Author: admin

Categories
Blog

Auditors and Compliance: Part 1 – Auditors and Illegal Acts

Regarding compliance, one area that requires heightened attention is the role of auditors in detecting, evaluating, and communicating illegal acts. Recently, the PCAOB issued a document entitled SPOTLIGHT Auditor Responsibilities for Detecting, Evaluating, and Making  Communications About Illegal Acts. It outlines public auditors’ responsibilities when assessing a company’s compliance with laws and regulations. These responsibilities have far-reaching implications for corporate compliance professionals, as they directly influence how auditors evaluate and report on potential illegal acts that can impact financial statements and overall corporate integrity.

Over the next couple of blog posts, I will review this  SPOTLIGHT. In today’s blog post, we will unpack the auditor’s responsibilities for a compliance program, including the steps for identifying illegal acts, the evaluation process, and the requirements for reporting findings to management, audit committees, and possibly the SEC. Tomorrow, I will set out 10 key takeaways for the compliance professional regarding their role in interacting with auditors for compliance regimes.

Detecting Illegal Acts: A Critical Component of the Audit Process

Auditors must design and execute procedures that ensure reasonable assurance of detecting illegal acts that could materially affect a company’s financial statements. This duty is rooted in federal securities laws, specifically Section 10A of the Securities Exchange Act of 1934, which mandates that auditors remain vigilant to possible violations of laws and regulations during audits.

Detecting illegal acts is more than due diligence—it’s essential to safeguarding shareholder interests and preserving the integrity of financial markets. This underscores the importance of robust systems that actively monitor and report on regulatory adherence across business operations for compliance officers.

Auditors rely on multiple techniques and resources to identify potential illegal acts, such as:

  • Inquiries-They often begin by questioning management, the audit committee, and internal or external legal counsel.
  • Document Review-Auditors frequently review board minutes, regulatory correspondence, SEC filings, legal counsel letters, and other corporate documents that could reveal legal non-compliance.
  • Risk Assessments-Auditors must understand the company’s industry, regulatory environment, and external factors that could signal legal risks. This assessment helps them target high-risk areas where violations are more likely.

Auditors also investigate complaints and tips, including those from internal whistleblower programs. They may examine unusual transactions or related-party dealings that could indicate red flags. For compliance professionals, it’s crucial to maintain open channels for employees to report concerns without fear of retaliation and promptly address any issues flagged by auditors or internal investigations.

Evaluating Potential Illegal Acts: Procedures and Standards

Once an auditor becomes aware of a possible illegal act, they must determine whether it could materially impact the company’s financial statements. This evaluation requires auditors to understand the incident’s nature and context, often involving management and sometimes higher-level personnel who can provide insight into the situation.

The PCAOB standards and Section 10A mandate that auditors not only detect but also evaluate the likelihood that an illegal act has occurred. Here’s how they proceed:

  1. Gathering Evidence. Auditors may examine relevant documents—such as invoices, contracts, and payment records—to verify the facts surrounding the incident. They might also consult the auditing firm’s legal counsel or senior personnel for additional perspectives.
  2. Materiality Assessment. Materiality is a cornerstone of evaluating illegal acts. Auditors assess whether the potential violation is significant enough to warrant disclosure, focusing on quantitative and qualitative factors. For example, a small illegal payment may be deemed material if it could result in contingent liabilities or raise ethical concerns that affect the company’s reputation.
  3. Assessing Impact on Financial Statements. Auditors must evaluate how the illegal act impacts financial statement amounts, including the need for possible contingent liabilities, fines, or penalties. If senior management is implicated, this raises additional questions about the reliability of other information provided by the company.

This underscores the importance for compliance teams to maintain clear documentation and open communication channels with auditors. Keeping a well-documented trail of internal investigations, responses to auditor inquiries, and corrective actions can help ensure that potential illegal acts are evaluated accurately and comprehensively.

Communicating Illegal Acts: Auditor Obligations for Disclosure

Auditors have specific obligations to communicate illegal acts that come to their attention. The PCAOB and Section 10A set out requirements for notifying management, the audit committee, and, in some cases, the SEC. Here is what companies need to know:

  • Communication with Management and the Audit Committee. If an auditor identifies an illegal act, they must inform the appropriate management level and ensure that the audit committee is aware. This notification must occur as soon as possible before issuing the auditor’s report. The goal is to allow management and the audit committee to take corrective action and disclose any potential impacts to shareholders.
  • Reporting to the Board and the SEC. If the illegal act is deemed material and management fails to take timely and appropriate action, the auditor has a duty to report to the company’s board of directors. Under Section 10A, the auditor must notify the SEC if the board fails to remedy the situation within a specified timeframe. This step underscores the importance of accountability in corporate governance and compliance, as it introduces potential regulatory consequences for inaction.
  • Impact on Auditor Opinion. The auditor may issue a qualified or adverse opinion if the illegal act materially affects the financial statements and is not adequately disclosed or corrected. In cases where the auditor cannot obtain sufficient evidence to assess the impact of the illegal act, they may even disclaim an opinion. In extreme cases, the auditor may consider resigning from the engagement if the company does not take appropriate remedial actions.

This means that prompt and transparent responses to potential illegal acts are crucial for companies. Failing to address issues raised by auditors can lead to negative audit opinions, regulatory investigations, and significant reputational damage.

Strengthening Compliance Programs to Address Auditor Requirements

The PCAOB’s recent guidance emphasizes robust compliance programs’ role in facilitating audits and managing risks related to illegal acts. Compliance professionals should take the following steps to align their programs with PCAOB and SEC expectations:

  1. Develop Clear Policies and Reporting Mechanisms. Ensure that your compliance policies explicitly address legal requirements relevant to your industry and geographic region. Implement reporting mechanisms that allow employees to raise concerns anonymously, fostering a culture of transparency and accountability.
  2. Conduct Regular Risk Assessments. Just as auditors assess risk during their engagements, compliance teams should regularly evaluate areas prone to legal violations. High-risk areas like financial transactions, related-party dealings, and regulatory filings should be monitored closely.
  3. Provide Comprehensive Training. Equip employees with the knowledge to identify and report illegal acts. Include training on whistleblower protections and internal reporting mechanisms, ensuring all employees understand their role in upholding legal and ethical standards.
  4. Enhance Documentation and Transparency. Documenting compliance efforts is crucial, especially for areas that could attract auditor scrutiny. Keep detailed records of internal investigations, management’s responses to auditor inquiries, and any corrective actions to address potential violations.
  5. Establish a Strong Tone at the Top. Finally, fostering a culture of compliance begins with leadership. Management should demonstrate a clear commitment to legal and ethical standards, providing resources and support to compliance teams. When leadership prioritizes compliance, employees are more likely to report concerns, which can ultimately prevent illegal acts from going undetected.

The Path Forward

The PCAOB’s SPOTLIGHT is a valuable checkpoint for companies to evaluate their internal controls and compliance programs. Auditors play a vital role in identifying illegal acts, but the responsibility for maintaining legal compliance ultimately rests with the company. Companies can navigate this complex landscape and mitigate the risk of material misstatements or regulatory penalties by implementing a strong compliance program, fostering transparency, and responding promptly to auditor inquiries.

The bottom line? Even under the incoming second Trump Administration, a proactive approach to compliance is not simply best practice; it is an essential core of doing business ethically and in compliance. Compliance professionals should work closely with auditors, ensuring the company is prepared to detect, evaluate, and address any potential legal issues that could impact financial reporting. The goal is a collaborative effort where compliance and audit functions work together to uphold the integrity of the financial statements and the trust of stakeholders.

Join us tomorrow, where we will consider the 10 key takeaways for compliance professionals from SPOTLIGHT.

Categories
The Hill Country Podcast

The Hill Country Podcast – Managing Growth: Insights from Kerrville’s City Manager Dalton Rice

Welcome to the award-winning The Hill Country Podcast. The Texas Hill Country is one of the most beautiful places on earth. In this podcast, Hill Country resident Tom Fox visits with the people and organizations that make this the most unique area of Texas. This week, Tom welcomes   Dalton Rice, the City Manager of Kerrville, back.

Dalton reflects on his first year in the position and discusses the intricate issue of growth management in Kerrville. Dalton delves into growth statistics, challenges with unmanaged growth, and the role of natural and infrastructural limitations in controlling expansion. They explore the city’s proactive measures in growth control and the balance needed to maintain Kerrville’s unique community charm. They also discuss the importance of public-private partnerships, the housing market, collaboration between local schools, and Kerrville’s recognition for its financial and aesthetic achievements. Dalton Rice highlights the city’s continuous efforts in community engagement and ensuring fiscal sustainability, painting a comprehensive picture of Kerrville’s development landscape.

Key highlights:

  • Growth in Kerrville: An Overview
  • Challenges and Strategies for Managing Growth
  • Housing and Infrastructure Development
  • Balancing Growth and Quality of Life
  • Reflections on the First Year

Resources:

Dalton Rice on LinkedIn

City of Kerrville

Other Hill Country Focused Podcasts

Hill Country Authors Podcast

Hill Country Artists Podcast

Texas Hill Country Podcast Network

Categories
Great Women in Compliance

Great Women in Compliance – Joy Hayes and Gitanjali Sakhuja on Expats and Repats: Working Abroad & Reentry to the US

Welcome to the Great Women in Compliance podcast with Hemma Lomax and Lisa Fine, sponsored by Corporate Compliance Insights. Have you considered being an Expat and what it’s like to return after being abroad? This #GWIC episode explores what you need to know on both legs of the journey and the rich personal and professional growth that comes from immersing yourself in another culture and country.

Our expat guests, Joy Hayes, who has just moved to Geneva, Switzerland, and Gitanjali Sakhuja, who has worked in seven different countries and is now back in the U.S., share their journey, tips, and practical advice. Their insights range from when you decide to work in another country to when you return home – and some great experiences (and challenges). Ellen Hunt leads this roundtable discussion with our guests, who share their personal experiences and professional insights on becoming an expat and repat, including balancing expectations, the importance of language proficiency, and the challenges of tax and visa regulations. They also delve into the emotional aspects of adjusting to life abroad and the reentry process, offering practical tips and anecdotes. 

Thanks, as always, to our sponsor, Corporate Compliance Insights, and our wonderful #GWIC community.  You can join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: DOJ Under Trump: FCPA Enforcement and Compliance

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Are you looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of ‘Compliance into the Weeds,’ Tom Fox and Matt Kelly dive into the Trump Administration’s DOJ nominees, FCPA enforcement going forward, and what it may all mean for compliance professionals.

Tom and Matt explore the potential impacts of these nominations, notably the controversial choice of Matt Gaetz as Attorney General, and how they could shape the direction of anti-corruption enforcement and compliance practices. They also discuss the realistic aspects of other nominees, including Trump’s attorneys Todd Blanche and Emil Bove and former SEC Chairman Jay Clayton, who proposed to lead the Southern District of New York. The conversation touches on potential strategies for compliance officers, such as the increased significance of self-disclosure and the broader ramifications for corporate and foreign policy enforcement under a Trump administration.

Key highlights:

  • Trump’s DOJ Nominees: An Overview
  • Potential Changes in FCPA Enforcement
  • Self-Disclosure and Compliance
  • Implications for Compliance Officers

Resources:

Matt in Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: November 20, 2024 – The Mr. Non-Compliant Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Trafigura heads to trial in Switzerland. (Bloomberg)
  • A layer of crypto corruption. (TheBulwark)
  • Firings as layoffs without benefits. (FT)
  • KPMG rehabbed in the UK.  (FT)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids, on Amazon.com.

Categories
Blog

Navigating the DOJ’s Complex Whistleblower Landscape: Key Insights for Compliance Professionals

The Department of Justice (DOJ) recently launched its Corporate Whistleblower Awards Pilot Program to tackle corporate misconduct under various laws. However, unlike the structured and familiar whistleblower frameworks of the SEC and CFTC, the DOJ’s approach has introduced a more fragmented system. Compliance professionals and company executives must prepare for the unique challenges and opportunities this evolving regulatory landscape presents. In a recent Law360 article, Navigating DOJ’s Patchwork Whistleblower Regime authors Patrick Campbell, Jonathan New, and Jimmy Nguyen explored these frameworks. Based on their article, I want to explore what compliance professionals need to know about the DOJ’s new whistleblower regime, the associated pilot programs, and practical steps to bolster your compliance program in light of this shift.

DOJ’s New Whistleblower Programs: A Patchwork Approach

Over the last year, the DOJ’s Criminal Division and several U.S. Attorney’s Offices have introduced several pilot programs, each designed to encourage individuals to report corporate misconduct in exchange for monetary rewards, Deferred Prosecution Agreements (DPAs) or Non-Prosecution Agreements (NPAs). These initiatives build on DOJ’s previous decade-long efforts to foster self-reporting and corporate accountability through clear compliance guidelines and structured voluntary disclosure policies. But this time, the DOJ has opted for a diverse, patchwork system of whistleblower programs instead of a unified framework.

The DOJ’s new whistleblower regime is primarily split into two types of programs:

  1. Monetary Awards Program. Launched on August 1, the Main Justice Pilot Program offers financial rewards for whistleblowers who come forward with information about specific types of corporate misconduct. The program focuses on financial crimes, foreign and domestic corruption, and healthcare fraud targeting private insurers.
  2. NPA Programs. Several U.S. Attorney’s Offices are more focused on granting leniency to whistleblowers who disclose information, even if they had a role in the misconduct. However, the specifics vary across different U.S. Attorney’s Offices, making it difficult for individuals and companies to anticipate how these programs will apply in practice.

Key Components of the DOJ’s Monetary Awards Program

The Pilot Program, which closely resembles the whistleblower programs of the SEC and CFTC, is designed to reward whistleblowers with up to 30% of forfeited proceeds for the first $100 million and 5% for amounts up to $500 million. To qualify, the information provided must:

  • This led to a successful enforcement action with over $1 million in net forfeiture proceeds.
  • Involve original information—meaning information independently obtained and not derived from public sources.
  • Be reported voluntarily and without a preexisting legal obligation to report.

To further incentivize individuals, the DOJ has clarified that any company retaliating against whistleblowers risks losing its cooperation credit and could face additional charges for obstruction of justice. Moreover, the DOJ amended its corporate enforcement policy, giving companies a 120-day window to self-report misconduct raised by an internal whistleblower before DOJ intervention.

U.S. Attorney’s Offices’ Programs: Encouraging Cooperation from Insiders

The U.S. Attorney’s Office’s whistleblower programs are aimed at insiders who may be involved in misconduct, providing them with an opportunity for leniency in exchange for cooperation. However, these programs vary significantly by jurisdiction. For instance, some offices exclude Foreign Corrupt Practices Act (FCPA) violations, while others include specific offenses relevant to their dockets, like intellectual property theft in Northern California and healthcare provider crimes in New Jersey.

This variation means that companies and whistleblowers need to understand the specific requirements of each U.S. attorney’s office program to maximize their eligibility and cooperation credit potential. While individuals can gain leniency for cooperating, the program’s qualifying factors—such as whether the whistleblower’s actions were voluntary and original—make it essential for companies to encourage internal reporting systems.

Implications of a Fragmented Whistleblower Framework

Unlike the SEC’s uniform and straightforward whistleblower program, the DOJ’s approach brings potential confusion. The variability across the DOJ and U.S. attorney’s offices creates a complex decision-making process for whistleblowers and their counsel, particularly when determining which office to approach and under which program. This lack of clarity may impact the quality and volume of tips the DOJ receives, as potential whistleblowers may hesitate due to perceived ambiguity in eligibility criteria, confidentiality protections, and financial award guarantees.

What This Means for Companies and Compliance Programs

While the DOJ’s whistleblower regime may seem daunting, it also significantly emphasizes voluntary disclosure and corporate accountability. Companies would be wise to address the DOJ’s renewed focus on whistleblowers proactively.

Here are several practical steps that compliance professionals should consider:

  1. Strengthen Internal Reporting Channels. Ensure that employees feel comfortable reporting potential misconduct internally without fear of retaliation. Employees should know they have a safe, reliable method for voicing concerns and that their reports will be taken seriously. Develop clear policies and protections for whistleblowers, as retaliation can cost a company valuable cooperation credit.
  2. Promptly Investigate Reports. DOJ’s policy now includes a 120-day grace period for self-reporting misconduct discovered through internal whistleblower channels. This means companies must prioritize timely investigations and decisions on whether to self-report to the DOJ, especially for conduct that could fall under the whistleblower programs’ target areas.
  3. Update Compliance Training Programs. Employees should be informed of their role in supporting the company’s compliance framework, particularly regarding ethical reporting. Conduct regular training on your whistleblower policies, emphasizing the importance of truthfulness, internal reporting channels, and the protections against retaliation. Training should be targeted, effective, and engaging.
  4. Incentivize Ethical Behavior. Compliance should be more than just an annual checkbox exercise. Companies must incentivize employees to uphold ethical standards by incorporating compliance criteria into performance reviews, compensation structures, and promotion decisions. This strongly conveys that ethical conduct is a priority and will be rewarded.
  5. Establish a Self-Disclosure Protocol. Given the DOJ’s new initiatives, companies need a clear process for evaluating whether and when to self-disclose misconduct to qualify for leniency. Ensure your compliance team is equipped to make quick assessments, especially for serious misconduct that may lead to forfeiture or prosecution.
  6. Align with DOJ Expectations on Compliance Programs. The DOJ’s 2024 Update to the Evaluation of Corporate Compliance Programs stressed the importance of having robust, responsive compliance structures that support a culture of ethical behavior. Companies should benchmark the number and nature of internal reports received, the speed of investigations, and corrective actions against publicly available data to assess their program’s effectiveness.

Looking Ahead: The DOJ’s Expanding Whistleblower Framework

The DOJ’s whistleblower regime is still evolving, with many current programs designated “pilots.” However, with U.S. attorney’s offices adopting new programs rapidly, we’ll likely see further developments, including more offices launching their versions of whistleblower awards and NPA initiatives. For companies, this means a sustained focus on compliance practices that support transparency, encourage reporting, and prioritize swift, decisive responses to misconduct.

Principal Deputy Assistant Attorney General Nicole Argentieri recently noted that the DOJ’s “tip line is open,” a clear message to compliance leaders that the agency is leveraging every available tool to uncover corporate misconduct. This heightened regulatory scrutiny means companies must ensure compliance programs meet DOJ standards and actively encourage a speak-up culture.

Final Thoughts: Navigating the New Whistleblower Regime

The DOJ’s fragmented whistleblower framework challenges companies, whistleblowers, and compliance teams. Nevertheless, these programs underscore the DOJ’s commitment to rooting out corporate misconduct through increased reliance on whistleblowers and internal disclosures. Compliance professionals play a critical role in this environment, as companies must have the right systems in place to respond promptly to reports of misconduct, protect whistleblowers, and, when necessary, self-report to the DOJ within the stipulated timeframe.

In this evolving regulatory landscape, companies must remain vigilant, ensuring that their compliance programs are robust, responsive, and capable of supporting a culture that values ethical conduct. By aligning internal practices with the DOJ’s expectations, companies can better navigate the complexities of the new whistleblower regime and position themselves for success in an increasingly scrutinized business environment.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Policy Week: Political Contributions

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we continue our week-long series on key anti-corruption policies. In this episode, we review political contributions.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids, on Amazon.com.

Categories
Innovation in Compliance

Innovation in Compliance – Navigating Risk Management in the Automotive Industry with Tom Kline

Innovation comes in many forms, and compliance professionals need to be ready for it and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox is joined by Tom Kline, a seasoned automobile industry expert and risk management authority.

The two Toms delve into specific risks unique to car dealerships and how to manage customer and employee relations to avoid regulatory problems effectively. Kline shares his extensive experience from almost 35 years in the industry, detailing strategies like proactive online reputation management and creative contractual clauses designed to preempt legal issues from customer disputes. They also discuss the complexities of insurance policies in the automotive sector and the importance of understanding coverage as a risk mitigation tool. Kline introduces ‘Tuck the Octopus,’ a metaphor for handling the multifaceted challenges dealerships face, emphasizing customer service’s importance in fostering long-term loyalty.

Key highlights:

  • Key Risks in Automobile Dealerships
  • Managing Customer and Employee Complaints
  • Upstream Risk Management
  • Tuck the Octopus: A Creative Solution
  • Service Aspect of Dealerships

Resources:

Tom Kline on LinkedIn

Better Vantage Point

Tuck the Octopus

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: November 19, 2024 – The Corruption of Comedy Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Has Trump’s corruption comedy? (Salon)
  • Competitors to challenge the Elliott affiliate’s bid. (Reuters)
  • Hacker sentenced for Bitcoin heist. (BBC)
  • Will immigration enforcement shut down US industries?  (FT)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids, on Amazon.com.

Categories
Blog

Failure to Prevent Fraud: The Guidance

Guidance - wooden signpost, roadsign with one arrow

Last week, the much-anticipated Guidance regarding the UK’s new Failure to Prevent Fraud (FTPF) offense was released (the Guidance). This offense, embedded within the Economic Crime and Corporate Transparency Act 2023 (ECCTA), introduces a proactive requirement for organizations to take measurable steps in fraud detection and prevention. Much like the influence of the Bribery Act 2010 on corporate anti-bribery measures, the FTPF aims to reshape how organizations tackle fraud. Compliance professionals need to understand the core elements of this new offense, its global reach, and the practical steps they must implement to establish a robust fraud prevention framework.

Overview of the FTPF Offense

The FTPF offense holds large, incorporated bodies and partnerships liable if an associated person—defined similarly to the Bribery Act as employees, agents, subsidiaries, or other connected individuals—commits fraud to benefit the organization. Unlike some traditional liability structures, there is no need for senior management or directors to have knowledge of the fraud for the offense to apply. Instead, liability rests on the failure of the organization to have reasonable fraud prevention procedures in place.

Under the FTPF guidelines, organizations with over 250 employees, £36 million in turnover, or £18 million in total assets qualify as “large organizations.” This broad reach ensures the inclusion of all significant organizations across various sectors.

What Constitutes “Reasonable Procedures”?

The core of the FTPF offense lies in the expectation that organizations adopt “reasonable prevention procedures” to mitigate fraud risks. In guidance similar to that issued for the Bribery Act, the Home Office has outlined six key principles to inform these procedures. By adopting these principles, organizations can create a robust fraud prevention strategy that may also serve as a defense in the event of an FTPF prosecution. These principles and their applications will sound familiar to the anti-corruption compliance professional.

  1. Top-Level Commitment

The Guidance emphasizes that fraud prevention must start at the top. This principle requires those charged with governance, such as the board and senior executives, to actively promote an anti-fraud culture. Senior leaders should publicly commit to anti-fraud initiatives, participate in training, and regularly communicate the importance of ethical behavior throughout the organization. This sends a powerful message that fraud will not be tolerated and that compliance is a priority.

  1. Dynamic and Documented Risk Assessment

Organizations must conduct regular and dynamic risk assessments. This means continually assessing vulnerabilities to fraud, understanding how systems and structures might incentivize fraudulent behavior, and recognizing any cultural factors that might quietly tolerate fraud. The key is to develop a documented fraud risk assessment process. This should include identifying high-risk areas, reviewing internal controls, and monitoring for red flags that may indicate potential fraud.

  1. Proportionate, Risk-Based Procedures

The Guidance advocates for risk-based and proportionate procedures tailored to an organization’s specific risks and operational context. This principle ensures that prevention measures are realistic and directly address identified risks. Based on your company’s risk assessment findings, you must establish clear, enforceable policies on fraud prevention. For instance, organizations with high fraud risk should consider more robust internal controls, while low-risk entities may implement fewer but targeted controls.

  1. Due Diligence on Third Parties and Staff

Due diligence is a cornerstone of every compliance type, specifically fraud prevention. It requires organizations to scrutinize those performing services on their behalf. By understanding the backgrounds and affiliations of employees, agents, and subsidiaries, organizations can reduce the likelihood of associating with individuals likely to engage in fraud. Your company should implement a structured due diligence process for all new hires, contractors, and third-party partners. This might include background checks, financial reviews, and regular audits of high-risk partners.

  1. Effective Communication and Training

A policy is only effective if understood and practiced throughout the organization. The Guidance emphasizes embedding anti-fraud measures through communication and training. Your company should develop fraud prevention training programs for all employees, focusing on high-risk roles. Ongoing training and communications should reinforce policies, address emerging fraud risks, and equip employees to recognize and report fraud indicators.

  1. Ongoing Monitoring and Continuous Improvement

Finally, the guidance stresses the need for continuous monitoring and review of fraud prevention procedures. This principle ensures that procedures evolve in response to emerging fraud risks, changes in business structure, and lessons learned from incidents.

Your organization should set up regular audits and establish metrics for assessing the effectiveness of fraud prevention measures. Organizations should also review any incidents to identify weaknesses in current controls and revise them accordingly.

Extra-Territorial Reach and the UK Nexus

One of the more complex aspects of the FTPF offense is its extra-territorial scope, reminiscent of the Bribery Act’s reach. Under the FTPF, organizations outside the UK may still be subject to prosecution if fraud committed by an associated person has a UK nexus. This could mean that any part of the fraud, or the resulting gain or loss, has occurred in the UK, even if the organization is headquartered overseas.

Additionally, parent companies may be liable for fraud committed by their subsidiaries if the fraud benefits the parent or involves their clients. This extra-territorial reach ensures that subsidiaries, especially those operating internationally, adhere to the same standards as their parent companies.

Key Steps for Compliance Professionals

The FTPF offense goes into effect on September 1, 2025, giving organizations approximately nine months to prepare. Below is a roadmap to help compliance teams proactively address the requirements:

  1. Evaluate and Revamp Existing Procedures. Review current anti-fraud policies and practices against the Guidance. Identify gaps in due diligence, risk assessment, and top-level commitment.
  2. Conduct a Fraud Risk Assessment. If an organization has not recently performed a comprehensive fraud risk assessment, now is the time. This Fraud Risk Assessment should include all subsidiaries and associated persons, especially if the organization has a UK nexus.
  3. Update Training Programs. Fraud prevention training should be robust, engaging, and frequent. It should cover both general anti-fraud policies and specific red flags relevant to different roles. Training should also encourage employees to report suspected fraud.
  4. Set Up Continuous Monitoring Mechanisms. Implement regular audits and monitoring processes to identify potential fraud risks. Ensure that fraud incidents are analyzed to understand what went wrong and how similar issues can be prevented.
  5. Engage with Leadership. Work closely with leadership to reinforce the tone from the top. Schedule periodic updates to senior management on fraud prevention initiatives and engage them in visible support of anti-fraud efforts.

Lessons from the Bribery Act 2010

The similarity between the FTPF guidance and the Bribery Act 2010’s failure-to-prevent provisions suggests a familiar path for organizations implementing robust anti-bribery frameworks. Those frameworks can provide a strong foundation for meeting FTPF requirements, with adjustments tailored to fraud risks. However, the Bribery Act’s implementation highlighted common challenges, such as ensuring proportionality and maintaining engagement over time. Organizations should leverage lessons learned, balancing robust prevention measures with practical, context-appropriate implementations.

The introduction of the FTPF offense represents a new era for corporate fraud prevention. With its expansive definition of associated persons, extra-territorial reach, and focus on proactive measures, the FTPF compels organizations to be vigilant, proactive, and thorough. Compliance teams should view this offense as an opportunity to strengthen organizational resilience, mitigate fraud risks, and protect stakeholders. By aligning with the six principles in the guidance, organizations can meet regulatory expectations and foster a culture of integrity and trust that supports long-term success.