One Step Closer To The Future (Part I) – The Corporate offence of Failure to prevent fraud

Earlier this summer, the Law Commission published its long awaited proposals on reforming corporate criminal liability in England and Wales (the "Options Paper"), following the launch of its discussion paper in June 2021. Whilst the Options Paper rejects the much discussed "failure to prevent economic crime" offence, it outlines ten "options" for strengthening corporate liability, which notably includes the expansion of the failure to prevent model to fraud, and of the identification principle to cover a wider set of senior individuals whose mental acts and states might result in a corporate entity becoming criminally liable. Other proposals include the introduction of failure to prevent offences in relation to a small number of non-economic crimes, making publicity orders available in all cases where a non-natural person is convicted of an offence, introducing a regime of administratively imposed monetary penalties, introducing civil actions in the High Court based on Serious Crime Prevention Orders, and introducing a requirement for public interest entities to report on anti-fraud procedures, or introducing a requirement akin to Modern Slavery Act statements for large corporations to report on their anti-fraud procedures.

In this article of our series looking into the Law Commission's proposed reforms, we discuss the potential expansion of the failure to prevent model to fraud, and its implications.

Background

A corporate "failure to prevent" offence was first introduced in relation to the base offence of bribery by section 7 of the UK Bribery Act 2010 ("UKBA"), and then mirrored in sections 45 and 46 of the Criminal Finances Act 2017 ("CFA") in relation to the facilitation of tax evasion.

As previously discussed, due to the difficulty in attributing criminal conduct to corporate entities through the "identification principle", prosecution agencies, such as the Serious Fraud Office ("SFO") and the Crown Prosecution Service ("CPS"), have spoken of the struggles in holding corporations accountable for criminal activity carried out with a view to benefiting the organisation, and have called for the expansion of the failure to prevent regime to other economic crimes.

Fraud has continued to rise since the pandemic, and the most recent Crime Survey for England and Wales reported a 25% increase in fraud cases compared with the year ending March 2020.¹ In its Options Paper, the Law Commission described fraud as the "paradigm" of economic crimes, as it covers offences which are particularly likely to be committed in a corporate context, and concluded that if the failure to prevent model were to be extended, it should be limited, at least in the first instance, to core fraud offences only.

Focus on Fraud

It was suggested by the SFO, CPS, and other proponents of the failure to prevent model that Part 2 of Schedule 17 of the Crime and Courts Act 2013 (which lists the offences for which a Deferred Prosecution Agreement may be concluded) would be a good starting point for offences to be covered by a new failure to prevent offence.

The Law Commission deemed this list too broad, as it would duplicate duties and offences already covered by the UKBA, CFA, money laundering and regulatory regimes.

Instead, it proposed that a new failure to prevent offence should focus on fraud, and include (at least initially) the offences of: fraud by false representation,² obtaining services dishonestly,³ the common law offence of cheating the public revenue, false accounting,⁴ fraudulent trading,⁵ dishonest representation for obtaining benefits,⁶ and the fraudulent evasion of excise duty.⁷

The Law Commission highlighted that as fraud can be committed in a variety of ways and circumstances, applying the failure to prevent model to it would be challenging, and government guidance would need to be published.⁸ It also set out a number of guiding principles to be reflected in the new failure to prevent offence.

Benefit to the company

Whereas section 7 of the UKBA requires an associated person to be acting to benefit the corporation when bribing, it is sufficient under the corresponding facilitation of tax evasion offence that the associated person is "acting in [the] capacity" of an employee, agent or supervisor of the company.

The Law Commission concluded that the facilitation of tax evasion approach was too broad to be extended to a new failure to prevent fraud offence, noting that in practice it could extend to conduct conferring no direct or indirect benefit on the company and to circumstances where the company itself might be the victim. This could be particularly problematic in the case of fraud, where employees acting to defraud a company could still be found to have been acting in the capacity of an employee. Indeed, respondents to the discussion paper expressed concerns that fraud is most often committed against the company, rather than for its benefit.

However, the Law Commission made clear that a company should not be liable if it is the intended victim. The offence would be committed where an associated person (who might be an employee or an agent) commits an offence of fraud with intent to:

• benefit the corporation; or
• benefit another person to whom they provide services on behalf of the corporation.

In the second scenario, the company would not be liable if the conduct was intended to cause it harm.

The Law Commission noted that the requirement to benefit the company should encompass situations in which it is not the associated person's primary purpose to benefit the company, but that outcome is intrinsically related to their purpose.⁹ It also noted that the requirement should be understood broadly, so that it may cover instances where the company benefits indirectly, as a result of a direct benefit being obtained by a person to whom the associated person provides services on behalf of the company. However, it ruled out a simple requirement that the conduct was intended to benefit a client for whom the employee provides services on behalf of the company, on the basis that this could capture cases where the employee and client conspired to commit an offence where the company was a victim.¹⁰

The Law Commission raised the issue of the burden of proof regarding the intention to cause harm to the company. It concluded that placing a reverse burden on the company to show that the conduct was not intended to benefit it (rather than to show that it was intended to cause the company harm) would be too broad.

Extra-territoriality

The two existing failure to prevent offences (for bribery and the facilitation of tax evasion) both have a broad extraterritorial scope, and allow companies to be held liable for the failure to prevent associated persons from engaging in criminal conduct outside the UK. Indeed, companies can commit both of the current offences even if all their elements took place overseas, and the associated person who committed the underlying criminal act does not have a close connection to the UK. All that is required is that the corporate "carries on business, or part of a business" in the UK.

Proponents of such extra-territoriality argue that it captures the global nature of much corporate activity, and ensures liability for cross-border corporate crimes. It also avoids a competitive disadvantage for UK-based businesses.

However, the Law Commission concluded that it should not be presumed that any future failure to prevent offence should have extraterritorial effect, and that any new offence should only be extended to cover conduct overseas where there is a demonstrable need to do so in relation to that offence specifically.

It did not address whether extra-territoriality should be applied to a failure to prevent fraud offence specifically, but it did highlight two particular drawbacks to the extra-territoriality present in the current failure to prevent offences, which can potentially result in conduct that has no UK nexus falling within the scope of UK jurisdiction. First, is the concern that, particularly when coupled with a broad definition of an "associated person", the employee of an overseas subsidiary might end up being an associated person of the UK parent company. This arguably creates an unfair burden and liability on the UK parent entity in circumstances where it has little or no control over such persons. The second issue relates to the lack of clarity over the jurisdictional scope of the failure to prevent offences, with the concern that an overly broad interpretation (such that a non-UK company may come within the scope of the offence merely by virtue of having some activity or a subsidiary in the UK) may have a negative impact on investment in the UK.¹¹

The Law Commission's approach on extra-territoriality is noteworthy, given that it is divergent from that taken in relation to bribery and the facilitation of tax evasion. It could be argued that the extra-territoriality of a failure to prevent offence would encourage large corporate groups to implement their policies and procedures consistently across all foreign subsidiaries, ultimately creating more robust cross-jurisdictional compliance frameworks, something that the UKBA has helped to achieve in relation to anti-bribery programmes.

No extension to inchoate offences

The Law Commission did not support the extension of the offence to attempts or conspiracies to commit fraud, or the common law offence of conspiracy to defraud, stating that this may lead to counterproductive and counterintuitive results. It argued that a company may have extensive procedures in place designed to prevent the commission of fraud and deter misconduct, but it has little control over whether employees will still attempt or conspire to commit fraud, in spite of these procedures. In its view, including such ancillary offences could render a company liable even if its procedures would actually have stopped the misconduct from taking place.

With regards to aiding and abetting¹², the Law Commission found that where the substantive offence of fraud is in fact carried out and the associated person has assisted or encouraged the commission of the offence intending to benefit the company, it may be reasonable to hold a company liable for failing to prevent the misconduct. It added that it would be inappropriate to extend the failure to prevent regime to cases where the associated person encouraged or assisted the offence, but the substantive offence did not actually occur.¹³

Defences

The Law Commission recommended that companies should be able to avail themselves of a defence if they have in place procedures that are "reasonable in all the circumstances". This was preferred over the "adequate procedures" defence of the UKBA, which could potentially be interpreted too strictly, and a company that has in place procedures that are reasonable in all the circumstances but that did not in fact prevent bribery from taking place might not be able to avail itself of the defence. The Law Commission concluded that, assuming that there is no intended or actual difference in meaning between "adequate" and "reasonable in all the circumstances", the latter expression better reflected the intended meaning. This suggests that there would be no real practical difference between the requirements of the "adequate" procedures defence under the UKBA and the "reasonable in all the circumstances" defence under the suggested failure to prevent fraud offence. In any event, implementing this new framework will likely represent a significant compliance burden for organisations, as even those who have already implemented anti-bribery and anti-facilitation of tax evasion programmes may not necessarily be able to follow the same template with regards to their anti-fraud programme. In addition, fraud is more difficult to define, given the range of different fraud offences, and the added complexity of the dishonesty element that needs to be established.

The Law Commission also concluded that any new failure to prevent offence should also include the defence in the CFA that provides a defence if the company can prove that it was reasonable in all the circumstances not to have any prevention procedures in place. However, it did not provide any detailed suggestions as to when this might be justifiable, and further guidance would be needed with regards to when a company might be able to justify that it did not require any prevention procedures.¹⁴ It did, however, comment that the burden of proving that it was reasonable not to have any such procedures should lie with the defence.

Despite pleas that the burden of proof should rest with the prosecution, the Law Commission disagreed, in part because the prosecution proving the commission of a base offence would establish a prima facie case that the company's processes had failed to prevent the commission of that base offence.

Penalties

The Law Commission did not address the specific penalties for a failure to prevent fraud offence, but did acknowledge that, for many of these offences, the fine would be unlimited, and a conviction would have consequences on a company's eligibility to bid for certain government contracts. This mirrors the penalties under the UKBA and CFA, which also include trade sanctions and disbarment from EU contract tenders.

The Battle Against Fraud Continues

Fraud has reached endemic levels in the UK, and is now considered a threat to national security. Its impact on the private sector is having significant knock-on effects on both the stability of individual companies, and the broader reputation of the UK as a place to do business.¹⁵ The capability of UK law enforcement agencies to properly tackle fraud and other economic crime has been called into question, and although the SFO would welcome the introduction of a failure to prevent fraud offence that may allow it to enter into further fraud related deferred prosecution agreements, it is arguably insufficient to tackle the volume of fraud being committed in the UK. It has been argued that allegations of fraud are particularly difficult to prove, in part due to the high number of disparate bodies responsible for tackling fraud.¹⁶ Whether a new failure to prevent fraud offence is introduced remains to be seen, but it would likely have little to no impact on large-scale cross-border fraud committed by organised crime groups. Greater resourcing across law enforcement agencies will still be needed to investigate and successfully disrupt complex fraud.

_{1 Office for National Statistics, "Crime in England and Wales: year ending March 2022".
2 Section 2, Fraud Act 2006.
3 Section 11, Fraud Act 2011.
4 Section 17, Theft Act 1968.
5 Section 993, Companies Act 2006.
6 Section 111A, Social Security Administration Act 1992.
7 Section 170, Customs and Excise Management Act 1979.
8 Law Commission, "Corporate Criminal Liability: an options paper", 10 June 2022, page 110, paragraphs 8.102 and 8.104. It is also worth noting that fraud offences would require establishing an element of dishonesty. A person's conduct is not dishonest unless it falls short of the standards accepted by ordinary people. This standard may be difficult to apply within a corporate context where individuals have differing levels of expertise and knowledge. 
9 One example might be where a person who is paid a commission on sales makes misleading or fraudulent claims in order to win sales and obtain a commission. Their immediate purpose is not to benefit the company, but themselves. However, because of the way their pay has been structured, they nonetheless intend to benefit the company also. 
10 Law Commission, "Corporate Criminal Liability: an options paper", 10 June 2022, page 100, paragraphs 8.54 to 8.58. The Law Commission also recognised that whilst the requirement in the UKBA to show that the bribery was intended to obtain or retain a business advantage for the organisation might capture many instances where an employee engages in criminal conduct on behalf of their employer's client, it could be challenging for the prosecution to prove that the employee intended to benefit their employer indirectly. 
11 Law Commission, "Corporate Criminal Liability: an options paper", 10 June 2022, page 98, paragraph 8.43. Although the courts have not yet had an opportunity to substantively consider the jurisdictional test in section 7 of the UKBA, the Act's extra-territorial reach was dealt with in the DPA entered into by Dutch-domiciled Airbus SE and the SFO in January 2020. The court approving the DPA accepted that the test was satisfied on the basis that part of Airbus' business was carried out in the UK through two of its subsidiaries. This was despite the fact that Airbus' primary operational headquarters were in France and the conduct to which it admitted took place outside of the UK (SFO v Airbus SE (2020), see, e.g., paras 16 to 21; and R v Airbus Statement of Facts.). Although the law on this point remains untested, this provides an indication of the court's approach.
12 Those who "aid, abet, counsel or procure" the commission of an offence can be found liable as principal offenders under section 8 of the Accessories and Abettors Act 1861, which requires that the offence actually be committed.
13 Under sections 44 to 46 of the Serious Crime Act 2007, a person can be convicted of encouraging or assisting an offence, even if that offence does not take place. See Law Commission, "Corporate Criminal Liability: an options paper", 10 June 2022, page 106, paragraphs 8.89-8.90.
14 Law Commission, "Corporate Criminal Liability: an options paper", 10 June 2022, page 103, paragraph 8.72. The Law Commission simply provided an example where it may be perfectly reasonable for a company not to have any measures in place to tackle money laundering if it operates in a sector with a negligible risk of such misconduct. In the context of "adequate procedures" to prevent bribery, the defendants in the case of R v Skansen Interiors Ltd were unable to successfully rely on the defence, despite the fact that they were a very small localised business operating out of a single open-plan office, had policies in place requiring employees to act ethically, and included anti-bribery and corruption clauses in their contracts. The threshold below which it is justifiable to not have any prevention procedures in place therefore remains unclear.
15 Royal United Services Institute, "Occasional Paper: The Silent Threat – The Impact of Fraud on UK National Security", page vii
16 See House of Commons Treasury Committee, "Economic Crime – Eleventh Report of Session 2021-22", 26 January 2022; and ICAEW, "Why does the UK have such a problem with fraud?", 21 June 2022.} 

_{White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.}

_{This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.}

_{© 2022 White & Case LLP}