The Fraud Cast: Insights on The Economic Crime and Corporate Transparency Act
Insights on The Economic Crime and Corporate Transparency
Transcript
Fran Marwood
Good morning, everyone, and thank you all for joining us. My name is Fran Marwood, and I'm a partner in our restructuring and forensics practice, and a very warm welcome to the latest in our broadcast series. As a quick reminder, our last broadcast focused on Fraud AI, and that's on our broadcast web Hub, along with all of our previous sessions, so please do dip into those. I'm delighted that I'm joined on today's broadcast by a panel of experts who are going to be talking to us about the new failure to prevent fraud offense, which has been introduced as part of the economic Crime and Corporate Transparency Act. Now, the Act is a significant piece of new legislation, which includes reforms to companies house, crypto acid seizure, the identification doctrine, and of course, the failure to prevent regime, which we're going to be focusing on today. Now, during the webcast, we're going to be using the webcast polling system. For those of you've been on these before, you'll be familiar with that, so you can share your thoughts as we go through the session. We'd also love to hear any questions that you might have for the panel, and you can ask those by typing them in the box on the screen. The broadcast today is going to be recorded. So do take a look at the recording on our web hood after the session, and please do feel free to share that link with you colleagues. So with that, I'm delighted to introduce you to our panel members today. I'm joined by Penny Dun Babin, Jonathan Holmes, and Katherine Westmore, and I'll let the panel introduce themselves. Penny. Shall I come to you first?
Penelope Dunbabin
Hi, thank you very much. My name is Penny Dun Babin. I'm from the Home Office, and I'm working on the draft guidance for the failure to prevent Ford offense.
Jonathan Holmes
Good morning, Fran. Jonathan Holmes, as we all know, I'm a partner in our restructuring and forensics practice.
Katherine Westmore
Katherine Westmore, I'm a senior research fellow at the Center of Financial Crime and Security Studies at Rosy, and I'm also a specialist advisor to the Home Affairs Select Committees Current Inquiry into Ford.
Fran Marwood
Well, thanks for those introductions. Let's start by if we can turning to you Penny. A lot of our audience will have heard about the failure to prevent requirements. But just to make sure that we're all on the same page, I was wondering if you could just give us a brief summary of the failure to prevent requirements.
Penelope Dunbabin
Yes. The failure to prevent offense is an offense, a corporate offense, if an organization fails to prevent the commission of a fraud by an associated person, which may be an employee or an agent or a contractor who is offering services to a client. So if that fraud benefits the company or its clients, then that fraud is in scope. There is an offense. The failure to prevent fraud guidance, we'll set out the measures that companies need to put in place to avoid fraud.
Fran Marwood
No, Thanks, Penny. As many of our audience will know, I guess, there's been various factors that have led us to the failure to prevent requirements. And Katherine, I wondered if you could just give us some of the background behind the requirements and any thoughts you've got on why the government has introduced these now.
Katherine Westmore
Well, so I think in terms of the background, most people be aware that there are currently now four, but there are three failure to prevent offenses in existence already, the offenses under the Bribery Act that were introduced in 2010, and then two further offenses in the criminal Finan sc around the facilitation of F tax evasion. These failure to prevent offenses are what I've always called a uneasy compromise in UK law and really designed to tackle the fact that it's incredibly difficult under UK law to hold corporates to account. Particularly when you look at economic crime, there are certain types of offenses that can only happen in a corporate context, financial statement manipulation, for example, can only happen in a corporate context. And over the last years, it's been increasingly difficult to hold corporates to account, and the courts have taken a very narrow interpretation of whose behavior within an organization can attract corporate liability and we've seen some significant prosecutions fall apart on this point. So to address those issues of corporate criminal liability in the UK, the Law Commission was asked a couple of years ago to look at corporate criminal liability more generally and specifically whether a failure to prevent economic crime offense should be introduced. It ultimately decided after a lot of consultation that there was no argument for a failure to prevent economic crime offense. We already have failure to prevent offenses, as well as regulatory regimes that act as quasi failure to prevent offenses, the money laundering regulations is a good example. But what it did suggest was that there was scope for failure to prevent fraud offense. And in the government's fraud strategy that was released last year, it committed to exploring this further, and as a result in the comic Crime and Corporate Transparcy Act included this amendment around failure to prevent fraud defense. It was, I think worth saying, subject to some debate and a very long ping pong match between the House of Commons and then the government and the House of Lords. Where there was a lot of arguments and discussion, particularly from some of the cross Bench peers around what the exact scope of the offense should be, what kind of offenses should be in scope, who it should apply to, although eventually the government's amendment was passed. And I think for me, what these failure to prevent offenses are designed to do is partly address those issues with UK law, but also to try and promote sort of culture change. We've seen over the last few years a really significant number of corporate frauds, which have had a huge impact both on the businesses, people's livelihoods, the economy more broadly. So by introducing these, they're trying to instill that sort of fraud prevention fraud risk management within corporates to improve the standard of fraud prevention and detection.
Fran Marwood
Now, thanks for that, Katherine. I suppose it's against that backdrop of, you know, 41% of all UK crime being fraud now, so certainly timely. Jonathan, I mean, this isn't the only law regarding fraud in the UK. And from your point of view, where do you think this fits in with the other fraud laws that we've got in the UK?
Jonathan Holmes
I guess I'll pick up on something that Katherine said as well, it's It is filling this gap of fraud and failure to prevent. I would point ourselves and anyone watching this webcast actually to the schedules in the Act. If you look at Schedule 12, for example, you will see economic crime, really helpfully listed out, frankly, I mean, I see the 20 sections that cover off 22 different rules that apply. You will see that but that is significantly more coverage, and if you look at Section Schedule 13, you will see fraud then again listed out in terms of the act, whether it's the Theft Act, the Fraud Act, companies house, Companies Act. And others. So it is part of quite a complex landscape. I think the act does a really good job in the two schedules of actually listing out what that landscape is. But again, it's an area that's going to obviously continue to evolve as well.
Fran Marwood
As you said, it's quite a long read, so getting the guidance on where to go is certainly very welcome. Thanks for that. I mean, one area that's going to be front of mind is whether anti fraud procedures are seen as reasonable. And on that theme, we're just going to ask you all now two questions, and you should be seeing those on your screens now. You've got about 20 seconds to answer those. So as usual, we need to be quick with those, but there are two questions popping up. The first of those is, have you started working on the failure to prevent requirements? Yes or no, and do you think your procedures would be reasonable in light of the offense? And then there's a yes, no, and I'm not sure. And we'll pick up the answers to those as our session progresses over the course of that. So so whilst we're waiting for those poll results, Penny, carrying on from Jonathan's point. I know a lot of our client conversations have focused on the changes that need to be made to anti fraud procedures? And I wondered if you could give us an overview of reasonable procedures. And Any insights that you can give having drafted the guidance on the upcoming guidance would be really helpful.
Penelope Dunbabin
Yes, sure. So the prevention procedures are very similar to the ones in the bribery guidance, the failure to prevent bribery guidance, and the failure to prevent criminal facilitation of tax evasion guidance. And as such, they should be familiar to quite a number of people in the audience. They're based around six principles. They're not prescriptive because this is covering the whole economy. It's covering everything from accountancy firms to waste to construction to airlines. So it's not easy to be prescriptive. The six principles are top level commitment, risk assessment, proportionate risk based prevention procedures, due diligence, communication, including training, and monitoring and review. So the first one, top level commitment. This means that we need senior managers taking responsibility for the governance of the failure to prevent fraud regime within the organization. The risk assessment, this is quite important. What we don't want is companies saying, you know, we are regulated by whatever regulator, the CA, the environment agency, whatever it may be. Therefore, we are automatically covered. We want companies to do a risk assessment, fraud, and to then stress test their existing fraud prevention procedures and see where the gaps are, see where any reinforcing policies need to be put in place. Once they have a set of risk based prevention procedures, then they need to communicate that throughout the organization, and also to their contractors as well. So that is quite an important part. And communication should also cover whistleblowing as well, whistleblowing procedures. There'll be due diligence elements, for example, vetting of staff, and so on, particularly in sensitive professions, sensitive roles within the company, and monitoring and reviews. So obviously, the risk based assessment will need to be updated as technology changes, as regulations change, as general practice changes. So that is an important part of the procedure. As the offense becomes embedded, there may be deferred prosecution agreements, and it may be possible to use some of that information, you know, but to improve existing food prevention procedures, you know, so other companies may find that information available to them.
Fran Marwood
No. Thank you. And I think our audience will welcome the fact that it's principles based, and that you know, that's a concept that, in other areas, they will be very familiar with,
Fran Marwood
so that's very helpful. Thank you. And Jonathan, just reflecting on Penny's comments, I wondered what advice you might have for our viewers on practical steps that they can be taking now. Sure.
Jonathan Holmes
Well, Penny, I thought that was really helpful to hear the sort of the six areas, as you said, and it does follow guidance that we've seen previously. I'll just pick it up based on the conversations we're having with clients, and frankly, what we're doing to ourselves at PWC, and there's probably three areas. The first one is to think about who's going to be responsible, who within the organ We does this sit within the organization? Whose job is it going to be to understand how the impact of the legislation will impact the organization and where and how will it fit together? The second thing is to look at that in the landscape of the business, how it already operates through existing rules, Katherine to your point are out and there being multiple iterations of failure to prevent. But actually, financial services regulation, environmental, Putting it in the context, I think is a really important thing to do, helps with understanding who's responsible. I guess the last point is risk assessment. You've already mentioned it as being categorical. Not having the guidance doesn't
Jonathan Holmes
mean you can't do the risk assessment. There are some interesting tweaks here, I think in terms of, and we might come onto it, but talking about, it has to benefit the organization as opposed to the organization being a victim. However, fraud risk assessments that companies will have already done. Bringing that through ensuring that it's been done that covers all the bases. You'll want to do it where you're a victim and the benefit, and then be able to look at it from there. Those are the three areas where I think he conversations we're having with clients. And as I said, we're doing it to ourselves too.
Fran Marwood
That's very helpful Jonathan. I think, echo to that point around risk assessment. We've certainly seen a lot of our clients, picking up the phone and speaking to us about how they're going about that and sense checking that, and certainly we've been helping some as well. So getting that starting point right is certainly a key point. So I can see we've got the results of our poll questions coming through. So let's just pick those up now. So the first question as you would remember, was, have you started working on the failure to prevent requirements? And there woppings, 57% are saying, yes, that's a really, really good start, and I think it echoes our practical experience of talking to some of you about that. And I wonder, Panel, whether you've got any observations or thoughts on that.
Penelope Dunbabin
I'm very encouraged to.
Jonathan Holmes
Very encouraging. Have good news. Yes. I think it's something we were talking about it a little bit earlier when we in Katherine as well point. We've seen this before, that this concept of a fail to prevent offense is really got traction. It's understood in the UK. And I think so companies, it made a lot of noise coming through to fruition to actual law, whether it be because of large organizations and various other things. So I don't think you'd have to slightly be living under a rock, not to have heard about it. Therefore, you want to get slightly ahead of it. You know the guidance is coming, et cetera. So it's very encouraging, and I think it's exactly probably what government would like, you know, the impact of the act to be to have people looking into it.
Fran Marwood
Absolutely. And I think it's really good that everybody's on the front foot with it, Katherine. I don't know whether you've got any thoughts.
Katherine Westmore
Yeah, I mean, I think I think probably a large proportion of that 57% are working on risk assessments at the moment because, we could all tell without the guidance that risk assessment is going to be a core part of this. And also have many organizations. Having a fraud risk assessment in place anyway, regardless of this is good practice. It's something that people already do. So I think for a lot of people, that will be the focus at the moment.
Fran Marwood
Now, thank you for that. And let's just move on to the second question then. Do you think your procedures would be reasonable in light of the offense? And we've we've clearly got some confidence on there with only 3.7% saying that they don't think the procedures would be reasonable. 22% are saying, yes. So they've clearly been on the front foot for a while. And then, we've got the biggest majority, the largest group of the folks on the call are saying 74% are saying, I'm not sure. And I suppose that's to be expected given the fact that the guidance hasn't come out yet. But I wonder, Penny, whether you've got any thoughts on that.
Penelope Dunbabin
Well, just to see, if anybody would like to see the guidance, please, I'm very happy to send it out. The draft guidance has been sent to quite a number of people for informal consultation. We hope to publish the draft guidance in the spring, and the offense should come into effect about four to six months after it is published. So those timelines, they're not set in stone, but that's what we're aiming for.
Fran Marwood
certainly lots of stakeholders,I'm sure to get on side with those across government and Mar Brodley.
Penelope Dunbabin
I'd like to mention something else. There have been some sectors who have expressed interest in sector specific guidance, and we are working on that with them. Great, great. Thank you for that. Jonathan, Katherine, anything to add to that before we move on.
Jonathan Holmes
Certainly there's prudence there, isn't there of being clear that you're sort of systems and processes and controls, stand up to guidance that you haven't yet quite seen yet, but equally, I do think we can take confidence, as you said, the draft has been shared quite widely already. It does follow that same principles based process. It is broader though than what's gone before. Again, I would echo it again, but if you go to Schedule 13, you can see all the offenses that are in there. You might not have thought about those in the context of when you did the bribery assessment and when you did it for tax evasion as well, right?
Fran Marwood
Let's not forget. I mean, this is a good business practice. Fraud is a cost and reducing that cost is helpful to everybody, Katherine.
Katherine Westmore
I mean, I was just going to say that, if I was sitting in an organization, I'd definitely be in that percentage of people not sure. And I think that's partly because we don't know yet what is going to be considered reasonable and we won't know until we start getting prosecutions, and we've seen that with reasonable procedures defense in the Criminal Finances Act. We don't know yet. How the courts are going to define reasonable. We don't know what is the what will be considered reasonable. So I would certainly be sitting there going. I'm doing my best, but I don't know yet if this is going to be considered enough, should I ever be in the case when I've been prosecuted.
Fran Marwood
Now, that's very helpful. And it's a nice link as well to some of the implications of the act. I mean, clearly some big changes for UK companies, and Katherine, coming back to you, I guess, I wondered if you could just give us your thoughts on the impact that you think the legislation is going to have on fraud prevention, and whether you think we'll see an increase in prosecutions as a result.
Katherine Westmore
Sure. I think Jonathan and Penny have done a great job of explaining what people need, and what people can be doing now. I fully expect the next 12, 18 months, maybe next two years are going to see a flurry of activity, particularly around that risk assessment point. To Jonathan's point, it's a wide range of offenses that are captured within this under the definition of fraud, and you also have to think about offenses in a slightly different way, you might have thought them before. I think there will be a fair amount of work to make sure that that risk assessment is comprehensive for the risks. I suspect for large organizations, they might not need to introduce many new controls, but they will certainly need to think about how their controls manage their risks. I think if you look at fat services, for example, where you have 32.6, which requires you to have adequate controls to prevent fraud amongst other things. It might not be a huge amount of change for those controls, but certainly a calibration to what you see from a risk assessment in your risk assessment. But I think what remains to be seen and what will be closely following is what the longer term impact of this offense is. I've written about and done a fair amount of research into the failure to ptation of tax evasion offenses under the Criminal Finances Act. And, the message there that I've heard very clearly is that The impact on a longer term basis is very, very much linked to the enforcement of the offense. If you don't have prosecutions, or you don't have the threat of prosecutions, then the offense itself ceases to become a credible deterrent, really. And the failure to prn fraud offense, we're unlikely to see any prosecutions for the next three to five years given how long it takes to build a criminal case. And yet the government's own assessment suggests that they're not expecting to see a large number of prosecutions. There are no, for example, additional resources for the SFO or the CPS to prosecute the offense. Yeah, and it's probably worth reiterating, I think, when we talk about failure to bring requirements. These aren't actually requirements. They're not a regultory requirements. Nobody's going to come in and look and check to see that you have reasonable procedures in place and give you a fine, if not. It only becomes an issue if you get prosecuted, and then you need to have the defense in place. Whilst investing in your anti fraud controls might make good business sense. Is not that threat of prosecution. I suspect that over time the impact of the offense will weigh, people will stop keeping risk assessments up to date. They won't think about it when they're going into new types of business or new business areas, yet they won't necessarily keep policies and procedures up to date. I think that that important pointing a point around prosecutions is really central to the long term impact of these changes.
Fran Marwood
We saw some press at the weekend, didn't we around the tax evasion tax evasion offenses, and certainly, you know, there are elements that are pushing that hard in terms of, you know, going back and having another look at prosecutions around that. So I think these things will evolve over the longer term. I don't know whether you guys have got any observations on that.
Jonathan Holmes
I might paint the other side of the coin a little bit, if I may. I mean, I sort of I absolutely agree. I think it would be very helpful. I think for everybody to see if there are going to be prosecutions on CCO to actually see them because it will add color and context to what is considered reasonable procedures. I totally agree with that. I do think that I do think two points I'd make. One is that I do think the SFO R upscaling. Whether it's entirely to do with this, it might be more to do with the identification doctrine and the dropping of the sort of lowering of the bar in that respect, which is part of the act as well in Section 196. But there and there also is, as I've noticed, I'm sure we all have post pandemic a sort of political will to be doing more in this arena that I think will come into court related proceedings in due course. So I sort of I understand that yes, it will take time. I do think that, you know, the sort of the rules are important in terms of seeing enforcement action. I do think there is a drive towards it more so than we saw when the criminal finances piece came into play. And I guess I mean, I think it's also a question of understanding how what the government is trying to achieve here. There's a sort of cultural shift. Now, we did see that the rules as it related to what was the base consultation on disclosing activity and failure to prevent material fraud. That's gone. But that cultural shift, I think is still there, so even seeing here that almost 60% of the businesses listening to this today are looking at their fraud prevention, I think would be seen somewhat successful. Sort of that's part of the name of the Act, is that cultural move.
Fran Marwood
Yeah, I think I think that's right. And it's good to see UK business taking that approach. Penny, I don't know whether
Penelope Dunbabin
yeah I agree with everything that has been said.
Fran Marwood
That's great. I think I was just looking. Let's move on now to some of the questions that have been coming through. We've got a few minutes to cover some of those. And I think Penny, you'll be back in the chair on this. We've had a question there. Please, can you do a recap on the six principles? So just in case people didn't have their pen and paper handy. Probably worthwhile as picking that one.
Penelope Dunbabin
Yes, of course. The first one is top level commitment. So we're talking about senior management in the company, taking responsibility for ensuring there is proper governance on this issue. The second one is a risk assessment, so we're expecting companies to do a risk assessment for frauds by associated persons. That's employees, agents, contractors who are offering services on behalf of the company. And the risk assessment is, you know, what are the chances What are the motives? What are the means? What are the opportunities for these people to commit fraud? And And then the next part is, what are the prevention procedures? What prevention procedures do we have already? And are there any gaps with with respect to that framework? And if there are gaps, what are we going to do about it? There's a section on due diligence, and that's particularly related to staff vetting and so on. There is the communication of the fraud prevention procedures to staff, including whistleblowing recommendation. And then there is monitoring and review, and that is keeping the whole framework up to date, if people leave, if the business changes, as you take on different opportunities, and so on. So Monitoring and review is very important.
Fran Marwood
Now, thank you for that. That that's really helpful. I'm sure our audience will find that very helpful. There's another question. How do we get a copy of the draft? And it might be worthwhile just saying a few words about the status of the draft. And then, you know, offline, we'll come up with a way of sharing that rather than everyone bombarding penny.
Penelope Dunbabin
Great.
Fran Marwood
Great. As have anything to say about that.
Penelope Dunbabin
Thank you. Um, there is a first draft available for informal consultation. We are not going to do a formal government consultation. The reason for that is that government consulted quite extensively on or the law Commission consulted quite extensively when they did their review of corporate criminal responsibility. And the actual content of this guidance is quite familiar, I think to most companies because it is so similar to the content for the failure to prevent bribery offense and the failure to prevent criminal facilitation of tax evasion.
Fran Marwood
Now, that's very helpful. Thank you. And as I say, we'll make sure that our viewers have a channel to request that after this event? We've got another just looking at time, I think we've got time for one more question to keep us to time. This is a UK piece of legislation, but how does this impact company's operations in other countries if the company resides in the UK?
Penelope Dunbabin
Okay, so the short answer to that is there is a section in the draft guidance on territoriality. I would be happy to outline, if you wish, but I think it's probably best read in the context of the guidance as a whole, and it does answer those questions. In general terms, there has to be for the offense to apply. ] There has to be a UK nexus. That means that the fraud either has to take place in the UK, or the victims need to be located in the UK, or it's a UK member of staff.
Fran Marwood
Now, that's very helpful. Thank you for that, Penny. Now, before we bring things to a close, it's usual on these sessions that we just go back to the panel and get some closing remarks or observations. So just coming to you, first, Katherine, any sort of overarching reflections from the session today.
Katherine Westmore
Yeah, I mean, it's been a really interesting conversation that you've invited me to be part of it. One of the things that we've sort of touched on briefly is the changes the identification doctrine, and I don't have enough time, I think to go into all of that in a huge amount of detail. But, that fundamentally will, give your prosecutors the ability to bring corporate charges for the behavior of a greater number of individuals in an organization. And that, I think actually has the potential to be a really, really significant change. When we talk about corporate criminal liability, it's the most significant change we've seen in nearly 50 years. And I think if I was sitting in an organization CO board level, That's what I would be quite concerned about and I'd want to be very sure that I knew what my senior managers were doing and had enough oversight of their behavior, so that I knew that where there was a risk that something that they were doing might attract corporate criminal liability as well. I think that goes to the importance of things like whistleblowing hot lines, having good MI. But I think organizations should not just be thinking about failure to prevent offenses, but actually the broader changing landscaper and corporate criminal liability.
Fran Marwood
I agree with you, and I think that's very helpful. Thanks, Katherine Jonathan. Over to you.
Jonathan Holmes
I would echo what you're saying, Katherine and a lot of that. The governance landscape has changed, and this act has changed it both with the failure to prevent offense and the changes the identification doctrine. Understanding what that means for your business is something you can do today, and clearly people already are doing it today, and it makes sense they would be. I would go back to the classics that are understanding that, understanding the responsibilities, understanding how it fits into the rest of the landscape of other rules and regulations that the company is held to. And also looking at the risk assessment. I think it hasn't come up, actually. One point, I thought it might come up in a question, but we know that having an audit in and of itself isn't, practical, isn't enough to say that you have adequate procedures. We know that having an audit done isn't enough to say that you've had assurance over your adequate procedures because they are looking at slightly different things. That said, discussions with the auditors around material fraud and error will be part of the ongoing debate and dialogue to the monitoring point and things like that. So I think I'm I'm certainly encouraged by
Jonathan Holmes
what came out of the poll.
Fran Marwood
No. Thanks for that Jonathan and Penny.
Penelope Dunbabin I'm also very encouraged by the number of people who are attending and the interest generally. And thank you for the opportunity to be present on the panel.
Fran Marwood
It's been our pleasure, and I'm sure everybody will have found that extremely helpful. I mean, you know, it feels like a really valuable step forward in helping the UK to sort of prevent fraud. So I'm sure we'll be covering this topic again on our broadcast in future session. So let's bring things to a close. Firstly, a huge thank you to all our panelists for joining us today. Thank you. And to all of you for your great input during the session. Please do be sure to visit the broadcast web hub. There's lots more information and previous sessions on there. And don't forget to keep an eye out for our future broadcast sessions, and let us know if there are any topics that you're particularly interested in hearing about. We're always keen to make sure that we're hitting the spot from what our audience wants to see. So thank you, and we look forward to seeing you all again soon.
