With less than a month until the Economic Crime and Corporate Transparency Act (ECCTA) 2023 “failure to prevent fraud” offence comes into effect, large organisation should ensure that proper preparation is underway to meet their legal obligations.

Failure to prevent fraud by “associated persons” is a new corporate criminal offence under the ECCTA which will apply from 1 September.

This is the most significant reform of corporate criminal law since the Bribery Act 2010, and it greatly increases the risk of corporate criminal liability for frauds which benefit an organisation or an organisation’s clients.

With the head of the Serious Fraud Office, Nicholas Ephgrave, recently stating the agency is keen to prosecute the new offence and that “someone needs to feel the bite”, time is of the essence.

There is a “reasonable procedures” defence. To have a prospect of having a defence, the government guidance stipulates that a documented fraud risk assessment is essential. Large organisations and their subsidiaries should also ensure that current policies cover the failure to prevent fraud offence and are effectively communicated throughout the organisation.

The offence aims to hold large organisations accountable for frauds by subsidiaries, employees, agents and other “associated persons” where there is an intention to benefit the organisation or the organisation’s clients. In addition, smaller subsidiaries which are part of large corporate groups are also caught where there is a failure to prevent an outward fraud by an employee.

An organisation is “large” if it meets two or more of the following criteria in a financial year: turnover of more than £36 million; a balance sheet total of more than £18 million; and more than 250 employees. For parent companies, the aggregate global figures of all subsidiaries apply.

Organisations should already be working towards this deadline, as there is no formal grace period written into the legislation. The government has provided advanced notice of the start date as well as guidance on the steps organisations should put in place to discharge the reasonable procedures defence.

The current guidance is somewhat broad and not prescriptive, allowing organisations the flexibility to tailor their fraud prevention measures to their specific needs. Organisations will need to assess whether or not there are already reasonable procedures in place or, if not, make the necessary changes. This can be carried out via a “current state” assessment of the fraud risk management framework.

The new corporate criminal offence is the most significant boost to the ability of the Serious Fraud Office, the police and other law enforcement bodies to investigate and prosecute serious economic crime in more than a decade.

Nicholas Ephgrave, Director of the Serious Fraud Office, recently emphasised the enforcement agency’s “hunger” to prosecute large organisations. He said: “Come September, if they haven’t sorted themselves out, we’re coming after them. That’s the message I’ll be delivering. I’m very, very keen to prosecute someone for that offence. We can’t sit with the statute books gathering dust, someone needs to feel the bite.”

David Lister, Partner and Forensic Accountant at Pinsent Masons