+44 (0)20 7353 6000
31 May 2024

Failure to Prevent Fraud: Changing The Wrong Game?

The new offence of failure to prevent fraud (FTPF) has many devotees. The former SFO director, for example, proclaimed it “a game-changer for law enforcement”. The same sentiment echoes throughout Government briefings and legal commentaries. But whose game is being changed? And to what end?

The basics are well known so can be summarised briefly. Section 199 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) provides that a large organisation commits the FTPF offence if it fails to prevent an associated person from committing a fraud offence, where the associated person intends to benefit (whether directly or indirectly) either: (a) the organisation, or (b) the person to whom (or to whose subsidiary) the associated person provides services on behalf of the organisation. Qualifying fraud offences are listed in Schedule 13 to ECCTA.1 The organisation is not guilty of the FTPF offence if it was, or was intended to be, a victim of the fraud offence. The organisation has a defence if, at the time of the fraud offence, it had in place reasonable fraud prevention procedures.

The FTPF offence is narrowly drafted in terms of who can commit it (i.e. only large organisations).2 But it is broadly and ambiguously drafted in terms of how it can be committed. Two features in particular exemplify this point. First, the array of fraud offences that the organisation must prevent. Second, the fact that the organisation is guilty if the associated person commits a fraud offence with a mens rea framed by reference to undefined concepts of “benefit” and “victim”.

An array of fraud offences

The two predecessor ‘failure to prevent’ offences concern well-defined and relatively narrow types of criminality – bribery and tax evasion. They are most likely to be committed in particular departments of an organisation and the third parties those departments routinely deal with: bribery in the procurement/sales departments and tax evasion in the tax department. In contrast, fraud can be committed in myriad ways by any director, employee or third party; it risks permeating any type of commercial activity conducted within (and by) the organisation.

The amorphous nature of fraud is reflected in the list of no fewer than nine offences in Schedule 13. These wide-ranging offences encompass all manner of acts and omissions. Moreover, they are all conduct-based offences, meaning that they are committed where the associated person intends, by means of their conduct, to bring about certain results. It is not necessary to prove any resulting loss or damage.

With one exception, the Schedule 13 offences all require proof of dishonesty. The odd one out is section 19 of the Theft Act 1968, which, instead of dishonesty, requires an intention to deceive. The inclusion of a non-dishonesty-based offence in Schedule 13 is curious but not anomalous: despite the repeal in 2007 of numerous deception-based offences and their replacement by the dishonesty-based offences found in the Fraud Act 2006, dishonesty is not a necessary element of fraud. A deceit-based offence such as section 19 of the Theft Act 1968 is still a fraud offence. Nonetheless, its inclusion in Schedule 13 is another manifestation of the sheer breadth of the conduct the organisation must prevent. That the organisation can also be guilty on the basis of inchoate offending by the associated person (i.e. through the associated person’s aiding, abetting, counselling or procuring of the fraud offence) makes the conduct the organisation must prevent broader still.

“Benefit” and “victim”

Having broadened the foundations of the FTPF offence in this way, ECCTA introduces the ambitious but ambiguous requirement that the prosecutor consider three facets of the associated person’s state of mind:

  1. First, as one would expect, the organisation is only guilty if the associated person has the mens rea that is a necessary element of the Schedule 13 fraud offence (i.e. dishonesty or intent to deceive).
  2. Second, the organisation is only guilty if the associated person commits the Schedule 13 fraud offence with an additional mens rea of intending to “benefit” the organisation (or the person to whom the associated person provides services on behalf of the organisation).
  3. Third, however, the organisation is not guilty if the associated person commits the Schedule 13 fraud offence with the mens rea of intending the organisation to be a “victim” of the offence.

The words “benefit” and “victim” do not feature in the predecessor failure to prevent offences concerning bribery and tax evasion. Given their novelty and their significance to whether the organisation commits the FTPF offence, it is surprising that ECCTA does not define them.

What, then, does “benefit” mean in this context? Most criminal lawyers will immediately think that a person “benefits” if they obtain property (including real, personal and intangible property) as a result of their conduct, given this is its definition in section 340(5) of the Proceeds of Crime Act 2002. Assuming that the same meaning of “benefit” applies to ECCTA, there will be circumstances in which an associated person commits the Schedule 13 fraud offence (because they acted dishonestly) but without the organisation thereby committing the FTPF offence (because the associated person did not intend the organisation to benefit from their conduct).

Where, for example, an employee dishonestly makes a false representation (contrary to sections 1 and 2 of the Fraud Act 2006), his intention may be to cause loss to a commercial competitor of his employer out of unmitigated spite, with no intention to benefit himself or another. In these circumstances, the associated person has the necessary mens rea (dishonesty and the intention to cause loss to another) to commit a Schedule 13 fraud offence but lacks the necessary mens rea (the intention to benefit his employer organisation) to render the organisation liable for the FTPF offence.

Turning to “victim”, the use in ECCTA of the indefinite article (a victim) presupposes, rightly, that there can be multiple victims of the same fraud. And if the organisation can show that it was one of the intended victims of the associated person’s fraud, it does not commit the FTPF offence, even though there may be other victims who have lost, or who stood to lose, significantly more.

Where, for example, a director makes a false statement intending to deceive shareholders about the company’s financial affairs (contrary to section 19 of the Theft Act 1968), those shareholders are not necessarily the only intended victims of the fraud; the director may be seeking, through the false statement, to enrich herself personally at the expense of her company. In these circumstances, the associated person has the necessary mens rea (intention to deceive shareholders) to commit a Schedule 13 fraud offence but has an additional mens rea (intention to cause loss to her company) which means the organisation is not liable for the FTPF offence.

These examples demonstrate how important it is to consider the small but undefined words “benefit” and “victim” when determining whether the organisation has committed the FTPF offence. By focusing on facets of the associated person’s state of mind other than the mens rea relevant to the underlying fraud offence, they provide fertile ground for negotiation between an investigator and corporate suspect about the associated person’s true intentions; whom exactly did their offending intend to benefit and whom did it intend to harm?

Who is the actual victim?

When analysing the word “victim”, the associated person’s intentions are not the end of the matter. ECCTA is clear that liability also turns on whether the organisation is in fact a victim of the associated person’s conduct, regardless of the associated person’s intentions. Where, for example, an associated person’s intentions in committing the Schedule 13 fraud offence go awry and bring about unintended consequences that harm the organisation, the organisation, by virtue of becoming a victim of the fraud, is not liable for the FTPF offence.

Suppose a third-party auditor dishonestly signs off on a financial statement for the organisation that includes revenue numbers he knows to be false. The auditor has committed false accounting under section 17 of the Theft Act 1968. As for the organisation, it will need to investigate whether the evidence suggests that the auditor’s intention was to benefit himself and/or his audit firm, rather than the organisation. The organisation might be able to argue that any financial benefit the auditor intended the organisation to receive (e.g. shareholder confidence/investment on publication of the financial statement) was illusory, since it was constructed on false figures. The facts may even suggest that the auditor’s intention was achieved by misleading the organisation’s in-house audit team about the appropriateness of the accounting treatment. If so, the organisation may be able to argue that, regardless of what the auditor intended, it has, as a matter of fact, become a victim of his dishonesty – since its employees were deceived and it has ultimately lost money as a result of his fraud.

It is not difficult to conceive of other circumstances in which an organisation may well have been an intended beneficiary of the associated person’s fraud at the outset, but as a result of how the fraud was perpetrated and whether the associated person’s intentions were realised, the organisation became an intended (and/or an actual) victim. “Benefit” and “victim” are fluid and ambiguous concepts. When mapped onto the facts of a long-running and complex fraud, the key participants in that fraud may have competing claims on them.

This is not simply empty theorising or playing with words. It was one of the issues debated in the SFO’s unsuccessful attempt in the High Court to secure a voluntary bill of indictment against Barclays Plc. Leading counsel for the SFO had argued that the bank (even as a dishonest co-conspirator) could issue contribution and indemnity proceedings against its co-conspirator directors and could even launch a private prosecution of them. Davis LJ did not agree, observing that this “would tend to support the point that Barclays had not simply been a beneficiary of the conspiracy but had in truth been a victim of deception.3

But who can commit it?

To return to the two questions posed at the start of this article: whose game is being changed? And to what end?

It is striking that, having introduced such ambitious breadth and ambiguity in terms of how the FTPF offence can be committed, Parliament has ultimately narrowed down who can commit it. The definition of a large organisation means that, in practical terms, it will not apply to over 99% of commercial activity in England and Wales. The much-heralded game-changer will have little impact in fighting the epidemic of fraud. The only game the FTPF offence will change is akin to polo – an elite sport enjoyed by less than 1% of the population.

As such, the FTPF offence reveals a legislative mind-set that is the opposite of what it claims to be: the reality behind the rhetoric is that it will likely make no difference to the vast majority of ordinary or vulnerable people who are the victims of the often life-destroying internet, investment or other scams that make up so much of the so-called fraud epidemic. By targeting only the largest companies, the FTPF offence will exacerbate rather than close the current enforcement gap. Significant fraud investigations will fall further into the hands of well-resourced companies and their professional advisors, leading to more DPAs, more corporate pleas and more eye-watering financial settlements.

That is good for the Treasury’s bank balance and makes attractive headlines but it is a depressing vista for criminal justice because it engenders a climate of impunity. First because it promotes the quasi-privatisation of fraud enforcement within the largest companies at the expense of enforcement action against equally (or more) pernicious fraud committed in small to medium-sized companies, or outside any corporate context. Second because, as the experience of the Bribery Act 2010 demonstrates, it leads to inadequate investigation of individuals who may be complicit in the fraud, resulting in fewer prosecutions or prosecutions brought on insufficient evidential foundations.

That said, given the ongoing lack of adequate resourcing for fraud enforcement by the SFO, CPS and others, the FTPF offence is arguably the only practical or rational response. Like the two existing failure to prevent offences, the primary aim of the FTPF offence, whatever the Government says, is to change corporate culture rather than secure convictions. Perhaps it is better for the private sector to police some fraud which the public sector is incapable of policing. Indeed, that may well become the lasting impact of the FTPF offence: banks and big data companies now face the challenging prospect of policing their platforms for the types of fraud committed by their users that not only enrich the fraudsters, but bring about some additional financial benefit to the organisation. As with the creation of anti-money laundering legislation in the late 1990s and early 2000s, the corporate world is being asked, on pain of criminal sanction, to guard the gates and protect consumers.

1 Section 200 empowers the Secretary of State to add or remove offences from Schedule 13 but only offences of dishonesty, offences of a similar character to the existing offences or money laundering offences contrary to sections 327-329 of the Proceeds of Crime Act 2002 may be added.

2 Sections 201 defines a large organisation as one in which two or more of three measures are exceeded: turnover £36m; balance sheet total £18m; or 250 employees. Note that the Secretary of State has the power under section 201(7) to abolish by regulations the limitation so as to bring all organisations within the new offence or otherwise vary the reach of the offence.

Serious Fraud Office v Barclays plc and another [2018] EWHC 3055 (QB) at para 127.

Latest Insights


May 31 2024


May 10 2024


April 26 2024