We are pleased to present the premiere episode of “Ounce of Prevention,” a podcast focused on compliance and white collar crime trends. Our first episode — hosted by London white collar defense and investigations partner Andrew Good, joined by colleagues Jonathan Benson and Jason Williamson — examines the new U.K. failure to prevent fraud offence. They examine the significance of the offence, how it will make it easier for companies to be criminally prosecuted for failing to prevent fraud in their operations and what companies can do to prepare before the offence comes into force later this year.
Episode Summary
We are pleased to present the premiere episode of “An Ounce of Prevention,” a podcast focused on compliance and white collar crime trends.In this inaugural episode, host Andrew Good is joined by Skadden colleagues Jonathan Benson and Jason Williamson to discuss the new U.K. failure to prevent fraud offence taking effect on September 1. The panel explores how this strict liability offence significantly expands corporate criminal liability for fraud committed by associated persons, making it easier to prosecute companies, particularly large organizations. They examine the offence’s extraterritorial reach, the crucial "reasonable procedures" defence and practical steps companies should take to prepare, including implementing appropriate anti-fraud policies and procedures aligned with government guidance focusing on top-level commitment, risk assessment and monitoring.
Voiceover (00:02):
Welcome to An Ounce of Prevention, a podcast from Skadden’s White Collar Defense and Investigations Group that explores critical issues shaping the landscape of corporate compliance and enforcement around the globe. Join us for in-depth analysis and practical insights to help you navigate the complexities of corporate accountability.
Andrew Good (00:25):
Hi, and welcome to An Ounce of Prevention, a new podcast series presented by the White Collar Defense and Investigations team at Skadden. This podcast will bring you regular analysis of key compliance and white collar crime trends, important industry news and developments, as well as insights from the leading practitioners in the field.
(00:45):
My name is Andrew Good, and I’m a partner here in Skadden’s London team. I specialize in representing clients in complex governmental and regulatory investigations into fraud and other misconduct, for example, bribery, false accounting, money laundering, and other related offenses.
(01:04):
The topic for our first episode today is the new UK failure to prevent fraud offense, which will come into force on the 1st of September of this year. We’ll be discussing this new offense and what companies can do to prepare for this change. And to talk about this new offense, I’m joined today by my colleagues Jonathan Benson and Jason Williamson. Jonathan’s a counsel in our team here in London who has spent almost a decade counseling companies on a range of business compliance issue and who prior to joining Skadden worked as a senior lawyer within the UK government. Jason is a European counsel specializing in cross-border investigations into allegations of corporate misconduct including fraud, bribery, corruption, and money laundering. Welcome to the Ounce of Prevention, guys.
Jonathan Benson (01:55):
Thank you.
Jason Williamson (01:56):
Thanks, Andrew. Great to be here.
Andrew Good (01:58):
So, Jonathan, this isn’t the first failure to prevent offense in the UK. We already have a few of those. Why is this one different and why is it significant?
Jonathan Benson (02:07):
Yeah, you’re absolutely right, Andrew. In a sense, this is just another failure to prevent offense, similar to the failure to prevent bribery offense under the Bribery Act of 2010, and the failure to prevent the facilitation of tax evasion under the Criminal Finances Act 2017.
(02:26):
But I think that this is a very important legal development and where this new offense is different is that it applies the same principle of expanded corporate criminal liability to fraud, the most widespread of economic crimes in the UK, and actually one of the most frequently committed crimes in general. So, the new offense will make it easier for companies to be criminally prosecuted for failing to prevent fraud in their operations, and they need to pay attention as a consequence.
Andrew Good (02:58):
We’ll get into how companies can address and mitigate that risk in a moment. First, I think it’s important to talk a little bit about where this new offense came from.
Jason Williamson (03:08):
Yeah. So, under the previous government, there was a lot of talk about bringing forward new economic crime legislation and really to make it easier to hold companies accountable for criminal misconduct. That ultimately led to two new economic crime bills, one in 2022 and one in 2023. And the failure to prevent offense sits within the 2023 act, and that is called the Economic Crime and Corporate Transparency Act. And the 2023 act, it made a number of changes beyond the failure to prevent offense that were designed to make it easier to combat economic crime.
(03:43):
So, it introduced new powers for Companies House and the Serious Fraud Office. It also extended law enforcement powers under the Proceeds of Crime Act, including in relation to cryptocurrencies. And perhaps most importantly, alongside the failure to prevent offense, is that it made changes to the identification principle, which made it easier for companies to be held accountable for a wider range of economic crimes.
Andrew Good (04:08):
I think that last point is worth pausing on for a moment. Before the 2023 changes, corporates could only be prosecuted for certain economic crimes in the UK if the prosecution could show that someone acting as the directing mind and will of the company had the culpable state of mind for the offense. This makes it difficult in practice, or it made it difficult in practice to successfully prosecute companies, particularly large businesses with a complex management system.
(04:42):
The 2023 act changed this, so that a company can be held liable for certain economic crime offenses, for example, bribery, tax offenses, money laundering, fraud, and false accounting, if the offense is committed by a senior manager. And senior manager is defined broadly and will likely cover persons in a direct chain of management and those who are in strategic or compliance roles. This is, therefore, a significant change that has the potential to make it much easier for UK law enforcement authorities to prosecute corporates for economic crime.
Jonathan Benson (05:21):
Precisely, Andrew. It’s also worth noting that the previous government put forward a proposal in the Criminal Justice Bill of 2023 to extend this new way of attributing criminal liability to companies so that it would apply to all criminal offenses and not just certain economic crimes as is currently the case.
(05:40):
That change has now been adopted as part of the new Labour government’s Crime and Policing Bill, which was introduced into Parliament in February of this year. Given that criminal justice reform was a key part of the Labour government’s manifesto and in light of their parliamentary majority, it’s very likely that this further change that’s proposed to the law will come into force relatively soon.
Andrew Good (06:06):
So, we haven’t heard the last word on the expansion of corporate criminal liability, I think, have we?
Jonathan Benson (06:11):
I think that’s just about right.
Andrew Good (06:13):
All right. We’ve covered some of the background on this new offense, but maybe, Jason, could you tell us a little bit more about what types of conduct the offense covers?
Jason Williamson (06:22):
Sure. So, broadly speaking, there are two elements to the offense. The first is that an associated person of the company must commit one of the fraud offenses that are listed in the 2023 act, and the second is at the time of committing the offense, the associated person must have intended for the fraud to either benefit the company or another person who received services from the associated person on behalf of the company.
(06:48):
And the fraud offenses listed in the 2023 act are wide-ranging and include offenses under the Fraud Act. So, fraud by false representation, failing to disclose information, and abuse of position. It also includes the false accounting offenses, the fraudulent trading offenses, and cheating the public revenue, or to put it simply, tax-related fraud. So, the scope of the offense is incredibly broad and it could cover a whole range of potential misconduct. It could cover false representation and warranties made in transaction documents and other disclosures. It could cover fraudulent misreps in company accounts or misreps about the quality of goods and services, and so on.
Andrew Good (07:30):
So, if an associated person of a company commits any of these listed offenses, the company itself is then criminally liable for failing to prevent that fraud?
Jason Williamson (07:41):
Exactly. So, the company will be held liable under the offense on a strict liability basis, but the legislation does include a couple of potential defenses. So, the company will have a defense if it can show it had reasonable fraud prevention procedures in place at the time the offense was committed, or that it was reasonable to not have those procedures. And the company itself will also not be prosecuted if it was a victim of the fraud.
Andrew Good (08:03):
Okay. Well, it seems like it’s going to be very important for companies to ensure that they have the right procedures given that strict liability regime.
(08:11):
Let’s come back to this defense in a second, but I wanted to first drill down a bit on the key elements of the new offense. Does the phrase associated person here just mean employee?
Jonathan Benson (08:22):
No, not quite. The definition of associated person is broadly similar to what we’re familiar with under the Bribery Act. So, it includes, for example, employees, but also agents and subsidiaries of the company, or anyone else who performs services for or on behalf of the company. Whether the person is an associated person will, of course, depend on the specific facts.
(08:46):
The government has clarified that franchisees or suppliers will not be associated persons just by virtue of being a franchisee or supplier. They would have to provide services for or on behalf of the company to fall within scope.
Andrew Good (09:01):
Okay. And does this apply to any company in the UK?
Jonathan Benson (09:05):
No. It only applies to so-called large organizations and the legislation specifically exempts small and medium-sized enterprises.
(09:15):
So, a company will be deemed to be a large organization under the act if two or more of the following conditions are satisfied. Firstly, it has more than 250 employees. Secondly, its annual turnover is more than 36 million pounds and/or thirdly, its balance sheet assets exceed 18 million pounds. And a parent company of a corporate group will fall within the scope of the new offense if a similar criteria are met on an aggregate basis. So, coming back to your question, Andrew, it’s not just UK large organizations. A company does not have to be incorporated or registered in the UK to potentially be liable. The act applies to an entity wherever formed or incorporated.
Andrew Good (10:04):
So, can you talk to me a little bit about the extraterritorial nature of this? I mean, is this something that’s going to apply to activity happening outside of the UK?
Jason Williamson (10:14):
So, I think that very question, Andrew, is the thing that’s generated most discussion since the government introduced this new offense and that the territorial scope of the offense is not straightforward. It relies on the underlying fraud offense and the territorial reach of that.
(10:29):
So, generally speaking, to prove that a fraud offense has been committed under English law, an element of the offense must take place within the UK or have UK victims. So, putting that into context, you could have a situation where an employee of an overseas company commits a fraud and the only UK touch point is that that fraud has UK victims. According to the UK government guidance as it currently stands, that could be enough to bring the company within the scope of the failure to prevent fraud offense.
Andrew Good (10:58):
Okay. That’ll be interesting to see how that plays out. Under the new offense though, there is this affirmative defense. Does that mean a company is able to avoid guilt under the new offense if they have fraud policies in place?
Jonathan Benson (11:12):
So, the 2023 act states that a company will avoid criminal liability provided it can prove that it had quite reasonable fraud prevention procedures in place at the time of the alleged fraud, or that it was reasonable not to have such procedures in place. Therefore, the focus will be very much on those policies and procedures, because for most companies it will be pretty difficult for them to say that it was reasonable for them to not have any procedures.
(11:42):
The legislation doesn’t specify what reasonable fraud prevention procedures are, but the government has published guidance on the topic. Broadly, according to this guidance, companies should follow six principles when designing their policies. And these six principles will be ones that people will be familiar with to some degree, and no doubt will also be what they would expect, because they track similar guidance issued in connection with the other failure to prevent offenses. So, we’re talking about top-level commitment, risk assessment, proportionate risk-based prevention procedures, due diligence, communication, training, and lastly, monitoring and review.
(12:24):
Companies should make sure that senior management are involved in designing and communicating the policies, that there’s a culture of preventing fraud that permeates from the top, that the risks of fraud within the organization are identified and addressed in a proportionate way, and that there are due diligence procedures in relation to the relevant associated persons.
Andrew Good (12:46):
And if a company hasn’t got these policies and procedures set up in time and something is identified after September of this year, what happens?
Jonathan Benson (12:57):
Well, there is, of course, the risk of prosecution. In terms of penalties, the penalty for this offense is a fine, but as people will be familiar with from the Bribery Act context, fines in this area can be very large indeed. The legislation also adds the new offense to the list of crimes for which a deferred prosecution agreement is available.
Andrew Good (13:20):
What should companies be doing now to prepare for the new offense coming into force?
Jason Williamson (13:25):
So, as Jonathan touched on, I think having the right policies and procedures in place is going to be critical. If a company comes under law enforcement scrutiny because a fraud has been committed, it will be important for it to be able to demonstrate that it had the controls in place to prevent that fraud. And as Jonathan said, showing that it was reasonable to not have those procedures is likely to be quite difficult.
(13:47):
So, the government has issued guidance and that provides a high-level overview of what law enforcement expect to see in those policies and procedures. And that guidance has recently been supplemented by industry guidance published by UK Finance for financial services companies. And although that guidance is useful, the exact controls that a company implements will depend on a range of factors. So, the size of the organization, where a company does business, where it has third-party relationships, and the particular risks within its operations. And as we often see with other ABC compliance policies, what is proportionate and reasonable will really vary between organizations, and that will largely depend on the output of a company’s risk assessment.
(14:31):
So, as you mentioned Andrew at the beginning, the offense does not come into force until the 1st of September. So, this does give companies time to review existing anti-fraud procedures, update risk assessments and compliance training programs, and to really consider whether any new controls or policies are required.
Andrew Good (14:48):
Well, it sounds like this is a pretty big change coming down the pipeline for companies, and there’s a lot for them to think about as they prepare for this offense coming into force. Jonathan and Jason, I wanted to thank you guys for coming on and helping us understand this important development. Appreciate it.
Jonathan Benson (15:08):
Thank you very much, Andrew.
Jason Williamson (15:09):
Yeah. Thanks, Andrew.
Andrew Good (15:10):
And that’s it for the premier episode of the Ounce of Prevention Podcast. We hope you can join us next time, but in the meantime, stay vigilant, stay compliant, and join us for the next episode of the Ounce of Prevention, where we’ll be discussing another key topic shaping our industry. Until then, goodbye.
Voiceover (15:33):
Thank you for joining us for today’s episode of An Ounce of Prevention. If you like what you’re hearing, be sure to subscribe in your favorite podcast app so you don’t miss any future conversations. Additional information about Skadden can be found at skadden.com.
Listen here or subscribe via Apple Podcasts, Spotify or anywhere else you listen to podcasts.
