Tag: failure to prevent fraud

Categories
Blog

Setting the Tone: Why Top-Level Commitment Is the Heart of Fraud Prevention

In today’s rapidly evolving compliance landscape, one principle has become abundantly clear: effective fraud prevention starts at the top. The Economic Crime and Corporate Transparency Act 2023, with its new offense of failure to prevent fraud, has elevated the expectations for senior leadership and boards across large organizations. Fortunately, the UK government has put out a document entitled “Economic Crime and Corporate Transparency Act 2023: Guidance to organisations on the offence of failure to prevent fraud.” (The Guidance). Section 3.1 of the official guidance, titled “Top Level Commitment,” should be required reading for every compliance professional seeking to build a credible, defensible, and sustainable anti-fraud culture. Today, we take a deep dive into what a top-level commitment is.

The Imperative: Leadership’s Role in Preventing Fraud

Section 3.1 places the responsibility for preventing and detecting fraud squarely on those charged with governance, including the Board of Directors, partners, and senior management. This is not simply a perfunctory statement. The Guidance makes it clear: without authentic buy-in and leadership from the very top, even the best-written policies and controls will falter.

A culture of zero tolerance for fraud must be more than a slogan. The board and senior management must actively foster an environment where fraud is not only discouraged but also considered unthinkable, where profit derived from or assisted by fraud is unequivocally rejected.

Visible Commitment: Not Just Words, But Deeds

What does genuine top-level commitment look like? The Guidance offers a clear framework. It is about visible, consistent action that resonates throughout the organization. This includes:

  • Publicly rejecting fraud, even at the cost of lost business opportunities. Boards and executives must demonstrate that they will walk away from deals if the price compromises their integrity and values.
  • Explaining the business benefits of a strong anti-fraud posture. Protecting the company’s reputation, building trust with customers and business partners, and ensuring long-term sustainability are tangible, valuable outcomes.
  • Backing policies and codes of conduct with consequences. There must be clarity about what happens if someone breaches anti-fraud policies—up to and including contractual and disciplinary action.
  • Acknowledging and endorsing collective anti-fraud efforts. Participation in industry initiatives or trade body actions against fraud demonstrates seriousness of intent.

A leadership statement is only credible if it is backed by real accountability, named roles, and continuous communication.

Governance: Structuring Responsibility for Real Results

Clear governance is the backbone of any fraud prevention framework. Section 3.1 stresses that organizations should define, document, and communicate who is responsible for every aspect of fraud prevention, from risk assessment to whistleblowing, and from detection to disciplinary actions.

Best practice governance includes:

  • Designated responsibility for horizon scanning, risk assessment, policy development, disciplinary action, whistleblowing, investigation, and ongoing review.
  • Direct access for compliance leadership to the board or CEO, even if day-to-day reporting is elsewhere. This ensures critical issues don’t get buried in middle management.
  • Documentation of decisions and actions. Board minutes should capture key compliance decisions, risk reviews, and follow-up actions.
  • Succession planning for compliance leadership. Governance should account for staff turnover and ensure continuity in anti-fraud efforts, even when key personnel are absent or leave the organization.

In some organizations, the board or senior executives will be personally involved in designing fraud prevention measures; in others, they will delegate this responsibility to the Head of Ethics and Compliance while retaining ultimate accountability. The key is active engagement and oversight.

Commitment to Resources: Funding and Training

Fraud prevention is not a costless endeavor. The guidance is explicit: senior management must allocate a reasonable and proportionate budget for compliance leadership, fraud prevention staff, training, and technology, including due diligence tools and platforms. This budget commitment must be sustained for the long term, not just as a one-off initiative.

Training is equally crucial. Senior management must champion not only initial training but also ongoing refreshers and updates, ensuring that all staff, especially those in high-risk roles, are equipped to identify and prevent fraud. Resilience is key: anti-fraud practices must be maintained even when staff are on vacation, sick leave, or when there is turnover.

Leading by Example: The Tone at the Top

The “tone at the top” is more than a catchphrase; it is the bedrock of ethical culture. Senior managers must embody the standards they expect from the rest of the organization. This means:

  • Openly challenging rationalizations for fraud. Whether it’s “everyone does it,” “it’s not material,” or “it’s for the good of the business,” these are dangerous myths that must be confronted.
  • Encouraging early reporting of concerns. Leadership should foster an open culture where staff feel empowered to speak up, no matter how minor the issue may seem. The earlier a problem is raised, the less likely it will snowball into a major scandal.
  • Making ethics a daily practice, not a quarterly campaign. Whether through regular reminders, integration into performance evaluations, or simply modeling the right behaviors, leaders set the ethical weather for the company.

Communication: Reinforcing the Anti-Fraud Message

Top-level commitment must be communicated consistently and credibly to all key audiences, including employees, contractors, agents, suppliers, and business partners. The guidance recommends tailoring the message for different stakeholders; what resonates with employees may differ from what is relevant for contractors or vendors.

Effective anti-fraud communication should:

  • Highlight the organization’s commitment to integrity over short-term gains.
  • Reinforce the real-world consequences of violating anti-fraud policies.
  • Regularly spotlight examples of ethical leadership, transparency, and collective action against fraud.

The Importance of Whistleblowing

Section 3.1 places significant emphasis on whistleblowing—not only establishing clear channels but also creating a culture where speaking up is encouraged and protected. Senior management should ensure:

  • There are safe, independent channels for reporting concerns.
  • Whistleblowers are protected from retaliation.
  • Reports are acted on quickly and transparently.

A strong whistleblowing culture indicates that leadership is committed to identifying and addressing problems before they become systemic.

The “Why” Behind Top-Level Commitment

Why is all of this so critical? Because fraud is adaptive. It thrives in ambiguity, and it flourishes when leadership is distracted, disinterested, or inconsistent. The Economic Crime and Corporate Transparency Act 2023 raises the stakes: organizations now face not just reputational and commercial damage, but also criminal liability if they cannot demonstrate that their prevention procedures were reasonable and implemented with genuine top-level commitment.

The regulators and prosecutors will look for evidence of this commitment. Are senior managers personally invested? Do they walk the talk? Can they demonstrate, with documentation, that anti-fraud policies are embedded in the organization’s DNA?

Practical Steps for Compliance Professionals

What should compliance professionals do today?

  1. Engage with your board and C-suite. Make sure they understand their personal and collective responsibilities under the Act.
  2. Audit your current governance structures. Identify gaps in accountability, communication, or resource allocation.
  3. Refresh your anti-fraud messaging and training. Ensure it is regular, targeted, and endorsed by top management.
  4. Enhance your whistleblowing framework. Benchmark it against best practices and ensure visible support from leadership.
  5. Document everything. If it’s not written down, it didn’t happen. Ensure that minutes, decisions, and compliance actions are accurately recorded.

Conclusion: Leadership Sets the Standard

Section 3.1 is clear: fraud prevention is not just the job of compliance or internal audit. It is the duty of those at the top. Authentic leadership means investing in people, systems, and culture; communicating a vision of integrity; and never wavering, even when the pressure to bend the rules is immense.

For the modern compliance professional, this is both a challenge and an opportunity. With exemplary leadership, organizations can move beyond reactive compliance and build an enduring culture where ethical conduct is the norm and fraud has no place to hide.

Join us tomorrow, where we will consider a fraud risk assessment.

Categories
Blog

Rethinking Compliance: Practical Steps for Adapting to the UK’s New Failure to Prevent Fraud Legislation

The introduction of the Economic Crime and Corporate Transparency Act 2023, specifically the offense of failure to prevent fraud (FTPF), takes effect on 1 September 2025. Every US company doing business in the UK or with UK companies must be aware of this law and its implications for them. The jurisdiction is as broad as or even broader than the US Foreign Corrupt Practices Act (FCPA). Corporate compliance professionals are finding themselves in uncharted territory with this new legal framework, requiring a thorough understanding of how this legislation applies and how it can potentially reshape their compliance strategies. Fortunately, the UK government has put out a document entitled “Economic Crime and Corporate Transparency Act 2023: Guidance to organisations on the offence of failure to prevent fraud.” (The Guidance) Over the next several blog posts, I will explore the Guidance and its implications for US-based compliance professionals.

The FTPF introduces corporate criminal liability for large organizations where an associated individual commits fraud, intending to benefit the organization or its clients. This represents a seismic shift for corporate compliance programs because senior management does not need to have ordered or even been aware of the fraud for liability to attach. The very act itself, if proven to benefit the organization or its clients, triggers organizational accountability.

Which companies exactly fall under this statute? The scope applies specifically to large organizations, defined as incorporated entities or partnerships that meet at least two of the following criteria: having more than 250 employees, a turnover exceeding £36 million, or total assets exceeding £18 million. This definition intentionally includes subsidiaries and partnerships within its ambit, casting a wide net for compliance oversight.

The Guidance clearly defines the types of fraud included under the new offense. These base fraud offenses include fraud by false representation, failing to disclose information, abuse of position, false accounting, cheating the public revenue, and fraudulent trading. Organizations must now look beyond mere regulatory adherence to proactive fraud detection and prevention strategies, given the broad spectrum of fraud covered.

The term “associated person” is critical. It extends beyond employees and explicitly includes agents, subsidiaries, or any other persons providing services for or on behalf of the organization. The Guidance notably excludes those merely supplying goods, emphasizing service relationships as the core focus. Understanding the depth and breadth of these associations will require enhanced due diligence processes, rigorous vetting of service providers, and a fundamental re-evaluation of contractual relationships.

Territoriality is another aspect that compliance professionals must closely evaluate. The offense holds a distinct UK nexus; thus, fraud committed by associated persons must either occur in the UK or involve gains or losses realized within UK boundaries. This global perspective on compliance places significant responsibility on UK-based operations with international associations and activities.

Notably, the Guidance outlines scenarios to clarify ambiguities. Consider, for instance, the fraud committed by the payroll department, which diverted employee pension funds to support other internal projects. Here, the payroll head abuses their position of trust to commit fraud intended to benefit the company’s operations. Even if no senior manager or director was aware of the fraud, the company could still face prosecution under this legislation unless it has demonstrably reasonable procedures in place to prevent such fraud.

In terms of defensive mechanisms, the guidance emphasizes the implementation of “reasonable fraud prevention procedures.” This implies that corporations must adopt tailored compliance systems that consider the specific risks associated with their industry, size, and operational territories. Simply having generic fraud detection tools will likely fall short of satisfying this legal standard. Instead, robust, proactive, risk-specific compliance measures, supported by ongoing training and review, become non-negotiable.

The Serious Fraud Office will lead investigations into the FTPF, and the Crown Prosecution Service will handle any courtroom work. An interesting aspect here is the possibility of Deferred Prosecution Agreements (DPAs) in England and Wales, suggesting that organizations may negotiate terms if fraud prevention measures were deemed insufficient initially but have since been significantly improved.

The Guidance emphasizes the importance of corporate cooperation with enforcement authorities. Organizations that demonstrate transparent reporting, proactive fraud detection efforts, and comprehensive preventive frameworks are likely to receive more favorable prosecutorial discretion and may be eligible for DPAs.

From a compliance perspective, understanding intent to benefit is crucial. The Guidance explicitly notes that even indirect or unrealized benefits to the organization, such as a failed attempt to attract investors through false accounting, could trigger liability. The intent to benefit need not be the primary motivation; any incidental or indirect benefit, financial or otherwise, places the organization at risk. Compliance programs must thus anticipate, monitor, and mitigate even seemingly remote risks.

This guidance represents not only a legal shift but also a call for a cultural transformation within corporations. Compliance professionals must foster an environment where ethical practices are embedded, whistleblowers are supported, and robust prevention frameworks are continuously evaluated and strengthened.

Key Highlights for Corporate Compliance Professionals:

  1. Understand the expanded scope of corporate liability and who qualifies as an associated person.
  2. Clearly identify the specific types of fraud covered under the Act.
  3. Implement tailored and robust fraud prevention procedures.
  4. Recognize the importance of territorial considerations for global operations.
  5. Foster a proactive and ethical organizational culture, supported by strong whistleblowing protocols.

The Economic Crime and Corporate Transparency Act 2023 mandates a higher degree of vigilance, proactive risk management, and cultural alignment with anti-fraud values. Organizations failing to adapt swiftly to this evolving compliance landscape risk severe financial penalties, reputational damage, and operational disruption. Forward-looking compliance professionals will seize this moment to reinforce corporate integrity, safeguard organizational reputation, and ensure lasting resilience against fraud.

The Guidance provides an entire section on compliance with the FTPF. Join us tomorrow as we take a deep dive into its prescripts.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Preparing for the Failure to Prevent Fraud Act

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we examine the UK’s Failure to Prevent Fraud Act, which is set to take effect later this year. We consider what compliance professionals need to do to prepare for it.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Life with GDPR

Life With GDPR – Understanding the UK’s Failure to Prevent Fraud

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. This episode delves into the UK’s Failure to Prevent Fraud guidance.

The podcast spans the initial implications and conflicts these new provisions present, especially in the context of GDPR and compliance with bribery investigations. Jonathan explains the concept of ‘failure to prevent fraud,’ drawing parallels with the 2010 UK Bribery Act, and outlines six key principles organizations must adhere to to demonstrate compliance. Additionally, the episode delves into specific steps compliance professionals should take before the new provisions come into force by July 2025, including gap analysis, policy updating, training, and more.

Key takeaways:

  • Failure to Prevent Bribery and Fraud
  • New Legislation and Its Implications
  • Reasonable Procedures Under the Failure to Prevent Fraud Act
  • Comparing Fraud and Bribery Compliance
  • Steps for Compliance Professionals

Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Categories
Blog

Failure to Prevent Fraud: The Guidance

Guidance - wooden signpost, roadsign with one arrow

Last week, the much-anticipated Guidance regarding the UK’s new Failure to Prevent Fraud (FTPF) offense was released (the Guidance). This offense, embedded within the Economic Crime and Corporate Transparency Act 2023 (ECCTA), introduces a proactive requirement for organizations to take measurable steps in fraud detection and prevention. Much like the influence of the Bribery Act 2010 on corporate anti-bribery measures, the FTPF aims to reshape how organizations tackle fraud. Compliance professionals need to understand the core elements of this new offense, its global reach, and the practical steps they must implement to establish a robust fraud prevention framework.

Overview of the FTPF Offense

The FTPF offense holds large, incorporated bodies and partnerships liable if an associated person—defined similarly to the Bribery Act as employees, agents, subsidiaries, or other connected individuals—commits fraud to benefit the organization. Unlike some traditional liability structures, there is no need for senior management or directors to have knowledge of the fraud for the offense to apply. Instead, liability rests on the failure of the organization to have reasonable fraud prevention procedures in place.

Under the FTPF guidelines, organizations with over 250 employees, £36 million in turnover, or £18 million in total assets qualify as “large organizations.” This broad reach ensures the inclusion of all significant organizations across various sectors.

What Constitutes “Reasonable Procedures”?

The core of the FTPF offense lies in the expectation that organizations adopt “reasonable prevention procedures” to mitigate fraud risks. In guidance similar to that issued for the Bribery Act, the Home Office has outlined six key principles to inform these procedures. By adopting these principles, organizations can create a robust fraud prevention strategy that may also serve as a defense in the event of an FTPF prosecution. These principles and their applications will sound familiar to the anti-corruption compliance professional.

  1. Top-Level Commitment

The Guidance emphasizes that fraud prevention must start at the top. This principle requires those charged with governance, such as the board and senior executives, to actively promote an anti-fraud culture. Senior leaders should publicly commit to anti-fraud initiatives, participate in training, and regularly communicate the importance of ethical behavior throughout the organization. This sends a powerful message that fraud will not be tolerated and that compliance is a priority.

  1. Dynamic and Documented Risk Assessment

Organizations must conduct regular and dynamic risk assessments. This means continually assessing vulnerabilities to fraud, understanding how systems and structures might incentivize fraudulent behavior, and recognizing any cultural factors that might quietly tolerate fraud. The key is to develop a documented fraud risk assessment process. This should include identifying high-risk areas, reviewing internal controls, and monitoring for red flags that may indicate potential fraud.

  1. Proportionate, Risk-Based Procedures

The Guidance advocates for risk-based and proportionate procedures tailored to an organization’s specific risks and operational context. This principle ensures that prevention measures are realistic and directly address identified risks. Based on your company’s risk assessment findings, you must establish clear, enforceable policies on fraud prevention. For instance, organizations with high fraud risk should consider more robust internal controls, while low-risk entities may implement fewer but targeted controls.

  1. Due Diligence on Third Parties and Staff

Due diligence is a cornerstone of every compliance type, specifically fraud prevention. It requires organizations to scrutinize those performing services on their behalf. By understanding the backgrounds and affiliations of employees, agents, and subsidiaries, organizations can reduce the likelihood of associating with individuals likely to engage in fraud. Your company should implement a structured due diligence process for all new hires, contractors, and third-party partners. This might include background checks, financial reviews, and regular audits of high-risk partners.

  1. Effective Communication and Training

A policy is only effective if understood and practiced throughout the organization. The Guidance emphasizes embedding anti-fraud measures through communication and training. Your company should develop fraud prevention training programs for all employees, focusing on high-risk roles. Ongoing training and communications should reinforce policies, address emerging fraud risks, and equip employees to recognize and report fraud indicators.

  1. Ongoing Monitoring and Continuous Improvement

Finally, the guidance stresses the need for continuous monitoring and review of fraud prevention procedures. This principle ensures that procedures evolve in response to emerging fraud risks, changes in business structure, and lessons learned from incidents.

Your organization should set up regular audits and establish metrics for assessing the effectiveness of fraud prevention measures. Organizations should also review any incidents to identify weaknesses in current controls and revise them accordingly.

Extra-Territorial Reach and the UK Nexus

One of the more complex aspects of the FTPF offense is its extra-territorial scope, reminiscent of the Bribery Act’s reach. Under the FTPF, organizations outside the UK may still be subject to prosecution if fraud committed by an associated person has a UK nexus. This could mean that any part of the fraud, or the resulting gain or loss, has occurred in the UK, even if the organization is headquartered overseas.

Additionally, parent companies may be liable for fraud committed by their subsidiaries if the fraud benefits the parent or involves their clients. This extra-territorial reach ensures that subsidiaries, especially those operating internationally, adhere to the same standards as their parent companies.

Key Steps for Compliance Professionals

The FTPF offense goes into effect on September 1, 2025, giving organizations approximately nine months to prepare. Below is a roadmap to help compliance teams proactively address the requirements:

  1. Evaluate and Revamp Existing Procedures. Review current anti-fraud policies and practices against the Guidance. Identify gaps in due diligence, risk assessment, and top-level commitment.
  2. Conduct a Fraud Risk Assessment. If an organization has not recently performed a comprehensive fraud risk assessment, now is the time. This Fraud Risk Assessment should include all subsidiaries and associated persons, especially if the organization has a UK nexus.
  3. Update Training Programs. Fraud prevention training should be robust, engaging, and frequent. It should cover both general anti-fraud policies and specific red flags relevant to different roles. Training should also encourage employees to report suspected fraud.
  4. Set Up Continuous Monitoring Mechanisms. Implement regular audits and monitoring processes to identify potential fraud risks. Ensure that fraud incidents are analyzed to understand what went wrong and how similar issues can be prevented.
  5. Engage with Leadership. Work closely with leadership to reinforce the tone from the top. Schedule periodic updates to senior management on fraud prevention initiatives and engage them in visible support of anti-fraud efforts.

Lessons from the Bribery Act 2010

The similarity between the FTPF guidance and the Bribery Act 2010’s failure-to-prevent provisions suggests a familiar path for organizations implementing robust anti-bribery frameworks. Those frameworks can provide a strong foundation for meeting FTPF requirements, with adjustments tailored to fraud risks. However, the Bribery Act’s implementation highlighted common challenges, such as ensuring proportionality and maintaining engagement over time. Organizations should leverage lessons learned, balancing robust prevention measures with practical, context-appropriate implementations.

The introduction of the FTPF offense represents a new era for corporate fraud prevention. With its expansive definition of associated persons, extra-territorial reach, and focus on proactive measures, the FTPF compels organizations to be vigilant, proactive, and thorough. Compliance teams should view this offense as an opportunity to strengthen organizational resilience, mitigate fraud risks, and protect stakeholders. By aligning with the six principles in the guidance, organizations can meet regulatory expectations and foster a culture of integrity and trust that supports long-term success.

Categories
FCPA Compliance Report

Sam Tate on New Failure to Prevent Cause of Action

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, I am joined by Sam Tate, a partner at RPC. Sam co-authors the leading UK anti-corruption compliance textbook “Bribery: a Compliance Handbook.” He works closely with several FTSE 100, international, and privately owned entities and individuals concerning financial crime proceedings, investigations, and practical crime prevention programs. He recently led the settlement on the ground-breaking 11th and 12th UK DPA’s and conducted the independent investigation for the Financial Times of allegations made by Wirecard against its reporters.

In this episode, they discuss the proposed Economic Crime and Corporate Transparency Bill and how it could majorly affect companies not based in the U.K. The bill includes verification for all new and existing registered companies, directors, and persons and provisions making it easier for the National Crime Agency. Sam Tate predicts this will result in more focused prosecutions than Deferred Prosecution Agreements, although it should make settlements easier. This collaboration between the UK and the U.S. will be a lasting legacy of our time.

Key Highlights

Economic Crime Legislation in the UK [00:04:49]

The Potential Impact of a New U.S. Bill on Global Businesses [00:08:40]

The Cost of Increased Business Regulation [00:12:24]

Sharing Information and Improving Access between Regulated Entities and the National Crime Agency [00:16:34]

The Impact of US-UK Relationships on Prosecutions and Deferred Prosecution Agreements [00:20:49]

The Challenges of Settling Issues in the UK [00:24:36]

 Notable Quotes

1.     “So if you have a fraud offense, then a corporate doing probably doing any business in the UK, or having a presence in the business in the UK so that it could be one in the US, it could be one anywhere in the world, anywhere in the world with presence business in the UK, would be corporately criminally liable if it failed to prevent fraud unless it had a series of adequate procedures in place to prevent that.”

2.     “It’s something we call the ‘guidance in mind’ test. They are the brains of the company, and they’ve got to be involved for the corporates to be criminally live criminally liable.”

3.     “Bribery is defined in our legislation as offering something with the intention of causing another person to perform their duties improperly. Fraud takes a few forms; worth essentially is a deceit of one kind or another, sometimes with the abuse of trust or over opposition to trust.”

4.     “It’s not entirely clear what that is because we haven’t had a ton of cases. But it’s a registered office, a large part of your business, or even a smaller part of your business, a trading arm, perhaps doing your accounts here. Probably something a little bit more than trading on the UK stock exchange, but not much more is enough to have a part of your business in the UK.”

 Episode Links

RPC

Sam Tate

Bribery: a Compliance Handbook

Connect with Tom Fox on LinkedIn