Radical reforms to fight economic crime: what should businesses do now?

The Economic Crime and Corporate Transparency Act 2023 ushers in some of the biggest changes to the law on economic crime in over a decade. The raft of reforms include a new criminal offence for large corporate entities for failing to prevent fraud and false accounting, an overhaul of corporate liability for economic crime and enhanced powers for Companies House.

The Economic Crime and Corporate Transparency Act 2023 (2023 Act), which ushers in some of the biggest changes to the law on economic crime in over a decade, received Royal Assent on 26 October 2023. The raft of reforms include a new criminal offence for large corporate entities for failing to prevent fraud and false accounting, an overhaul of corporate liability for economic crime and enhanced powers for Companies House (see further below¹).

The 2023 Act is part of wider UK legislative reforms to tackle fraud, money laundering and corruption, with a particular focus on corporate entities (see News brief “Economic Crime Bill: Companies House gets a makeover”). It follows other reforms that were introduced to assist with the prevention and detection of economic crime, such as the Economic Crime (Transparency and Enforcement) Act 2022 (see News briefs “Economic Crime Act: cracking down on illicit wealth” and “Economic Crime Plan 2.0: does it go far enough?”).

The 2023 Act will be implemented through secondary legislation in the coming months, most likely on a piecemeal basis, and guidance is awaited on certain areas. While the reforms will not take effect immediately, businesses should start preparing for these significant changes now.

Failure to prevent fraud

The new failure to prevent offence marks a significant expansion of the current suite of economic crime offences. The offence will apply to large corporate entities that meet at least two of the following criteria in the financial year preceding the year of the fraud offence:

• Have more than 250 employees.
• Have more than £36 million turnover.
• Have more than £18 million in total assets. 

The entities to which the offence will apply include large corporate entities, partnerships, not-for profit organisations and incorporated public bodies in any sector. SMEs are exempt.

Significantly, this will be a strict liability offence. An in-scope commercial organisation will be guilty of the offence where a specified fraud offence is committed by an employee, subsidiary or agent for the benefit of the organisation (and so not where the organisation is a victim) and the organisation did not have in place reasonable fraud prevention procedures. The failure to prevent offence has wide extraterritorial effect and will apply to entities doing business in the UK and those working for such entities. Foreign corporate entities could be prosecuted if one of their employees or associates commits fraud under UK law or targets UK-based victims. If convicted, an organisation may be liable for an unlimited fine.

The specified fraud offences cover a wide range of fraudulent conduct including:

• False representation.
• Failing to disclose information.
• Abuse of position.
• Obtaining services dishonestly.
• Participation in fraudulent business activity.
• False statements by company directors.
• Fraudulent trading.
• Cheating the public revenue.

The specified fraud offences do not include money laundering offences, which will be captured by existing legislation (see feature article “Anti-money laundering: shining a spotlight on compliance”).

An organisation will have a defence if it can prove that, at the relevant time, it had in place such prevention procedures that it was reasonable in all of the circumstances to expect it to have in place to prevent fraud and false accounting offences. The offence will not come into force until the government has published guidance on the meaning of “reasonable” procedures. Prosecutors will only have to show that there was a lack of reasonable procedures in place to prevent the specified fraud offence; they will not need to identify a particular individual or individuals who intended not to put in place the reasonable procedures.

Corporate criminal liability

The 2023 Act reforms corporate criminal liability for economic crime. It further increases the scope of corporate criminal offences that do not require the application of the identification principle. Currently, for a company or partnership to be liable for most offences, prosecutors have to show that a directing mind and will of the organisation, such as a particular individual or director, intended to commit the offence. This can prove particularly difficult in large organisations where responsibilities are diffused throughout that entity (see News brief “Reforming corporate criminal liability: a balancing act”). The 2023 Act modernises the law to reflect modern corporate structures where decisions are rarely made by one individual and readdresses the current unfairness for small companies, where it is easier to identify a directing mind and will.

Under the 2023 Act, a company or partnership will be guilty of an offence if a senior manager, acting within the actual or apparent scope of their authority, commits an economic crime offence. A senior manager is defined as a person who has a significant decision-making role about all or part of the organisation’s activities, rather than being based on job title. In addition to any sentence that is imposed on individuals who are found guilty of the offence, the organisation will receive a criminal conviction and a fine, the level of which will depend on the particular offence but may be unlimited.

Practical implications for businesses

The 2023 Act will make it easier to prosecute businesses for economic crime and places the onus on compliance. It will be essential for legal teams to pre-empt possible risk exposure within the business and for commercial organisations to make managing risk a top priority, if they do not already do so. Organisations can prepare for the reforms in a number of different ways.

Assessing and managing risk: Organisations operating in all sectors should consider the risk of fraudulent and false accounting activity, and economic crime. However, some sectors are more exposed than others, such as credit and financial institutions, professional services firms, casinos, cryptoasset exchanges and custodian wallet providers. Organisations should consider whether they fall within the definition of a large corporate body or whether they might do in the future, and keep this under review.

From a commercial perspective, the level of fine, which could be unlimited, should be factored into this risk assessment. The court will take account of all of the circumstances when determining any fine. Organisations should therefore assess the scope of their regulatory obligations in addition to their obligations under the laws that relate to economic crime; for example, by considering:

• Whether the business is regulated, where it operates, what laws apply to it and who can investigate it.
• Whether the organisation can show that it has an overall plan to combat economic crime to which all levels of the organisation are committed.
• Who may be considered a senior manager within the business. 

Organisations should also ensure that they have the internal resources to assess, prevent, detect, and respond to fraud. If they do not, they should consider whether there is scope for new roles within the organisation or whether it would be appropriate to appoint an external adviser to help with this.

Fraud prevention measures: Organisations should consider compliance training for staff and review any relevant policies, procedures and protocols that are aimed at bribery, corruption and crime, ensuring that these adequately address all economic crime offences.

Organisations will also be waiting eagerly for the government’s guidance on what constitutes “reasonable” prevention measures. When this becomes available, organisations should compare it to their current procedures and assess if any changes are necessary. There is a similar defence under the Bribery Act 2010 where a company can show that it had “adequate” procedures in place to prevent bribery (see feature article “Bribery Act 2010: ten years on”). The government has indicated that reasonable prevention measures will be less onerous than adequate measures. Based on the Bribery Act 2010 guidance, reasonable procedures might include measures such as:

• The involvement of top-level management.
• Risk assessments.
• Due diligence.
• Financial and commercial controls.
• Transaction transparency.
• Whistle-blowing procedures.

Fraud detection measures: Organisations should consider whether they have in place appropriate anti-fraud controls and reporting mechanisms. The government’s intention is that the 2023 Act will drive cultural change within organisations and prevent them being able to look the other way if an offence is uncovered. With that in mind, organisations should review their internal policies, in particular their internal reporting and whistleblower policies. They should also consider appointing a compliance officer if they do not already have one.

Response strategy: Organisations should put in place, and test, a response strategy that will come into operation if fraudulent activity is identified within the organisation. As part of this strategy, organisations should consider:

• Which individuals within the organisation will deal with such matters, as it is often necessary to limit those involved.
• Whether to inform the board, external lawyers or any regulatory body.
• Setting out a protocol and the parameters for internal investigations.
• Document retention and preservation procedures in relation to any documents that may be relevant to an investigation. This will likely include working with the organisation’s IT team or the relevant outsourced team to understand where and how data is stored, and how it can be protected and preserved.
• Appointing a team of external advisers who can assist, including legal, public relations, IT and crisis management advisers.

Companies House reforms

As well as the failure to prevent offences and the change to corporate criminal liability, the Economic Crime and Corporate Transparency Act 2023 includes reforms in relation to Companies House processes that are designed to improve transparency over UK companies, such as tightening the use of limited partnerships and tackling strategic lawsuits against public participation (SLAPPs) that relate to economic crime in order to give defendants more protection. SLAPPs are legal actions that are improperly brought with the intention of harassing, intimidating and financially burdening opponents.

The reforms will also entail significant changes when dealing with Companies House in order to:

• Increase identity verification requirements.
• Improve the reliability of a company’s financial information.
• Give Companies House broader powers in relation to company registration and information sharing with law enforcement agencies.

This article was originally published to Practical Law on 30 November 2023.