We continue our deep dive into the Economic Crime and Corporate Transparency Act 2023, which has elevated the expectations for senior leadership and boards across large organizations. Fortunately, the UK government has put out a document entitled “Economic Crime and Corporate Transparency Act 2023: Guidance to organisations on the offence of failure to prevent fraud.” (The Guidance). Section 3.3 of the official guidance, titled “Proportionate risk-based fraud prevention procedures,” should be required reading for every compliance professional seeking to build a credible, defensible, and sustainable anti-fraud culture.

Central to this preparation is the concept of proportionate, risk-based fraud prevention procedures. The keyword here is “proportionate,” that is, the measures your organization takes should directly correspond to the level and types of fraud risks identified. These procedures must be clear, practical, accessible, effectively implemented, and robustly enforced. Today, we take a deep dive into what a top-level commitment is.

Understanding Proportionality

The cornerstone of effective fraud prevention lies in creating procedures proportionate to the identified risks. Simply put, the greater the potential risk and impact of fraud, the more stringent and comprehensive your procedures must be. Conversely, lower-risk scenarios justify lighter-touch measures. It is imperative that your organization documents decisions around fraud prevention measures, especially when opting not to implement specific controls due to limited risk. Such documentation must include the rationale, the authorizing individual’s identity and role, and regular review cycles.

Leveraging Existing Controls and Procedures

Organizations subject to a variety of regulatory requirements, from financial reporting to environmental and health and safety, often already have robust compliance measures. It is prudent to evaluate whether these existing controls sufficiently address fraud risks highlighted in your fraud risk assessment. However, relying solely on regulatory compliance to satisfy the FTPF offense requirements is not sufficient. Organizations must actively validate and, if necessary, augment these controls to target fraud prevention specifically.

Proactive Reduction of Fraud Opportunities

Fraud prevention procedures should aim primarily at minimizing opportunities for fraud. This can include thorough pre-employment vetting, ongoing background checks for high-risk roles, and consistent anti-fraud training. Regularly evaluate the effectiveness of such training through monitoring and feedback loops. Systematically assessing emerging risks, conducting fraud impact assessments for new services or business partners, and ensuring robust fraud management throughout the P2P procurement cycle (in addition to the QuoteToCash cycle) are also critical steps.

Moreover, consider best practices such as segregation of duties, stringent account reconciliations, suitable approval arrangements, rigorous conflict-of-interest policies, and robust data security measures to minimize potential opportunities for fraud.

Addressing Motivations and Rationalizations

Understanding and managing the human elements of motive and rationalization behind fraudulent actions are crucial. Motive can often stem from incentive structures such as aggressive bonus schemes or time-sensitive pressures encouraging shortcuts. Evaluate and adjust these incentives to discourage fraudulent behaviors.

Rationalization, the mental justification individuals employ to legitimize unethical behavior, can erode even the most robust control environments. Combat this through proactive ethics training, reinforcing the adverse impacts of fraud on both the organization and broader society, and embedding strong ethical reminders within performance evaluations.

Establishing Clear Consequences

Effective fraud prevention strategies must communicate the internal disciplinary procedures for fraud. Organizations should transparently share the outcomes of fraud investigations with employees and other associated parties, reinforcing a zero-tolerance stance. Visible and consistent consequences serve as powerful deterrents, underpinning organizational integrity and commitment to ethical practices.

Preparing for Emergency Scenarios

Crises and emergency scenarios inherently elevate fraud risks. Whether facing economic downturns, natural disasters, or other unforeseen events, your organization must proactively embed emergency scenario planning within your fraud prevention strategy. Prepare detailed contingency measures and ensure rapid transition back to normal operational controls post-crisis, meticulously documenting all measures implemented and actions taken.

Ongoing Monitoring and Continuous Improvement

Your fraud prevention strategy should never be static—ongoing monitoring and validation of your prevention measures through independent internal reviews or external audits. Using external resources such as the Fraud Advisory Panel, Cifas, or specific industry insights can enrich your approach and ensure comprehensive risk coverage. Publicly available cases of fraud prosecutions or Deferred Prosecution Agreements (DPAs) can further inform and improve your prevention strategies.

Five Key Lessons Learned for Compliance Professionals:

1. Proportionality is Essential: Always tailor your fraud prevention procedures directly to the level of identified risk. Document any decisions about reduced measures clearly and comprehensively.
2. Do Not Rely Solely on Existing Compliance Mechanisms: Existing regulatory compliance processes may help prevent fraud, but are not automatically sufficient to meet FTPF obligations. Active validation and enhancement are necessary.
3. Proactive Risk Mitigation is Crucial: Take active steps to mitigate fraud opportunities through regular vetting, comprehensive training, and robust management of procurement processes and sensitive information.
4. Understand and Address the Human Element: Reduce motivations and rationalizations by managing incentives, fostering a strong ethical culture, and ensuring transparent and communicated consequences for fraudulent actions.
5. Prepare and Continuously Test Emergency Measures: Integrate emergency scenarios into your fraud prevention plans and consistently test these strategies through independent assessments, ensuring your organization remains prepared and resilient.

As we approach the FTPF offense’s implementation, compliance professionals must reinforce their strategic roles, embedding robust, proportionate fraud prevention measures. This comprehensive approach not only safeguards organisations from fraud but also positions compliance as a proactive, essential pillar of organizational integrity and resilience. By continuously reviewing, refining, and reinforcing these measures, compliance teams will effectively mitigate potential fraud risks, uphold organizational values, and maintain stakeholder trust. Proportionate fraud prevention is not merely regulatory compliance; rather, it is a strategic imperative vital to your organization’s long-term success and sustainability.

Join us tomorrow as we consider due diligence, training, ongoing monitoring, and continuous improvement.