What are the new requirements?
Failure to prevent fraud
The ECCTA creates a new offence of failing to prevent fraud, intended to hold large companies and partnerships to account if they profit from fraud. Under this offence, an organisation will be liable where a specified fraud offence is committed by an “associated person”, being an employee, agent or subsidiary or anyone else who performs services for or on behalf of the organisation.
The offence only applies to large organisations which meet two of the following three criteria for the year prior to the offence:
- >250 employees
- >£36m turnover
- >£18m total assets
Fraud consists of a number of offences listed in a schedule to the ECCTA and includes cheating the public revenue, false accounting, fraudulent trading and fraud as defined in the Fraud Act 2006. Failing to prevent fraud is a strict liability offence: management does not need to have sanctioned or even be aware of the fraud in order to be found liable. The corporate will, however, have a defence if it can demonstrate that it had reasonable prevention procedures in place at the relevant time or that it was reasonable not to have such procedures (for example, where the risk of fraud was extremely low).
For more in depth discussion of the failure to prevent fraud offence, read a previous article by our employment team here.
False statement
The Companies Act currently makes it an offence to “knowingly or recklessly” deliver, or cause to be delivered, to the Registrar a document or statement which is false, deceptive or misleading. The ECCTA replaces “knowingly or recklessly” with “without reasonable excuse”, significantly lowering the threshold for committing the offence. The explanatory notes to the ECCTA make it clear that this will not extend to cases where a company reasonably relies on information provided by others which turns out to be untrue, or where professional service providers have made an honest mistake.
Identification doctrine
The ECCTA expands the so-called “identification principle” which applies in attributing liability to corporates for economic crimes. The “identification principle” is the principle that, under current law, a company can only be criminally liable where the commission of the offence can be attributed to someone who at the material time was the "directing mind and will" of the company.
Establishing the “directing mind and will” of a company has proved difficult, especially in relation to large corporates where decision-making may involve a large board of directors and relevant committees and managers. The ECCTA both codifies and extends the common law “directing mind and will” to include senior managers, with the effect that a company or partnership (“organisation”) would be convicted if a senior manager acting within the actual or apparent scope of their authority commits an economic crime. The list of relevant economic crimes is extensive and includes bribery, money laundering, terrorist financing, sanctions breaches, fraud and false accounting, and will also apply if a senior manager aids, abets or conspires to procure the commission of a specified offence.
It will be difficult for organisations to wrestle with the question of who fits within the definition of a “senior manager” for the purpose of the new offence. It is defined as any individual who plays a significant role in:
- decision-making about how the whole or a substantial part of the organisation’s activities are managed or organised
- the actual managing or organising of the whole or a substantial part of those activities
It focuses on the practical reality of who is in a position of power within the company (and is a different, and less strict, test to that for senior managers under the FCA regime).
Note that the new failure to prevent fraud offence and the expansion of the identification principle to encompass senior managers will operate side by side. We expect that prosecutors will make a choice either to pursue primary liability under the expanded identification doctrine (where involvement of a senior manager must be proven, but there will be no defence of reasonable prevention procedures) or pursue the failure to prevent fraud offence (where reasonable prevention procedures will be a defence and involvement of a senior manager need not be proved), or to proceed with both.
When do they take effect?
Identification doctrine
Came into force on 26 December 2023.
False statement
These provisions rely on further statutory instruments to become effective so are not in force yet.
Failure to prevent fraud
The government will need to publish guidance on reasonable prevention procedures before the new offence comes into force, and it is hoped that this guidance will provide practical assistance to corporates in devising new internal procedures to protect themselves and enable reliance on the statutory defence. The government is launching a consultation on this in 2024, so the earliest we expect to see the first prosecutions for this offence is 2025.
What are the consequences of not complying?
Identification doctrine
If a senior manager of an organisation acting within the scope of their authority commits or conspires to commit one of the offences set out in the ECCTA, both they and the organisation are guilty of an offence.
False statement
A person guilty of a basic false statement offence is liable to an unlimited fine. Where an aggravated offence is committed (i.e. they knew what they were doing), the punishment is an unlimited fine and/or up to two years’ imprisonment.
Failure to prevent fraud
It is a strict liability offence so a company can be liable even if the company’s management did not know about or sanction the fraud. The penalty is an unlimited fine.
What can I do to prepare?
- Companies and partnerships should consider now who may fall within the category of “senior manager” and whether those people would benefit from additional training or policies to aid accountability.
- Companies within scope of the failure to prevent fraud offence should carry out an internal analysis of their fraud risk, focusing on their compliance programmes, their current policies and procedures, and how these can be tightened up and refined in the light of the new offence.
If you would particularly like support regarding any of these matters, please reach out to Sarah Murray, Hannah Ford, Sarah Taylor or your usual Stevens & Bolton contact.
Sarah Murray
Hannah Ford
James Evison