Failure to Prevent Fraud – Being a Friend of Business

31/10/2023

The Economic Crime and Corporate Transparency Bill received Royal Assent on 26 October 2023. An initial Economic Crime (Transparency and Enforcement) Act 2022 was passed at speed in the wake of the invasion of Ukraine to deter Russian oligarchs from laundering money in the London property market. This 2023 Act follows on as part of a welcome Parliamentary focus on how economic crime can impact the international reputation and stability of the UK as well as its cost to the Exchequer.

The Act’s original focus was, as the name suggests, on transparency – giving bodies such as Companies House new powers to verify identities of those registering companies and making it harder to use partnerships or overseas entities as a vehicle for crime – and on enforcement, including in relation to the confiscation of crypto-assets. Its scope widened significantly through its various readings in the Commons and the Lords and now includes an entirely fresh approach to corporate criminal liability in relation to economic crime, and a new offence of failure to prevent fraud. The discussion in both Houses about the scope of the latter offence, and whether it is reasonable for small and medium sized businesses in effect to have a duty to prevent fraud exposes the tension between what many may regard as a good idea, and provisions which are perhaps not for a Conservative Government to introduce with a General Election on the horizon. This article discusses the scope of the changes, and what it really means for Government to be a ‘friend of business’.

The Problem

One important reform is the extension of corporate criminal liability in relation to economic crimes, with the changes in this Act being heavily informed by a recent Law Commission Options Paper. The Law Commission noted the limitations of the current “identification principle” which holds that a corporate body can only be liable for an offence if a person representing its “directing mind and will” had the requisite mental state – in practice, this often meant establishing dishonesty among Board members.

The SFO’s failed attempts to prosecute Barclays in 2015 only further confused matters. The SFO sought to prosecute Barclays in relation to the actions of certain senior officers including a Group Finance Director who had the approval of the Board to do a particular deal on behalf of the Board. This led, the SFO alleged, to Qatari investors effectively being paid to invest in Barclays, using Barclays own money to buy Barclays shares, and to a deal taking place that was not as publicly represented. The Crown Court Judge concluded that Barclays had itself been deceived and was not liable.

The SFO sought to reinstate proceedings via a voluntary bill procedure on the basis that Barclays had allowed these senior officials to do the deal and that thus they held delegated, de facto authority and were the controlling mind and will of the bank. Dismissing the application, Davies LJ noted the real strength of feeling that it was becoming increasingly difficult to prosecute corporates as they grew in size or became multi-national due to overlapping hierarchies with different arenas of decision-making. Perversely, this meant it was easier to prosecute small companies with straightforward structures, but extremely difficult to prosecute larger companies where fraud might have greater consequences for shareholders or even national economies. Davies LJ concluded that this did not change the fact that on existing principles he could not act as though the Chairman or Board knew something that they did not know. The senior officers did not have full discretion to conduct business as they pleased and to suggest they did so would be to treat the Board as simply “rubber-stamping” a decision. Whilst the SFO said it was necessary to prosecute the bank in order to promote good governance, Davies LJ noted that if Parliament wished to create an offence on the basis that a company ought to have known something and had no adequate systems in place to discern it, allowing fraud to happen, Parliament could legislate. It appears that Parliament may finally take Davies LJ up on that suggestion through the twin means of broadening corporate criminal liability more generally, and through creating a (more limited) failure to prevent fraud offence.

The Solution?

Section 196 of the Act states that where a “senior manager” acting within the “actual or apparent scope of their authority” commits a relevant offence, the company commits that offence too. [The statute refers to “a body corporate or a partnership”, although I have used “company” in this article for ease, but these provisions will have wider application and may include other corporate entities such as some universities]. Relevant offences are defined in Schedule 12 and include offences under the Fraud Act 2006, the Theft Act 1968, and the Proceeds of Crime Act 2002 as well as offences of cheating the public revenue and VAT fraud.

Dealing perhaps with one of the issues identified in Barclays about the gap between de facto and de jure control, or the difference between Board Resolutions and what happens on the ground, a senior manager is defined as someone with a significant role in decision-making that effects the whole or a substantial part of a company’s activities or someone who plays a significant role in actually managing or organizing those activities. Thus, it appears that a Board could not insulate the company from liability by not knowing too much about what’s going on: the people who are actually running the operation are caught as “senior managers” even if they do not have full decision-making power.

This is potentially a very significant expansion to the scope of corporate criminal liability. Unlike the offence of failure to prevent fraud, discussed below, there is no need for the senior manager to be seeking to benefit the company by his or her actions nor is there any explicit defence that the company was deceived as to what a manager was doing. It is likely that the question of whether a senior manager was acting within the “actual or apparent scope of their authority” will be the subject of jurisprudence. It may be thought that a manager who steals company funds clearly is not acting within the scope of their actual or apparent authority. A manager who has discretion to conduct a deal as he or she pleases and does so dishonestly may be acting within the authority given to them by the company. HR consultants and employment lawyers may be kept busy in advising on contractual terms which seek to carefully frame the authority of an individual, and compliance departments in financial institutions may be signing off on ever more documentation.

Section 199 of the Act creates a failure to prevent fraud offence in which a relevant body is guilty of an offence of failing to prevent fraud if a person who is associated with that body (such as an employee, agent or other person providing services to that body) commits a fraud offence intending to benefit the relevant body whether directly or indirectly. It would appear that a supplier may fall within the definition of a person performing services for the company. If the relevant body was an intended victim of fraud itself, it is not liable. It is a defence for the relevant body to demonstrate that it had in place fraud prevention measures that were reasonable in all the circumstances (or that it was reasonable not to have any).

The definition of “relevant body” caused a great deal of debate, with a number of people in the House of Lords arguing that it should be of wide application, notably Lord Garnier KC who in his former role as Solicitor General had been responsible for the introduction of Deferred Prosecution Agreements. The Government however won the day with a definition of relevant body that applies only to “large organisations” which in the year preceding the fraud met at least 2 of the 3 following conditions: a turnover of more than £36 million; a balance sheet total of more than £18 million; more than 250 employees.

This restrictive definition of a relevant body reflects Government concerns about saddling small and medium-sized businesses with a lot of work to demonstrate that they had adequate fraud prevention measures in place. Perhaps unsurprisingly, Lord Garnier KC did not take particularly kindly to Government suggestions that a wider definition would simply create a field day for lawyers advising industry. The Lords’ contention was the reasonableness requirement offered sufficient protection to small businesses and that all businesses should in any event address their mind to the issue of fraud prevention whatever their size, as they do employment and maternity rights and health and safety at work regulations. There is a real sense among some in Parliament in light of recent world events that post-Brexit Britain should be not become a financial wild west, but the reality is perhaps that leaving the EU in the way that we did created a bureaucratic nightmare for small businesses. This Government is slow to be seen to place yet more burdens on those businesses, and keen to appear as a friend of business.

Ironically, however, the Government does not appear to have fully realized that the interaction between the (broad) extension of corporate criminal liability and the (limited) failure to prevent fraud offence will itself generate necessary activity on the part of businesses of all sizes and those who advise them. If a body of any size can be guilty of a substantive offence of fraud, and on the face of the statute, guilty irrespective of the fraud prevention measures it had in place, provided a sufficiently senior manager commits the fraudulent act, it may be easier in some circumstances to prosecute the company for the fraud on the basis of corporate criminal liability, rather than a failing to prevent fraud offence.

In ensuring that senior managers act within the law at all times, companies of all sizes will in reality have to seriously consider anew the extent and efficacy of their fraud prevention measures. It is to be hoped that prosecuting authorities will take such matters into account when considering the question of the scope of a senior manager’s authority: if an employee has to deceive their company and get round robust anti-fraud measures to commit their crime, it may be that this would militate against a prosecution and suggest they were not acting within their authority. Ensuring that companies of all sizes take reasonable steps to prevent fraud is surely to be welcomed – it is in the interest of all to have a healthy corporate sector which does not fear scrutiny and an economy which is not losing billions of pounds to criminals.

Mary Cowe

Guildhall Chambers

October 2023