Risk Insight

Failure to prevent fraud

Insight Hero Image

    The Pathway to Readiness

    The new corporate criminal offence of failure to prevent fraud is expected to come into force later this year as part of the Economic Crime and Corporate Transparency Act 2023. Under the new offence, a company will be criminally liable where an employee, agent, subsidiary or any other party performing services on the company's behalf commits a specified fraud offence, with the intention to benefit the company, or any person who receives services from the company. The only defence against the offence is having "reasonable procedures" to prevent fraud.  Read our briefings on the offence, and more detail on the available defence, here.

    Government guidance on what to consider when implementing reasonable procedures will be published imminently, followed by a six month implementation period, before the offence comes into effect. This guidance is expected to be draw heavily on guidance issued for existing failure to prevent offences relating to bribery and the facilitation of tax evasion.

    Organisations should expect a focus on top-level commitment, risk assessments, risk-based procedures, due diligence, communication and monitoring. Given the short implementation period, businesses should start considering the legislative requirements against their current profile now to ensure they are prepared for the new legislation.

    Ashurst has developed a five-step 'pathway to readiness' to assist organisations prepare for the new requirements:

    1. Board and senior manager awareness and responsibility

    Senior leadership should understand the new requirements and the steps required to ensure compliance. Firms should designate senior stakeholders responsible for the assessment and implementation of 'reasonable procedures' and fix a timeframe for achieving baseline compliance.

    2. Fraud risk identification

    Firms should consider their exposure to risks captured by the new offence, in particular financial reporting, sales and distribution channels, and public disclosures, as well as consider whether there are current mitigants in place.

    3. Policy gap analysis

    Organisations need to identify whether the fraud risks within scope of the new offence are adequately covered by existing policies or whether additions may be required; leverage and uplift of existing frameworks are preferable to redesign. Contractual provisions, especially with third-party providers, may also need updating.

    4. Fraud risk assessment and remediation

    Following publication of the Government's guidance, organisations should consider an enterprise-wide fraud risk assessment to establish whether existing controls meet the standard of 'reasonable procedures' or require remediation. Gaps, issues and concerns identified in steps 1 to 3 will facilitate detailed assessment.

    5. Staff training and awareness

    All staff should have an understanding of the new legislation and their responsibilities, including how to report concerns. Bespoke, targeted training should be delivered to those in higher-risk functions (e.g. Finance, ESG, Investor Relations, and Sales). Top-level commitment and communication of key requirements and resources will help foster an anti-fraud culture within the organisation.

    Ashurst is able to support you at each step in your anti-fraud journey. Ashurst's team of legal experts and experienced risk consultants from Ashurst Risk Advisory can help you to develop and implement proportionate, defensible and sustainable procedures. Our team can also assist with suspected breaches of the new offence, conducting internal investigations, facing enforcement authorities, and remediating any issues that arise.

    Links to resources and webinars

    Ashurst Risk Advisory LLP is a limited liability partnership registered in England and Wales under number OC442883 and is part of the Ashurst Group . Ashurst Risk Advisory LLP services do not constitute legal services or legal advice, and are not provided by qualified legal practitioners acting in that capacity. Ashurst Risk Advisory LLP is not regulated by the Solicitors Regulation Authority of England and Wales. The laws and regulations which govern the provision of legal services in other jurisdictions do not apply to the provision of risk advisory services. For more information about the Ashurst Group, which Ashurst Group entity operates in a particular country and the services offered, please visit www.ashurst.com.This material is current as at 28 February 2024 but does not take into account any developments after that date. It is not intended to be a comprehensive review of all developments in practice, or to cover all aspects of those referred to, and does not constitute professional advice. The information provided is general in nature, and does not take into account and is not intended to apply to any specific issues or circumstances. Readers should take independent advice. No part of this publication may be reproduced by any process without prior written permission from Ashurst. While we use reasonable skill and care in the preparation of this material, we accept no liability for use of and reliance upon it by any person.


    Stay ahead with our business insights, updates and podcasts

    Sign-up to select your areas of interest