The UK government recently published guidance advising organisations on how to comply with its forthcoming ‘failure to prevent fraud’ offence contained in the Economic Crime and Corporate Transparency Act 2013 (ECCTA), says Rhys Novak, partner, Charles Russell Speechlys.

Under this offence, an organisation can be prosecuted if a fraud is committed by an associated person, for the organisation’s benefit, and the organisation did not have ‘reasonable procedures’ in place to prevent the fraud. Much of the guidance draws on the existing framework guidance concerning the UK Bribery Act 2010, setting out six key principles that organisations should adopt to prevent fraud.

While the guidance is a step in the right direction, and one that largely mirrors the strategy of the Bribery Act, it is wrong to assume that policies and procedures designed to prevent bribery would suffice for the purposes of the new offence. This guidance on fraud prevention introduces complexities that could create confusion and challenges for businesses striving to comply.

The problem with comparison

Fraud, unlike bribery, is difficult to define compendiously. The definition of bribery is relatively clear and easily understandable; typically involving the offering or receiving of something of value in exchange for a favourable decision or action. The scope of the predicate offence of fraud for these purposes, on the other hand, is vast and defined as a number of stand-alone offences. This makes applying the principles of the Bribery Act guidance directly to fraud compliance impractical and unworkable.

During the rollout of the Bribery Act, there was already a body of publicly available knowledge and established policies and procedures, largely thanks to the impact of the US Foreign Corrupt Practice Act (FCPA), which has been around for decades. Companies had help with clear starting points and a wealth of resources to guide them. Unfortunately, in the anti-fraud space, this kind of foundational knowledge simply does not exist. This lack of established best practices poses a significant challenge.

Many organisations may try to apply their existing anti-bribery policies to fraud, believing they can simply replicate their Bribery Act compliance models. But this would be a mistake, as the guidance is not designed to be a one-size-fits-all solution.

The fraud offence is intended to cover a wide array of scenarios, where fraud is perpetrated by officers, employees, agents, and others intended to benefit the business.

Traditionally, cautious and well-run businesses have naturally focused on preventing fraud committed by external parties which damage the business. But with the new offence, organisations will also need to identify the risks of fraud being committed by their employees and agents which stand to benefit their organisations. There is an obvious self-interest in businesses stopping fraud against that business but what about where a fraud actually benefits an organisation? That requires a more nuanced approach and justification for compliance spend, one perhaps less obvious than where fraud leads to direct financial damage to an organisation.

Defining fraud

Given that fraud can occur in so many different forms - ranging from misappropriation of assets to fraudulent accounting practices - providing a comprehensive solution by way of the guidance is virtually impossible.

The guidance can only serve as a framework. It is intended to provide a structure and a starting checklist for companies to think about how they approach anti-fraud policies and procedures, but it cannot and should not be seen as an all-encompassing solution. The guidance’s role is to prompt businesses to think more broadly about potential fraud risks and ensure that appropriate policies and procedures are in place.

While the six principles laid out in the guidance are familiar to those acquainted with the Bribery Act, their application will be a more challenging exercise in the context of fraud.

With limited precedents or guidance to draw from, companies will need to think creatively and adapt their strategies to address a wider variety of potential fraud scenarios. For example, training staff to understand the full scope of fraudulent activities and putting measures in place to detect internal wrongdoing will be crucial. But without sufficient guidance on how to achieve this, businesses may struggle to ensure their compliance.

What can businesses do?

Businesses should, above all, proceed with caution. The lack of established anti-fraud frameworks means companies should be wary of attempting to roll out existing anti-bribery compliance models without substantial adaptation. While the guidance provides a starting point, it will be up to each organisation to interpret and implement it in a way that is both effective and tailored to their specific risks. A thorough risk assessment is absolutely crucial.

The new ‘failure to prevent fraud’ offence and its accompanying guidance represent a significant shift in how businesses need to think about fraud.

The wide and varied nature of fraud, coupled with the absence of a clear, established body of best practices, means that businesses face a complex and uncertain compliance landscape. Only time will tell how companies adapt to this new regulatory environment, but one thing is certain: organisations must be proactive in addressing the fraud risks that may lurk within their own walls.

By Rhys Novak, Partner, Charles Russell Speechlys