Loading...

ECCTA and FTP Update: Mitigate your Fraud Exposure

ECCTA and FTP Update: Mitigate your Fraud Exposure

ECCTA 2023

What is the ECCTA 2023?

The Economic Crime and Corporate Transparency Act (ECCTA) 2023 received Royal Assent on 26 October 2023. Several provisions of the Act came into force earlier this year, while others will become effective once the government has published additional guidance on their interpretation. The Act is intended to encourage organisations to establish or reinforce their fraud prevention procedures and place them at the centre of corporate culture.

Under Section 196, the new Act attributes criminal liability for economic crimes not only to individuals but to organisations if a “senior manager” acting within the actual or apparent scope of their authority commits a “relevant offence”. The “senior manager” test replaces the previous “directing mind and will” test for corporate criminal liability and could make prosecution more likely. The law clarifies that a “senior manager,” in relation to a body corporate or partnership, means an individual who:

  • plays a significant role in the making of decisions about how the whole or a substantial part of the activities of the body corporate or partnership are to be managed; or
  • plays a significant role in the actual managing or organising of the whole or a substantial part of those activities.

So even where an employee’s job title doesn’t reflect a senior management position, they could still fall within this category depending on their actual role and responsibilities.

Relevant offences under the Act include:

  • cheating the public revenue
  • conspiracy to defraud
  • false accounting
  • false statements by company directors
  • fraud by failing to disclose information
  • fraud by false representation
  • fraudulent trading
  • bribery

What is the New Failure to Prevent Fraud(FTP) Offence?

Notably, Section 199 of the Act introduces the offence of “failure to prevent fraud” (“FTP Fraud”), whereby “large” entities will be held liable if any of the specified fraud offences are committed by an “associate” of the organisation with the intention of directly or indirectly benefitting said organisation or any person to whom, or to whose subsidiary undertaking, the associate provides services on behalf of the organisation.

The new offence will apply even where the primary motivation was to benefit the individual but with the secondary intention of benefitting the organisation, for e.g. where an employee receives a commission on a fraudulent sale with the primary motive of receiving a commission, but also intending for the organisation to profit from the sale. Under the new legislation, the only defences available to organisations accused of FTP Fraud will be:

a) The organisation itself was the victim of the fraud;

b) The organisation had implemented “reasonable procedures” to prevent fraud; or

c) Under the circumstances, it was unreasonable to expect the organisation to have any prevention procedures in place.

Guidance on the meaning of “reasonable procedures” is due to be published later this year. However, it is likely to be similar to the guidance provided on the “adequate procedures” an organisation must have in place as a defence against the Bribery Act’s “failure to prevent bribery”.

The adequate procedures referred to in the Bribery Act cover six principles of compliance:

  • commitment from senior management
  • a periodic, documented risk assessment
  • strong but proportionate procedures
  • due diligence procedures
  • communication and training
  • monitoring and review

What is meant by a “large” organisation?

The FTP Fraud offence is applicable across all sectors, however, the Act currently covers only organisations or partnerships that meet two out of the following three criteria:

a) more than 250 employees

b) a turnover of more than £36 million

c) a balance sheet total exceeding £18 million.

However, smaller organisations should still consider reviewing their anti-fraud procedures since they could be regarded as “associates” of large organisations, which might require them to have reasonable procedures in place to prevent fraud. Regardless of the size of your business, strong anti-fraud measures are always best practice.

In fact, the Association of Certified Fraud Examiners stated that organisations are estimated to lose 5% of revenue to fraud each year!

It is worth noting that the UK Criminal Justice Act of 1993 extended jurisdiction for economic crimes to where a relevant event occurs in England or Wales. However, this does not require the offender to have been located in England or Wales at the time of the offence. A policy paper issued by the government on FTP Fraud states,

“If an employee commits fraud under UK law, or targets UK victims, their employer could be prosecuted, even if the organisation (and the employee) are based overseas.”

Overseas organisations engaging in regular business with customers or suppliers in the UK should therefore consider any potential for liability under the new Act.

Who is considered an associate?

For the purposes of the new Act, a person is considered an associate if:

  • the person is an employee, agent, or subsidiary undertaking of the relevant body or
  • the person otherwise performs services for or on behalf of the body.

Employees of the organisation’s subsidiaries can also be considered associated.

The penalty for organisations found guilty of FTP Fraud is likely to be an unlimited fine. There will be no individual liability for managers and company owners who had no knowledge of the offence occurring. However, individual fraudsters within the organisation will still face prosecution and possible prison sentences.

How can we help your business with ECCTA Compliance?

The FTP Fraud offence will come into force six months after the government publishes guidance on “relevant procedures”. So now is the time to get your ducks in a row, ready for 2025! The first step to comply with the ECCTA is a Fraud Risk Assessment.

Our anti-fraud professionals, including Certified Fraud Examiners Neil Miller and Catherine Da Costa, are trained to conduct detailed Fraud Risk Assessments. These assessments are tailored to your sector and designed to identify your company’s areas of strength and weakness. We will analyse every area of your business and provide you with a detailed report on our findings. We can then work with you to reinforce your company’s existing fraud prevention measures or design new ones.

Anti-Fraud Assessment

 

 

 

 

 

Here at TenIntelligence, our well-established Due Diligence team is ready to help you fulfil the requirement that is expected to be part of the “reasonable procedures”. Whether it’s standard background checks for new employees or enhanced due diligence on senior management, our team of experienced analysts is ready to assist you. Please contact us for further information on our services.

Written by

Catherine Da Costa

 

In support of ACFE International Fraud Week

International Fraud Week