New rules to prevent economic crime now in force
The Economic Crime and Corporate Transparency Act 2023 (the Act) received royal assent on 26 October 2023. The act contains new laws aimed at preventing economic crime – essentially making it easier to hold companies liable for fraud by:
- bringing in a new offence of failure to prevent fraud; and
- making companies responsible for the economic crimes of their senior managers in an expansion of what is known as the identification doctrine.
The new rules are part of the wide-ranging Act which also includes important new requirements for director and owner identity verification at Companies House. Find out more about the rest of the Act here.
Implementation timetable
The Government has given a 2 month period before the changes to the identification doctrine come into force, which means the 26 December 2023.
The new offence of failure to prevent fraud isn’t expected to come in before 2025 because of the need for Government guidance (see below).
Failure to prevent fraud
Under this part of the Act, an organisation may be held criminally liable for fraud where the illegal act was:
- committed by an employee, agent or subsidiary;
- for the benefit of the company or its clients/customers; and
- the organisation did not have reasonable fraud prevention procedures in place.
For these purposes, fraud includes:
- tax evasion;
- the making of false statements by company directors; and
- false accounting.
So for example trying to make the books of a company look more healthy than they really are in order to attract investors could be caught by this new offence, but also inaccurate statements made to lenders, potential acquirers of the business in an M&A situation, and possibly greenwashing claims.
Liability under this offence attaches to the company, not the directors or other individuals. It is notable however that a holding company may be held liable for the economic crimes of its subsidiaries where the subsidiary is performing a service on behalf of its holding company.
Putting in place reasonable fraud prevention procedures will therefore be key to avoiding liability under this new offence.
Businesses in scope for the failure to prevent fraud offence
The new offence will apply only to large corporate groups or partnerships which meet two out of the three following criteria:
- more than 250 employees;
- annual turnover in excess of £36 million; and
- total net assets over £18 million.
As many predicted, the House of Commons rejected the proposed amendment by the House of Lords which would have seen all sizes of businesses in scope for the new offence of failure to prevent fraud.
Corporate liability for acts of senior managers – changes to the identification doctrine
Under the second part of the new rules on economic crime, a company will be liable to prosecution, and a fine if convicted, if a senior manager has committed a relevant offence.
This broadens the circumstances under which a company can be found criminally liable for the acts of individuals in its organisation. Previously, under what’s called the identification doctrine, a company would only be responsible where the person committing the offence could be shown to be the “directing mind and will of the company” – which has historically been very difficult to prove.
The new laws will see a company (or other body corporate) or partnership found guilty if:
- a senior manager;
- acting within the scope of their authority;
- commits a relevant offence.
Relevant offences includes false accounting, tax evasion, conspiracy to defraud, offences under FSMA 2000 and the Proceeds of Crime Act 2002 – covering some of the same areas as the proposed failure to prevent offence, but expanding further, and so opening up companies to potential liability under either head where the relevant offence can be attributed to senior management.
Senior managers are defined as people who play a significant role either in the making of decisions about how the corporation’s activities are managed, or managing the activities themselves. This will include but not be limited to company directors.
Senior manager themselves may be also be separately prosecuted and convicted.
Unlike the more limited scope of the failure to prevent fraud offence, prosecution under the updated identification doctrine however will be possible for any size of corporate.
Economic crimes
These provisions in the Act are currently limited to economic crimes. However, the Government has previously indicated it intends to expand the identification doctrine more broadly to all crimes in future, so this is an area for businesses to be mindful of future changes.
Practicalities – what should businesses being doing now?
The two new laws are different, but they do overlap, and so a business preparing for the failure to prevent fraud offence, to ensure in particular it can avail itself of the defence of having reasonable fraud prevention procedures in place, should be well placed to expand this relatively easily to cover preparation for the increased risk following the change to the identification doctrine.
The Government has said that the new rules on failing to prevent fraud won’t come into force until it has produced guidance on what reasonable fraud prevention procedures might look like – and it will go through a consultation process first on this: hence an anticipated date for implementation more likely to be in 2025. However, we can assume that the guidance is likely to be similar to other failure to prevent offences such as under the Bribery Act 2010 so organisations potentially in scope for this offence wanting to get ahead with preparations could look to that as a starting point.
Good governance will be a cornerstone to preventing liability arising under both the failure to prevent fraud offence and the expanded identification doctrine.
With this in mind, consider:
- undertaking a risk assessment in relation to the application of the new laws to your business;
- if in scope for the offence, reviewing your existing, or if necessary creating a new, fraud prevention programme;
- developing detailed policies and procedures on the basis of your risk assessments (including audit and monitoring);
- your third party (supplier, customer) due diligence process; and
- consider mandatory training in relation to economic crime (identifying and focused on senior managers), with HR policies and practices adapted accordingly.
For further general information, GOV.UK have the following factsheets available:
How we can help
If you’d like to discuss the implications of this legislation for you and your business, please contact our expert corporate team.
Talk to us about
Related services