or where its subsidiaries are located). With less than 0.1% of businesses having 250 or more employees , it’s clear that the vast majority of businesses do not have to worry about committing the offence, but that’s not to say they should not take notice of the Guidance – the principles outlined in the guidance represent good practice and may be helpful in deterring fraud for organisations of all sizes. It is also worth pointing out that non-large subsidiaries of a large organisation can still be charged with the offence and prosecuted.
An “organisation” in this context refers to incorporated bodies and partnerships. Further details of organisations included within this definition are set out in chapter 2.1 of the Guidance.
3. Intention to benefit is sufficient and can be implied
An organisation can still be charged with the offence even if it did not receive any actual benefit from the base fraud – it is enough that the organisation was intended to benefit. The intention to benefit the organisation does not even have to be the sole motivation. For example, while the prime motivation of a salesperson who commits fraud might be to increase their own commission, since the fraud would increase the employer’s sales it can be inferred that they also intended to benefit their employer. Another example of when an intended benefit can be inferred is a fraud that benefits an organisation’s clients – presumably done in order to retain those clients.
4. What are considered to be “reasonable fraud prevention procedures”?
The Guidance lists six key principles that should dictate an organisation’s fraud prevention framework:
In some circumstances, it may be deemed reasonable not to introduce measures in response to a specific risk, but in most cases, a risk assessment should be performed at a minimum, with any decisions with regard to the implementation of procedures being documented.
As this is set to come into force from 1 September 2025, large organisations should begin reviewing their prevention policies now to mitigate the risk of committing the offence.
If you would like to discuss any of the above in more detail, please do not hesitate to contact our team.
Daily News Round Up
Sign up to our daily news round up and get trending industry news delivered straight to your inbox
This site uses cookies to monitor site performance and provide a mode responsive and personalised experience. You must agree to our use of certain cookies. For more information on how we use and manage cookies, please read our Privacy Policy.
