Failure To Prevent fraud legislation: the UK approach – extraterritorial reach

Following significant failures in bringing bribery prosecutions and given the scale of fraud in the UK, the Economic Crime and Corporate Transparency Act 2023 (the ECCT) introduced a new "failure to prevent fraud" offence (the FTPF Offence) The FTPF offence will come into force for UK large companies on 1 September 2025, allowing organisations time to develop and implement their fraud prevention procedures.  

The offence and a conviction is not reliant on a successful prosecution of an associated person. There must be evidence, weighted to a criminal standard, that the offence has been committed by an associated person. The extraterritorial reach of this offence can mean that offences committed offshore by associated people will result in a UK parent being liable.

The offence

Under section 199 of the ECCT an organisation may be criminally liable where an employee, agent, subsidiary or other "associated person" commits fraud intending to benefit the organisation, which itself did not have reasonable fraud prevention procedures in place. If convicted, a company may be subject to an unlimited fine and confiscation of related profits (in addition to any sentences imposed upon the individuals who are also found guilty of the same offence(s)).  

Importantly, and as related above, the offence has a defence for the relevant organisation, where that organisation has procedures in place that it is reasonable for such an organisation to have in place to prevent fraud by associated people. 

What organisations are captured by the Failure to Prevent offence? 

In contrast to the Failure to Prevent offences in Guernsey and Jersey, the UK has legislated that the new offence will only apply to "large organisations". The test for this is that such an organisation satisfies two or more of the following criteria in the financial year proceeding the year of the offence. The organisation will have either: 

• more than 250 employees 

• more than GDP 36 million in turnover 

• assets of more than GBP 18 million  

Although this is limited to large organisations, the proposed expansion of the criminal regime (see below) that makes corporates liable for offences committed by some employees (the Identification Principle) means that other organisations may soon be in scope. 

Consequently, it is likely that, as with the Bribery Act, such large organisations will require associated people and offshore group companies to put in place measures to prevent fraud. 

Who is an associated person?

The definition of an associated person is broad and applies to employees, agents, subsidiaries or persons who perform services for or on behalf of the large organisation. As noted above, this can also include the employee of a subsidiary where fraud was intended to benefit the relevant body, be it the parent organisation or otherwise. 

Whether or not a particular person performs services for or on behalf of a relevant body is to be determined by reference to all the relevant circumstances, not merely by any stated relationship between that person and the relevant corporate body.

"Senior manager" – expansion of the Identification Principle

The Identification Principle is, put simply, the legal mechanism by which corporates are held liable for criminal conduct of employees who are the “directing mind and will” of the organisation, during the course of business. Now, under s196 of the ECCT, a company or partnership commits an economic crime offence (defined in Schedule 12 of the ECCT) where the offence is committed with the involvement of a “senior manager”. This broadens the category of individuals who can trigger liability for the business. 

The ECCT seeks to address the relative complexity of identifying the often vague governance structures in organisations by defining a senior manager as "an individual who plays a significant role in — (a) the making of decisions about how the whole or a substantial part of the activities of the body corporate or (as the case may be) partnership are to be managed or organised, or (b) the actual managing or organising of the whole or a substantial part of those activities”. Crucially, this provision is already in force in respect of the other offences in the ECCT. Companies should be mindful that, given the “senior manager” regimes for accountability of financial services businesses, found in most regulated jurisdictions, such senior managers may be easily identifiable.

What types of fraud does it apply to? 

The offence of failure to prevent fraud applies to a number of specific fraud offences. These are listed in schedule 13 of the ECCT. Aiding, abetting, counselling, or procuring the commission of any of the listed offences would also qualify as a base fraud offence.  

Similar to the procedure in Guernsey and Jersey, relevant organisations can be prosecuted if the associated person's conduct constitutes a base fraud offence and importantly even if the associated person is prosecuted for an alternative offence or is not prosecuted at all. If a person who is an associate person of a UK entity commits an offence then this may have consequences for that entity. 

Key recommendations

About Ogier

Ogier is a professional services firm with the knowledge and expertise to handle the most demanding and complex transactions and provide expert, efficient and cost-effective services to all our clients. We regularly win awards for the quality of our client service, our work and our people.

Disclaimer

This client briefing has been prepared for clients and professional associates of Ogier. The information and expressions of opinion which it contains are not intended to be a comprehensive study or to provide legal advice and should not be treated as a substitute for specific advice concerning individual situations.

Regulatory information can be found under Legal Notice