Preventing fraud
Large organisations will face charges next month if they haven’t done enough
In less than two weeks’ time, large organisations will face heavy fines for doing nothing at all. Failure to prevent fraud, as defined in recent legislation, will become a criminal offence across the United Kingdom1 on 1 September.
“Large companies, charities and other organisations need to act now to make sure they have proper fraud prevention systems in place,” a senior prosecutor said this week.
In reality, though, any business that is only now beginning take precautions has left it too late. Last November, I interviewed Nick Vamos, head of business crime at the long-established criminal defence solicitors Peters & Peters, about the arrangements that corporate bodies needed to take. The podcast is well worth a listen: Vamos explained the thinking behind the new offence and offered sound advice about the unknowns ahead.
These are not insignificant, despite 44 pages of guidance published by the Home Office last year. Newly updated prosecution guidelines issued this week by the Crown Prosecution Service and the Serious Fraud Office add little to what is known already — though they include a useful reminder that, since last December, it has been possible to prosecute a company for economic crimes committed by a senior manager “acting within the actual or apparent scope of their authority” even if that manager is not regarded as the company’s “directing mind and will”.2
In summary, a body corporate or partnership comes within the scope of the new failure-to-prevent offence if — in the financial year that precedes the year in which a fraud was committed — it satisfies two or more of these conditions:
Turnover: more than £36 million
Balance sheet total: more than £18 million
Number of employees: more than 250
The offence is triggered if a person who is associated with the organisation and acting as such commits a fraud of some sort — the “base fraud offence” — intending to benefit the organisation or anyone for whom the associate provides services.
Although it must be established beyond reasonable doubt that the base offence has been committed, it’s not essential for anyone to have been convicted: there could be occasions where the fraudster cannot be brought to justice. But the base offence must have been intended to benefit the organisation or its customers: the failure-to-prevent offence does not apply if the organisation is the victim or intended victim of fraud.
And, crucially, it is a defence for the organisation to prove that, at the time the fraud offence was committed, it had in place such prevention procedures as it was reasonable in all the circumstances to expect the body to have in place. So it’s not so much a failure to prevent, more a failure to take the sort of anti-fraud measures you would expect any well-run organisation to be taking already.
The new offence is punishable with an unlimited fine.
And beyond, if a UK-based employee of a company registered abroad commits a UK fraud.
That will be extended to all crimes under the government’s Crime and Policing Bill, which is about to begin its progress through the House of Lords: see clause 196 of the latest version.
I am with Jane Northcote over this: legislative flourishes- even momentous ones such as these- are the (relatively) easy part of the trick, but adequate trained personnel to trawl for infringements and defalcations is the harder part. Look at the significant focus and expenditure on the pursuit of welfare benefit fraud, in contrast with the almost token resources allocated to far greater tax avoidance/evasion. Seriousness over preventing that major haemorrhage from revenue due to the Exchequer is of the essence.
Also, watch out for the legislation trundling through Parliament being watered down. These, as it seems to me, are points raised by a sceptic rather than a cynic.
"Large companies, charities and other organisations need to act now to make sure they have proper fraud prevention systems in place". Good. Does "large organisations" include Companies House itself? Should it? It seems that Companies House does very few checks, and therefore allows potentially fraudulent companies or suspicious companies to register, which promotes fraud.
It puzzles me that the government allows this to happen, while at the same time insisting on rigorous checking regimes in banks and other large organisations.