A Failure to Prevent Fraud: the Fraud Crisis?

A. Introduction

The House of Lords Fraud Act 2006 and Digital Fraud Committee (the “Committee”) recommended a new “failure to prevent fraud” offence, which is being carried forward by the government. This article will scrutinise the recommendation, look at the prevalence of fraud, the efficacy of the current failure to prevent offences, and the lessons learned.

B. Fraud: the Statistics

It is estimated that fraud costs the UK £190bn per year. In 2021 fraud amounted to 41% of all crimes committed against individuals in England and Wales, up from 30% in 2017. In the first half of 2022, £609.8 million was lost to fraud. In the year ending June 2022, the ONS reported that there were 3.8mn fraud offences in England and Wales (compared to 275,000 burglaries). 64% of businesses surveyed by PWC in 2022 had experienced fraud, corruption or another financial crime in the last 24 months. This was an increase from 50% in 2018 and higher than the 48% global rate.

Increasingly businesses are being used as platforms to facilitate fraud without suffering harm themselves. The Committee concluded that digital fraud was committed with near impunity. Of all reports to Action Fraud, 68% were cyber-enabled. The Home Office believe around 80% of fraud offences in the UK were enabled using computers.

In spite of these stark figures, only 1% of police and support staff were working on economic crime issues. The Social Market Foundation put it differently: for every 1000 fraud offences, 2.1 police staff are working on them.

There has been a sharp drop in fraud prosecutions. In 2010, almost 20,000 prosecutions were brought with over 15,000 findings of guilt. In 2019, 5,000 were brought with around 4,700 findings of guilt. In the year ending March 2022, the NAO reported that only 4,816 charges or summons for fraud were brought.

The statistics show a significant impunity gap and a lack of resources. For this reason, some companies have simply turned to private prosecutions to seek justice.

C. The House of Lords Committee’s Recommendation

Faced with these statistics, the Committee looked at extending the “failure to prevent” offence to instances of fraud. The Law Commission had previously favoured a narrowly defined offence limited to fraud for the company’s benefit. The Commons’ Justice Committee had recommended an expanded offence of failing to prevent fraud on a company’s platform. The Committee preferred the expansive approach of facilitation of fraud regardless of the ultimate beneficiary. At paragraph 520 of its report:

Many private sector companies consider fraud as a cost of doing business and are not doing enough to stop fraud from being facilitated by they services… Corporate irresponsibility will not change until businesses feel the financial impact of liability coupled with reputational damage. It is time for less carrot and more stick.

The influencing factors for the Committee were the difficulty identifying the individual committing the fraud and proving dishonesty. A wider offence would also encourage pro-active improvement of practices within corporates to prevent fraud.

The offence would be one of strict liability against a company that had failed to put in place measures to prevent fraud. However, it would have a defence if it could show either (a) there were sufficient prevention procedures in place as was reasonable in the circumstances; or (b) it was reasonable to have none in place at all.

D. Failure to Prevent Bribery & Tax Evasion

The model favoured by the Committee was taken from the failure to prevent tax evasion offence in the Criminal Finances Act 2017 (“CFA”). Before considering the merits of expanding the offence, it is worth considering the CFA alongside the earlier failure to prevent bribery offence in the Bribery Act 2010 (“UKBA”). The issue that emerges with both is the ambiguity for businesses as to any possible defence.

The Bribery Act 2010

It is an offence under s.7 of the UKBA for a company to fail to prevent bribery. The offence is complete where a person connected to the company, such as an employee, commits an offence under the UKBA. The company will have a complete defence where it “had in place adequate procedures designed to prevent persons associated with [the company] from undertaking such conduct”.

Section 7 has been a central tenet to several successful charges brought by the Serious Fraud Office (“SFO”). Recent and notable examples include Petrofac Limited and Glencore Energy UK Ltd.  The offence also underpinned deferred prosecution agreements such as Airbus. The DPP described the offence as the “gold standard” of corporate criminal liability. However, there has only been one contested charge where a defendant relied on the “adequate procedures defence”. The company, Skansen, had 30 employees and no anti-bribery and corruption policies.

Under s.9, the Secretary of State must publish guidance about the “adequate procedures” that companies can put in place. This provides six flexible and outcome-focussed “principles”, such as “top-level commitment” and “risk assessment”. The House of Lords’ Bribery Act Committee were of the view that the guidance was inadequate for SMEs who might not otherwise have their own advisors to help with the adequacy of procedures. This was reflected in the government’s own research: two-thirds of SMEs were not aware of the UKBA or their possible exposure thereto.

A survey by FTI Consulting found that 29% of companies asked were willing to risk breaking the law to win new business. Of that number, 60% felt the UKBA would have little impact and their firms would find a way around it. However, this is not a complete picture. Research by LeBaron and Rühmkorf found that within FTSE 100 companies the UKBA “…has achieved traction towards its aim of ‘steering’ company behaviour… companies had clear and strict policies… which they communicated to suppliers”.

The Criminal Finances Act 2017

The CFA created two offences of corporate bodies facilitating domestic and overseas tax evasion. Looking at the domestic offence, it is complete where “a person commits a UK tax evasion offence when acting in the capacity of a person associated with B”. An associated person includes an employee or agent (s.44). It is a defence if the company: (a) has in place prevention procedures as were reasonable in all the circumstances to expect it to have in place; or (b) it was not reasonable for the company to have any prevention procedures in place. Under s.47, HMRC published guidance containing six “guiding principles” which mirrors the UKBA.

In its review of the efficacy of the CFA, RUSI found that the introduction had limited impact on business practices. Greater awareness had been seen within larger financial institutions. A positive development was that tax compliance more commonly formed part of the due diligence process within mergers and acquisitions. However, there had been less success for smaller organisations. Two years after its introduction, only 74% of all businesses surveyed by Ipsos MORI had heard of the CFA. HMRC’s own research in 2019 found only ¼ of businesses were aware of the CFA and had made changes because of it. In spite of positive private-public sector engagement from HMRC, its impact for those seeking to stay on the right side of the law was left wanting:

…companies were not always able to grasp how the facilitation of tax evasion risk might arise within their operations, and that the focus was too often on the underlying tax evasion rather than the facilitation.

As at 30 June 2022, HMRC has reported there are 28 potential “failure to prevent” cases underway, with 7 live investigations. To date there have been no prosecutions. Further statistics released under a freedom of information request revealed that as of 01 January 2023: (a) there were two more live investigations; (b) 77 matters had been reviewed and dismissed; and (c) the investigations had covered 11 sectors, including accountancy and legal services, software providers and labour provision.

E. Discussion

The tangible successes of the CFA and UKBA are unclear. On their face, engagement has been left wanting by smaller companies who lack the resources and awareness to seek professional advice or to properly gauge their exposure. There is also a significant degree of uncertainty in the offence. No case has been brought to show the nature and degree of appropriate complacence or offer meaningful guidance.

Looking towards and offence of failure to prevent fraud, there are 3 outstanding issues.

(1) The Use of Guidance & Reality Faced by Business

Writing in 2011, the former Chief Criminal Counsel of the FSA expressed concerns about the framing of the s.7 UKBA offence and the use of guidance. He said the approach “create[d] as much uncertainty as it is intended to remove”. The experience of the UKBA and CFA gives some credence to this view. Companies remain in the dark as to the suitability of procedures and whether too much or too little is being done. This can lead to inefficient governance and unnecessary legal and consultancy costs. The research to date also shows a specific dearth in knowledge among SMEs.

A survey undertaken by Ashurst revealed that 88% of in-house lawyers were concerned their companies would experience financial crime in the next 12 months. “Most […] are expecting novel and developing risks, such as cyber-crime, but are not always able to prevent them and plan how their organisation will respond”. 67% were concerned of their company’s ability to keep up with the financial crimes’ evolution.

Fraud is vast, ever-changing and multi-faceted. Its typologies are significantly wider than bribery and tax evasion. It can be simple to view corporate weaknesses to fraud with hindsight. To this, an overhanging offence with ambiguous guidance will not enlighten the majority of businesses of their exposure. How a jury might respond to these issues must also be of some concern to boards and business owners.

(2) Government Complacency & Gaps in Knowledge

The Committee lay the blame of the decline in investigations and prosecutions at the government’s feet. They concluded that there is a “vacuum of responsibility and a culture of blame-shifting” across departments. Lack of responsibility in joined-up priorities has led to a de-prioritisation of fraud as an issue.

The NAO highlighted a lack of knowledge within the government. For example, the Home Office did not have an up-to-date estimate of the cost of fraud and did not know the cost of fraud to business. There was also a significant short-coming in the government’s understanding of the international elements of fraud.

The Committee’s recommendation expands the failure to prevent offence to a much wider pool of conduct and variety of companies and sectors. It also expands to conduct outside the company’s immediate control. The government would be asking the private sector to engage and prevent subject matter that itself does not understand.

(3) Prosecutorial Difficulties Remain

Although the s.7 offence has been successful in obtaining large settlements through the deferred prosecution agreements, individual accountability remains wanting. Several high-profile fraud trials have resulted in collapse, such as those against Tesco and Serco executives. Even where successful, the money often goes to the consolidated fund rather than to the victims. Expanding corporate accountability does not address the fact that fraud remains an immensely difficult offence to prosecute. The government must carefully consider whether this step would instil public confidence at the expense of certainty in business exposure to the criminal law. Harming shareholders and hampering businesses through blockbuster fines will do little to boost confidence unless the perpetrators of fraud are held to account.

F. Conclusion

In late November, Margaret Hodge MP introduced and withdraw a “failure to prevent fraud” clause to the Economic Crime and Corporate Transparency Bill. In response, the Minister of State for Security assured that he was looking at the issues “extremely seriously” and that the opportunity to introduce reforms would be “fulfilled as quickly as possible”. In a debate on 25 January 2023, another failure to prevent amendment was tabled. To this the Minister of State assured that “…the Government intend to address the need for a “failure to prevent” offence in the other place”. Further whispers have suggested that small UK businesses would be excluded to avoid undue burdens. While the above suggests this is a sensible step, the government must be mindful of the wide range of businesses and industries potentially engaged in facilitating fraud.

The specific wording of the offence is yet to be published by the government. However, the above shows that the efficacy of these sorts of offences are far from clear. Criminalising a failure to prevent fraud poses significant risks for a much greater part of UK-based industry and potentially exposes smaller businesses to untested and unclear expectations. Nor does it appear that the offence necessarily addresses the underlying difficulties in prosecuting fraud. 

Joseph Sinclair joined Chambers as a pupil in October 2022.

As an associate researcher at an anti-corruption charity, Joseph gained experience in bribery proceedings, asset recovery, sanctions and mutual legal assistance, with a focus on freezing orders brought in under the Criminal Finances Act 2017.