The Economic Crime and Corporate Transparency Act 2023 created a new corporate offence of failure to prevent fraud, under which an organisation may be held criminally liable for an act of fraud committed by an associated person.

An associated person, being any employee, agent, subsidiary or anyone performing a service for or on behalf of the organisation must have committed the act for the benefit of the organisation. The organisation’s knowledge of the fraud need not be demonstrated. 

This offence spans across all sectors, however it only relates to large organisations. To fall within the definition of a large organisation, two out of the three following criteria must be met (within the financial year preceding the offence):

• More than 250 employees; 
  
• More than £36 million turnover; 
  
• More than £18 million in total assets.
  

The only defence available to protect an organisation against liability is the ability to prove that it had reasonable "fraud prevention procedures" in place, or that it was not reasonable to have such procedures in place (e.g. if the risk of fraud being committed was extremely low). However, it must be noted, that it is unlikely that an organisation of such size can argue that it was not reasonable to implement the relevant measures.

Your organisation may already have a framework established to safeguard against the commitment of offences of bribery and the facilitation of tax evasion. The measures taken to comply with this legislation will be similar. 

Your preparation and subsequent implementation of procedures should broadly follow the following principles, whilst allowing for flexibility and variation when considering the circumstances of the individual organisation:

• Top level commitment;
• Risk assessment;
• Proportionate risk-based prevention procedures;
• Due diligence;
• Communication and training;
• Monitoring and review.
  

In relation to the first principle, responsibility for the prevention and detection of fraud rests with those charged with the governance of the organisation. As such, it is vital to ensure that the board of directors, partners and senior management foster an environment that rejects profit based on, or assisted by fraud. This commitment led by those most senior, will subsequently seep into all areas of the organisation. 

The remaining principles can be followed and exercised in a manner that is proportionate to the risk posed to the organisation. The onus lies with the organisation to ensure compliance and protect themselves from any liability they may face. Some other practical considerations for organisations are as follows: have clear internal communications to demonstrate the company’s commitment to preventing fraud, review your whistleblowing policy and the company’s policies and procedures covering relevant fraud offences, conduct impact assessments to identify any of the company’s vulnerabilities where potential fraud might occur and develop mitigation strategies, and ensure that third-party onboarding due diligence is thorough and regularly reviewed.

This article was provided by Madison Bowyer, an Associate in the Employment Law Group at Arthur Cox NI.

T:+44 28 9026 5886 
E: Madison.bowyer@arthurcox.com 
www.arthurcox.com