Although targeted at large businesses, this new anti-fraud legislation could have a significant impact for smaller suppliers. Without proper prevention measures in place, you could unwittingly be implicated in fraudulent activity.
What are the new offences?
Part of an effort to reform UK corporate criminal liability, the ECCTA includes a new ‘failure to prevent fraud’ corporate criminal offence designed to prevent larger organisations committing fraud. Instead of focusing on organisations as the victims of fraud, as is commonplace, the new legislation makes it easier for them to be prosecuted for fraud and false accounting offences.
The new offence makes a large company liable if it fails to prevent fraud committed by employees, or associated persons, or benefits the organisation or its clients. Associated persons include agents, suppliers, advisors, brokers, contractors, consultants, joint venture partners and distributors.
Several high-profile corporate fraud scandals including Patisserie Valerie and Carillion highlighted significant gaps in fraud prevention and corporate governance. The legislation mandates organisations must have ‘reasonable fraud prevention procedures’ in place.
If measures are deemed insufficient and fraud occurs, the company could face severe penalties, including unlimited fines.
Ultimately, the legislation is designed to prevent corporate fraud and protect stakeholders. The primary responsibility lies with large organisations defined as reporting two or more of the following in the financial year preceding the offence:
- More than 250 employees
- More than £36 million in turnover
- Assets of more than £18 million.
Emma Allen, Partner at Taylor Wessing, says smaller businesses like financial advisors could also be implicated. “Even though the new ‘failure to prevent fraud’ offence only applies to large organisations, it is going to have a significant impact on out of scope suppliers working with those large organisations,” she says.
“The large organisation can be found guilty of the new failure to prevent offence if a relevant fraud offence is committed by the supplier with the intention of benefiting the large organisation (i.e. its customer). Insufficient visibility over third parties such as suppliers is therefore a key risk for large organisations.”
What does this mean for small suppliers?
The risk for smaller suppliers is being held accountable for fraud committed while providing services to larger organisations.
Allen warns, “anyone providing services to an in-scope organisation needs to be prepared for the introduction of additional compliance requirements, stricter procurement processes and closer monitoring of relationships by affected customers”.
As larger organisations beef up their anti-fraud measures to mitigate risk, smaller suppliers may find disclosure requirements become more onerous.
Sam Healey, Partner in Business Crime at JMW Solicitors, says while the ECCTA doesn’t directly require further information from smaller businesses, in reality they can expect larger clients to request items. These could include “regular reports, internal audits, an anti-fraud policy and evidence of ongoing compliance efforts,” he says.
Healey notes these requests could be financially and operationally burdensome for small businesses. They “often lack the resources to implement extensive compliance frameworks. The need to invest in new systems, staff training, and possibly external consultancy services, can strain their budgets,” he says.
How can small suppliers protect themselves?
If a large client is implicated in fraud, it’s likely they will scrutinise their suppliers’ practices to ensure compliance with the ECCTA across their supply chain and avoid liability.
To protect yourself against falling foul of the new criminal offence, Healey recommends proactively implementing anti-fraud measures.
“This process could begin with developing a comprehensive anti-fraud policy. Such a policy should clearly outline the procedures for detecting, preventing, and reporting fraud, ensuring that all staff members are aware of their responsibilities in maintaining organisational integrity,” he says.
“Regular training sessions would educate staff on how to recognise and report fraudulent activities.”
Other actions include:
- Conducting regular audits, both internal and external, to identify fraud vulnerabilities
- Investing in fraud detection and prevention technology
- Working with legal advisors and compliance experts to understand the full extent of disclosure requirements for existing and new clients
- Maintaining comprehensive records of compliance measures including fraud risk assessments, employee training programs and internal audit results.
Although requirements will vary between organisations, major changes are coming to corporate governance and the effects will likely be felt throughout the supply chain.
Preparing now, before the legislation is enforced or before any future offences are announced that include smaller businesses within scope, could help avoid any potential issues in the future.