Understanding and preventing the new ECCTA failure to prevent fraud offence
Imagine a scenario where a salesperson, driven by the desire to meet their commission targets, misleads a client about the capabilities of a product. This seemingly isolated incident could have far-reaching consequences for the entire organisation, potentially leading to legal action under the new failure to prevent fraud (FTPF) offence. This is not a hypothetical situation; it's a real risk that organisations must now address under the Economic Crime and Corporate Transparency Act (ECCTA).
As the business landscape becomes increasingly complex, the stakes for compliance have never been higher. The FTPF offence, introduced by the ECCTA, is a significant legislative change that organisations cannot afford to ignore. But what exactly does this new offence entail? How can your organisation ensure it is not caught off guard? What practical steps can you take to prevent fraud and avoid the severe financial and reputational consequences?
This blog post, based on insights from our recent webinar hosted in partnership with Brave Within, provides key tips and practical advice to help your organisation navigate this new legislation. Read on to build your understanding and find answers to the top questions asked during the session.
1. Understand the scope and implications of the FTPF Offence
The FTPF offence is broad and far-reaching, with significant implications for a wide range of organisations. As Carrie Stevenson from Brave Within explained:
This means that the act has extra-territorial reach, affecting overseas subsidiaries and branches of UK companies. The offence can be committed by any associated person, including employees, contractors, and international distributors: "The fraud can be committed by any associated person, which can be anybody providing services for or on behalf of an organisation," Stevenson stated.
The guidance makes it clear that the offence can be completed before any gain is received, and the intention to benefit the organisation doesn't need to be the sole motivation for the fraud. "A salesperson who's on commission may mis-sell to increase their own commission. But in doing so, they're also increasing the company's sales, so as a result, the company may be prosecuted for failure to prevent that fraud," she added.
2. Implement robust and tailored fraud prevention procedures
To avoid liability, organisations need to implement robust and tailored fraud prevention procedures. As Stevenson emphasised:
The onus is on the organisation to demonstrate this, and the standard of proof is the balance of probabilities. "The guidance is really explicit that there is an expectation that organisations will go above and beyond existing procedures," Stevenson added. This means that simply having basic procedures in place is not enough; organisations must continuously assess and improve their fraud prevention measures.
3. Conduct thorough risk assessments
Risk assessment is a critical component of the fraud prevention framework. "Before an organisation can prevent fraud, it needs to understand its risks. So the risk assessment is absolutely critical," Stevenson explained. She suggested involving directors and senior managers in the process, using the fraud triangle to map vulnerabilities, and reviewing existing systems such as whistleblowing and internal investigations.
4. Foster cross-functional collaboration
The FTPF offence is not limited to a single department but requires a cross-functional approach.
This includes involving directors, senior managers, and other key personnel in the risk assessment process. "It's important to remember that the offence covers both directors and senior managers, so it means that a person who's playing a significant role in the making of decisions or managing the activities of the organisation is included," Stevenson noted.
5. Ensure top-level commitment and accountability
Top-level commitment is crucial for effective fraud prevention. Senior leadership should foster an open culture and make fraud prevention visible. As Stevenson emphasised:
This commitment should be reflected in clear purpose statements and demonstrated through actions. Senior leaders must set the tone at the top, ensuring that all employees understand the importance of fraud prevention.
6. Embed a culture of integrity and compliance
Creating a culture of integrity and compliance is essential for preventing fraud. "This is about embedding the right culture, processes, and accountability," Stevenson noted. Employees should feel empowered to report suspicious activities without fear of retaliation. Clear communication, open channels for reporting, and a zero-tolerance policy for fraud are key to fostering this culture.
Navigate ECCTA with confidence
Download our whitepaper today and adapt swiftly to stay compliant and protect your organisation's reputation.
Download now7. Utilise technology for real-time monitoring and reporting
Technology can significantly enhance fraud prevention efforts. Here are some actionable steps to make the most of real-time monitoring and reporting tools:
- Invest in fraud detection tools: Implement tools that can detect and respond to potential fraud quickly. Early detection is key to preventing fraud from escalating.
- Ensure cross-departmental communication: Use a single technology platform that integrates objectives, risks, controls, testing, audits, and policies. This ensures everyone in the organisation is on the same page.
- Centralise policy management: Maintain a central repository for all critical policies, such as whistleblowing, fraud, and bribery and corruption. Ensure these policies are easily accessible and regularly updated.
- Monitor and update policies regularly: Use technology to keep track of policy updates and ensure compliance. Regularly review and update your policies to reflect the latest regulations and best practices.
By following these steps, organisations can create a robust framework for fraud prevention and ensure better alignment and communication across all departments.
8. Include anti-fraud clauses in supplier contracts and codes of conduct
Anti-fraud clauses should be included in supplier contracts and codes of conduct to ensure that all associated persons are aware of the organisation's commitment to preventing fraud. As Stevenson noted:
These clauses should be clearly defined and communicated to all relevant parties.
9. Regularly review and update procedures
Compliance is an ongoing process, and procedures should be regularly reviewed and updated to ensure they remain effective. This includes documenting and reviewing the organisation's risk assessment, which is a critical component of fraud prevention. Regular reviews help organisations stay ahead of emerging risks and adapt to changing circumstances.
10. Be prepared for significant fines
The potential fines for failing to prevent fraud can be significant, similar to other stringent legislation like GDPR. While the exact calculation method based on global turnover isn't explicitly detailed, it's likely that the fines will consider the global turnover of the organisation, not just the UK-based turnover. This aligns with the broad and stringent nature of the legislation, which aims to have 'teeth' with hefty fines and penalties.
Your questions answered: Key insights from the webinar
We received numerous insightful questions from attendees. Here, we address some of the most pressing queries answered by Stevenson during the session to help you better understand and implement the necessary measures for compliance.
1. What types of fraud are covered under the FTPF offence?
"The FTPF offence encompasses a broad range of frauds, both financial and non-financial. This includes fraud by false representation, such as greenwashing and misleading product claims, and cheating the public revenue, like tax evasion and false accounting. Essentially, any fraudulent activity that benefits the organisation or its clients can fall under this offence."
2. Who can commit the base fraud under this offence?
"The offence can be committed by any associated person, which includes employees, contractors, international distributors, and even employees of subsidiaries. The key factor is whether the individual is providing services for or on behalf of the organisation. Notably, the offence can be completed before any gain is received, and the intention to benefit the organisation doesn't need to be the sole motivation for the fraud."
3. How does the FTPF offence apply to overseas subsidiaries of UK companies?
"The FTPF offence has extra-territorial reach, meaning it can apply to overseas subsidiaries and branches of UK companies. If a UK-based employee commits fraud, their employer can be prosecuted regardless of where the company is based. Similarly, if a non-UK-based employee commits fraud in the UK or targets victims in the UK, the employer can also be prosecuted."
4. What constitutes 'reasonable prevention procedures' to defend against the FTPF offence?
"To have a defence, organisations must have reasonable prevention procedures in place at the time the fraud was committed. This includes conducting thorough risk assessments, implementing tailored fraud prevention measures, and ensuring top-level commitment to fraud prevention. The standard of proof is the balance of probabilities, meaning it must be more likely than not that the organisation had these procedures in place."
5. Are there specific reporting obligations related to the FTPF offence?
"While there are no explicit requirements to report compliance with the FTPF offence in annual reports, organisations should consider broader reporting and disclosure practices. This includes documenting and reviewing risk assessments and fraud prevention measures and ensuring transparency in their compliance efforts."
6. Should anti-fraud clauses be included in supplier contracts?
"Yes, including anti-fraud clauses in supplier contracts and codes of conduct is crucial. These clauses should clearly define the organisation's commitment to preventing fraud and be communicated to all relevant parties. Implementing these clauses ahead of the September 1st deadline is advisable to mitigate supply chain risks."
Next steps: Building a resilient compliance framework
The corporate offence of failing to prevent fraud under the Economic Crime and Corporate Transparency Act isa serious issue that requires a comprehensive and proactive approach. By following these key tips and maintaining a culture of transparency and accountability, organisations can effectively mitigate the risk of fraud and ensure compliance with the law.
Watch the full webinar here to gain a more comprehensive understanding of these topics and to explore the detailed discussions and insights shared by our experts.
Ready to transform your ECCTA compliance from a challenge into a competitive advantage? Find out more and request a demo with Diligent Entities here.
Keep exploring
ECCTA: UK Government issues guidance on failure to prevent fraud offence
Prepare your organisation for the ECCTA 2023 'failure to prevent fraud' offence
The Economic Crime and Corporate Transparency Act (ECCTA): Key impacts for Company Secretaries at UK-registered companies
As the UK tightens its grip on financial and economic crime, businesses must adapt swiftly to ECCTA to stay compliant and protect their reputations.
Master entity management and compliance with our essential ECCTA checklist
Our ECCTA checklist helps to ensure that your organisation not only complies with the law but also leverages that compliance for a strategic advantage.
