As the UK legislative position continues to evolve to prevent harmful practices, anti-bribery and anti-fraud initiatives together with risk mitigation remain a significant focus for international businesses.
Alongside our advisory services, we deliver legal training to the boards and senior management teams of multi-national clients providing insight into legal developments and current best practices in relation to the corporate offence of failure to prevent bribery under the UK Bribery Act 2010 ("UKBA") and the forthcoming offence of failure to prevent fraud under the UK Economic Crime and Corporate Transparency Act 2023 ("ECCTA").
It is important for international businesses to understand and protect against the extraterritorial reach of these offences and the potential financial and reputational consequences of breach.
Failure to prevent bribery
By way of recap, under section 7 UKBA, a commercial organisation is guilty of the offence of failure to prevent bribery where a person associated with that commercial organisation bribes another person intending to obtain or retain business, or an advantage in the conduct of business, for the commercial organisation. This offence imposes criminal liability on the commercial organisation unless it can prove that it had adequate procedures in place designed to prevent bribery.
In respect of the territorial application of section 7, the definition of "commercial organisation" includes a body corporate or partnership under the law of any part of the UK, or any other body corporate or partnership (wherever incorporated) which carries on a business, or part of a business, in any part of the UK.
The UKBA further provides that an offence is committed under section 7 irrespective of whether the acts or omissions which form part of the offence take place in the UK or elsewhere.
Non-UK parent company strategic and operational management of UK subsidiaries, for example, may make the parent subject to UKBA, even in respect of conduct which is unrelated to the UK, and similarly issues can arise in the context of overseas persons who perform services for or on behalf of a UK business.
Having a UK subsidiary will not, of itself, mean that an overseas parent company is carrying on a business in the UK, since a subsidiary may act independently of its parent or other group companies, but issues can arise if, for example, bribery takes place at the UK subsidiary level intending to obtain or retain business or a business advantage for the parent company.
The adequate procedures defence is guided by a number of well-established principles, governmental guidance, lessons from case law and an understanding of how different businesses have established, and importantly continue to monitor and update, their anti-bribery and corruption policies and procedures as their business and any associated risks evolve. These are areas we are well-placed to advise clients on.
Failure to prevent fraud
ECCTA will introduce a new offence of failure to prevent fraud which comes into effect on 1 September 2025. It is important that businesses act now to ensure they are aware of what the offence entails, whether they will be caught by the provisions and ensure that reasonable fraud prevention procedures are in place, to act as a defence, should a relevant fraud incident occurs.
The failure to prevent fraud offence is designed to make it easier to hold organisations to account if they fail to prevent specified fraud offences committed by those associated with them.
A relevant body will be held criminally liable for failing to prevent fraud if:
-
An "associated person" commits a specified fraud offence; and
-
The fraud offence is committed with the intention of benefiting (directly or indirectly) the relevant body, or any entity or its subsidiary for which the associated person provides services on the body's behalf.
An "associated person" is anyone who performs services for or on behalf of the organisation. This includes trustees, directors, employees, agents, as well as other third parties, even if they are not under contract with the organisation. The scope is broad, capturing any person who provides services for or on behalf of the organisation, while they are providing those services. Therefore, a wide range of individuals could potentially expose your organisation to liability.
If an employee of a subsidiary of a relevant body commits a fraud intended to benefit the subsidiary, the subsidiary may be prosecuted. If an employee of a subsidiary of a large organisation commits a fraud intended to benefit the parent company, the parent company may be prosecuted.
Currently, only large organisations fall within the scope of the legislation. To fall within the "large organisation" definition, the relevant body needs to satisfy 2 or more of the following criteria in a financial year: (a) more than £36 million turnover; (b) more than £18 million in total assets; or (c) more than 250 employees.
While the base fraud offence has to have taken place in the UK, or the gain or loss occurred in the UK: (a) if a UK person associated with an overseas business commits the fraud, the relevant overseas organisation could potentially be prosecuted; and (b) if an employee or associated person of an overseas-based organisation commits fraud in the UK, or targets victims in the UK, the organisation could be prosecuted.
Where an organisation meets the threshold for the offence to apply and is then facing liability for a failure to prevent fraud, it could avoid being found guilty if it had reasonable fraud prevention procedures in place. The onus will be on the organisation to prove that it had reasonable procedures in place at the time the fraud took place. It will not be a defence to show that reactive steps were taken as a result of a fraud incident.
Your defences and next steps
The UK Government has issued guidance on the bribery offence and guidance on the fraud offence.
The fraud offence guidance sets out six key principles which underpin the fraud prevention measures that organisations should have in place. UK courts will consider these principles when determining whether an organisation can rely on the reasonable procedures defence.
- Top-level commitment: senior management must lead by example, fostering a culture where fraud is unacceptable.
- Risk assessment: organisations should evaluate their exposure to fraud risks, considering all those who would be deemed an "associated person". These assessments should be dynamic and remain under review.
- Proportionate risk-based prevention procedures: devise fraud prevention plans, with procedures being proportionate to the risk identified in the risk assessment.
- Due diligence: conduct risk-based due diligence, especially for those providing services for or on behalf of the organisation.
- Communication and training: educate employees and other associated persons on fraud risks and prevention measures. This acts as an endorsement to the fraud prevention culture.
- Monitoring and review: regularly review and update fraud prevention measures.
Both UK companies and international companies with a UK business nexus (such as those with UK subsidiaries, UK based representatives, otherwise conducting business in the UK, or with overseas employees performing services in relation to UK subsidiaries / business) are advised to consider if the procedures they have in place are adequate and reasonable in light of the failure to prevent bribery and failure to prevent fraud offences. Companies that operate cross-border between the UK and other jurisdictions would be well advised to consider the applicability of the offences to them and perform risk assessments and related due diligence proportionate to their risks. Companies may also consider it timely to review and update their compliance policies and contractual arrangements and conduct training for employees and persons who perform services for them.
This bulletin is not intended to be exhaustive, but rather serves as a high-level reminder and overview of the existing offence under UKBA and the forthcoming offence under ECCTA. Please contact the authors of this bulletin, or your usual contacts within the firm, if you would like to understand more.
