Tag: Failure to Prevent Fraud offense

Categories
Data Driven Compliance

Data Driven Compliance – The Failure to Prevent Fraud Offense: Insights for US General Counsels with Mike DeBernardis

Welcome to Season 2 of the award-winning Data Driven Compliance. In this new season, we will look at the new Failure to Prevent Fraud offense. Join host Tom Fox as we explore this new law and how to comply with it through the lens of data-driven compliance. konaAI sponsors this podcast. In this episode of Season 2, Tom Fox is joined by Mike DeBernardis, Partner at Hughes Hubbard & Reed.

In this episode, Tom and Mike look at the specific offenses listed in the Failure to Prevent Fraud Offense and translate them into US-legalese. They discuss common misunderstandings among US lawyers, the broad jurisdictional scope, and specific fraud types under UK law, such as fraud by false representation, failure to disclose information, and abuse of position. They also emphasize the importance of risk assessments for US companies with UK operations to ensure compliance and avoid legal repercussions, and also touch on the potential geopolitical implications and the necessity of having robust policies and procedures to prevent fraud. 

Key highlights:

  • Fraud by False Representation
  • Fraud by Failing to Disclose Information
  • Fraud by Abuse of Position and Obtaining Services Dishonestly
  • Corporate Fraud: Participation, Accounting, and Trading
  • Risk Mapping and Compliance Strategies

Resources:

⁠Hughes, Hubbard & Reed⁠

Mike DeBernardis on ⁠LinkedIn⁠

⁠New Considerations for Companies with U.K. Ties: Home Office Issues Guidance to Organisations on the Offence of Failure to Prevent Fraud⁠

⁠konaAI⁠, a Covasant company

Click here for konaAI White Paper Rethinking Compliance: Practical Steps for Adapting to the UK’s New Fraud Legislation

Connect with Tom Fox on ⁠LinkedIn

Categories
Blog

Failure to Prevent Fraud Mastery: Enhancing Due Diligence, Training, and Improvement

We conclude our deep dive into the Economic Crime and Corporate Transparency Act 2023, which has elevated the expectations for senior leadership and boards across large organizations. Our guide in this journey has been the UK government, which has put out a document entitled “Economic Crime and Corporate Transparency Act 2023: Guidance to organisations on the offence of failure to prevent fraud.” (The Guidance) Today, we conclude with the final three sections on Due Diligence, Training, Ongoing Monitoring, and Continuous Improvement.

As compliance professionals prepare diligently for the upcoming implementation of the Failure to Prevent Fraud (FTPF) offense, it becomes imperative to understand and apply comprehensive fraud prevention measures effectively. Central to a robust anti-fraud framework are due diligence, training, monitoring, and review processes. Each of these areas must be executed diligently, proportionately, and tailored specifically to address the unique risks faced by an organization.

Due Diligence: Building Trust Through Vigilance

Due diligence is a cornerstone of an effective fraud prevention strategy. Organizations must apply meticulous and proportionate due diligence procedures to mitigate fraud risks associated with individuals or entities performing services on their behalf.

For organizations facing heightened fraud risks, standard due diligence might not suffice. Comprehensive screening, including the use of technology-driven third-party risk management tools and vetting checks, becomes vital. Contracts should explicitly state compliance obligations and consequences of non-compliance, while mergers and acquisitions must include rigorous assessments of criminal, regulatory, and tax backgrounds.

Moreover, ongoing due diligence is essential; periodic reviews and updates ensure that an organization remains alert to emerging risks or changes in the status of associated persons. Continuous monitoring can detect potential red flags that may arise post-engagement, such as sudden changes in financial stability, reputation issues, or new regulatory concerns. Additionally, organizations should ensure transparency in their due diligence processes, clearly documenting their methods and findings. This not only enhances accountability but also ensures readiness in demonstrating compliance to regulatory bodies or stakeholders during audits or investigations.

Organizations might also consider collaboration with external experts or industry peers to refine their due diligence methodologies, leveraging collective insights to strengthen their anti-fraud defenses. Regular training and awareness sessions about due diligence expectations can further embed vigilance into organizational culture, ensuring that all stakeholders understand and uphold their roles in fraud prevention.

Five Key Takeaways on Due Diligence:

  1. Leverage Technology: Use advanced screening tools and third-party risk management platforms to enhance due diligence effectiveness.
  2. Contract Clarity: Clearly articulate compliance obligations and termination clauses for fraud breaches within contracts.
  3. Monitor Employee Well-being: Regular monitoring to identify stressors or workload issues that might increase susceptibility to fraud.
  4. Mergers and Acquisitions Scrutiny: Conduct thorough fraud prevention assessments during acquisitions, integrating robust prevention measures post-acquisition.
  5. Dynamic Review: Keep due diligence processes proportionate, up-to-date, and responsive to evolving risks.

Training: Empowering Prevention Through Knowledge

Training is critical to embedding an anti-fraud culture within an organization. A clear and regular communication strategy ensures all associated persons fully understand and internalize the organization’s fraud prevention policies and procedures.

Proportionate training tailored to the specific risks of roles within the organization, especially high-risk positions, is essential. Training must detail the nature of the FTPF offense, the particular procedures required, and the clear protocols for whistleblowing. Continuous evaluation and updates ensure training remains practical and relevant, particularly as personnel change. Effective training should also encompass interactive and engaging methods such as workshops, simulations, and scenario-based exercises, which help employees understand the real-world implications of fraud and the critical importance of adhering to procedures.

Incorporating case studies of relevant fraud incidents can significantly enhance learning by illustrating practical examples and reinforcing key lessons. Organizations should also regularly evaluate the impact of training through assessments, quizzes, and feedback surveys, ensuring that employees retain the information and can effectively apply it in their roles. Integrating fraud prevention messages into routine communications, such as team meetings and newsletters, can further reinforce an anti-fraud mindset. Ultimately, a robust training program not only builds awareness but also empowers employees to identify and address potential fraud risks proactively.

Five Key Takeaways on Training:

  1. Risk-Based Training: Deliver bespoke training programs specifically targeted at roles identified as high risk.
  2. Integration with Existing Programs: Leverage and integrate fraud prevention messages into broader financial crime training initiatives.
  3. Effective Communication: Communicate internal policies, the importance of whistleblowing, and the procedures to follow.
  4. Regular Updates: Keep training modules current with evolving fraud risks, regulatory updates, and personnel changes.
  5. Monitoring Effectiveness: Regularly assess and monitor training efficacy through feedback and performance evaluations.

Monitoring and Review: Continuous Improvement and Adaptation

Monitoring and review constitute the continuous feedback loop critical to fraud prevention. Organizations must regularly assess and refine fraud detection systems and response protocols based on real-world performance and evolving risks.

Monitoring involves detecting fraud, conducting robust investigations, and assessing the effectiveness of preventative measures. Organizations should ensure that sophisticated data analytics and AI-driven detection tools are employed effectively. Investigations must be independent, well-resourced, fair, and transparent, with results communicated to stakeholders.

Review processes ensure organizations adapt and improve continuously. Regularly scheduled reviews, supplemented by event-driven assessments in response to incidents or significant changes in risk, underpin an agile and resilient fraud prevention strategy. Utilizing external feedback and industry-wide insights, organizations can benchmark their strategies and implement best practices.

Five Key Takeaways on Monitoring and Review:

  1. Regular and Responsive Reviews: Schedule regular evaluations, complemented by prompt reviews triggered by specific fraud incidents or risk changes.
  2. Data-Driven Detection: Invest in advanced data analytics and AI tools to proactively detect fraud and fraud attempts.
  3. Independent Investigations: Ensure fraud investigations are conducted independently and transparently, with clearly documented processes and outcomes.
  4. Continuous Adaptation: Maintain flexibility in fraud prevention measures, promptly adapting strategies based on review outcomes and industry developments.
  5. Sectoral Benchmarking: Collaborate and engage with external entities and industry peers to adopt best practices and maintain practical fraud prevention standards.

Concluding Thoughts

As the countdown to the FTPF offense go-live continues, compliance professionals are tasked with a critical responsibility: to ensure their organization’s preparedness through meticulous due diligence, targeted training, and robust monitoring and review practices. Each component is integral to creating an effective, proportionate, and responsive fraud prevention strategy. By embedding these practices into the organizational fabric, compliance professionals not only safeguard their organizations but also reinforce ethical standards, protecting both reputation and long-term sustainability.

Categories
Blog

Beyond the Checklist: Dynamic Fraud Risk Assessments for the Failure to Prevent Fraud Offense

We continue our review of the Economic Crime and Corporate Transparency Act 2023, which has elevated the expectations for senior leadership and boards across large organizations. Fortunately, the UK government has put out a document entitled “Economic Crime and Corporate Transparency Act 2023: Guidance to organisations on the offence of failure to prevent fraud.” (The Guidance) Section 3.2 of the official guidance, titled “Top Level Commitment,” should be required reading for every compliance professional seeking to build a credible, defensible, and sustainable anti-fraud culture. Today, we take a deep dive into the requirement for a fraud risk assessment.

As compliance professionals eagerly anticipate the impending go-live of the UK’s Failure to Prevent Fraud Offense, it is paramount to revisit the foundational pillar of any anti-fraud strategy—the fraud risk assessment. The act of assessing fraud risk has always been critical, but in this new legislative context, its significance cannot be overstated. The comprehensive risk assessment outlined by guidance in section 3.2 provides a blueprint that can prepare your organization not only to meet compliance standards but also to strengthen your corporate defenses against fraud.

Risk assessments must be both dynamic and regularly updated. Static, outdated assessments leave your organization exposed, failing to capture evolving fraud techniques and risks introduced by changes in personnel, procedures, technology, or external environments. Organizations are now explicitly encouraged to leverage their existing risk assessment frameworks, extending them to encapsulate the broader scope of the Failure to Prevent Fraud Offense. This approach not only maximizes efficiency but also ensures thoroughness and cohesion within your risk management strategies.

Identifying Associated Persons

The term “associated persons” casts a wide net, and it is essential to thoroughly understand who within and outside your organization could potentially expose you to risk. This includes agents, contractors, and personnel in sensitive roles such as finance or procurement. Each category presents unique fraud risks, ranging from false representation and failure to disclose to false accounting and abuse of position. Properly categorizing and assessing these typologies enables targeted, efficient mitigation measures and preventive strategies tailored to specific vulnerabilities.

Leveraging the Fraud Triangle

Compliance professionals must use the Fraud Triangle. Opportunity, motive, and rationalization are foundational tools to structure their risk assessments. Each element provides a lens through which potential fraud scenarios can be systematically evaluated:

  1. Opportunity: Does your organization inadvertently offer avenues for fraudulent activity due to weak controls, insufficient oversight, or technological vulnerabilities? For instance, departments such as finance, procurement, and marketing often harbor increased opportunities for fraud due to their access to funds or sensitive information. It’s also crucial to consider external agents or contractors operating with minimal oversight.
  2. Motive: Financial incentives and operational pressures can drive individuals towards fraudulent activities. Compliance teams must critically assess whether reward systems such as bonuses or commissions could unintentionally incentivize fraud. Additionally, organizational pressures related to achieving financial targets, impending mergers, acquisitions, or regulatory deadlines must be closely monitored.
  3. Rationalization: The justification of fraudulent acts often stems from organizational culture and industry norms. A company that subtly tolerates fraud, perhaps viewing it as a necessary evil for winning business or reaching targets, sets the stage for rationalization. Ensuring a robust speak-up culture and providing effective whistleblowing channels can significantly mitigate this risk.

Using Diverse Sources and Preparing for Emergency Scenarios

Risk assessment is enriched by diverse sources, including data analytics, past audit findings, industry-specific information, regulatory enforcement actions, and publicly available prosecutions or DPAs. These resources not only help identify potential fraud scenarios but also benchmark your organization’s prevention measures against industry standards and practices.

Unexpected emergencies, from natural disasters to economic crises, inherently increase fraud risks. Organizations must proactively incorporate emergency scenarios into their risk assessments. Doing so not only complies with the statutory obligation to demonstrate reasonable fraud prevention measures but also practically prepares your organization to adapt and maintain integrity during challenging times swiftly.

Classification and Regular Review of Risks

A thorough risk assessment involves classifying inherent risks by their likelihood and impact. This classification is vital in prioritizing resources effectively, focusing efforts on mitigating high-impact, high-probability risks. Regular reviews of your risk assessment, typically every two years, or sooner if triggered by significant internal or external changes, ensure its continued relevance and effectiveness.

Failing to update and refine your risk assessment regularly can expose your organization to severe consequences. Courts may interpret outdated assessments as indicators of inadequate preventive measures, leaving your organization vulnerable to penalties and reputational harm.

Five Key Takeaways for the Compliance Professional

Here are five key takeaways for the compliance professional:

1. Dynamic and Regular Updates Are Essential:

Risk assessments must not be viewed as one-off or static exercises. Continuous monitoring, regular updating, and adaptation to emerging fraud threats are essential to maintain relevance and ensure comprehensive fraud prevention capabilities.

2. Comprehensive Identification of Associated Persons:

Given the expansive definition of “associated persons,” compliance professionals must carefully identify and categorize all internal and external parties capable of exposing the organization to fraud risks. Tailored fraud risk mitigation strategies should then be developed based on these typologies.

3. Utilize the Fraud Triangle Effectively:

Applying the fraud triangle’s elements, opportunity, motive, and rationalization, can provide structure and depth to fraud risk assessments. This systematic approach helps to uncover specific vulnerabilities and inform targeted preventive measures.

4. Broaden Your Sources of Risk Intelligence:

Compliance professionals must leverage multiple sources, including past audit reports, data analytics, regulatory enforcement actions, and publicly available case studies. Integrating this diverse intelligence enhances the effectiveness and breadth of fraud risk assessments.

5. Incorporate Emergency Scenario Planning:

Fraud risks escalate during emergencies. Preparing and integrating emergency scenarios into your fraud risk assessment framework helps ensure that robust fraud prevention measures remain effective during crises, aligning your risk management practices with statutory obligations and best practices.

The Time to Act is Now

The clock is ticking towards the implementation of the Failure to Prevent Fraud Offense, and complacency is not an option. Conducting and maintaining a dynamic, comprehensive fraud risk assessment is no longer just best practice. It is a statutory necessity. By rigorously identifying associated persons, leveraging the Fraud Triangle, drawing insights from diverse sources, preparing for emergency scenarios, and regularly reviewing your assessment, your organization can confidently demonstrate its commitment to fraud prevention. Proactive engagement in these activities not only fortifies your compliance posture but also significantly enhances your organization’s resilience against fraud. Compliance professionals must seize this opportunity to reinforce their strategic value, embedding effective anti-fraud measures into their organizational culture and operations as we move closer to this critical regulatory milestone.

Join us tomorrow as we consider the procedures to implement your fraud risk assessment.

Categories
Blog

Setting the Tone: Why Top-Level Commitment Is the Heart of Fraud Prevention

In today’s rapidly evolving compliance landscape, one principle has become abundantly clear: effective fraud prevention starts at the top. The Economic Crime and Corporate Transparency Act 2023, with its new offense of failure to prevent fraud, has elevated the expectations for senior leadership and boards across large organizations. Fortunately, the UK government has put out a document entitled “Economic Crime and Corporate Transparency Act 2023: Guidance to organizations on the offense of failure to prevent fraud” (The Guidance). Section 3.1 of the official guidance, titled “Top Level Commitment,” should be required reading for every compliance professional seeking to build a credible, defensible, and sustainable anti-fraud culture. Today, we take a deep dive into what a top-level commitment is.

The Imperative: Leadership’s Role in Preventing Fraud

Section 3.1 places the responsibility for preventing and detecting fraud squarely on those charged with governance, including the Board of Directors, partners, and senior management. This is not simply a perfunctory statement. The Guidance makes it clear: without authentic buy-in and leadership from the very top, even the best-written policies and controls will falter.

A culture of zero tolerance for fraud must be more than a slogan. The board and senior management must actively foster an environment where fraud is not only discouraged but also considered unthinkable, where profit derived from or assisted by fraud is unequivocally rejected.

Visible Commitment: Not Just Words, But Deeds

What does genuine top-level commitment look like? The Guidance offers a clear framework. It is about visible, consistent action that resonates throughout the organization. This includes:

  • Publicly rejecting fraud, even at the cost of lost business opportunities. Boards and executives must demonstrate that they will walk away from deals if the price compromises their integrity and values.
  • Explaining the business benefits of a strong anti-fraud posture. Protecting the company’s reputation, building trust with customers and business partners, and ensuring long-term sustainability are tangible, valuable outcomes.
  • Backing policies and codes of conduct with consequences. There must be clarity about what happens if someone breaches anti-fraud policies—up to and including contractual and disciplinary action.
  • Acknowledging and endorsing collective anti-fraud efforts. Participation in industry initiatives or trade body actions against fraud demonstrates seriousness of intent.

A leadership statement is only credible if real accountability, named roles, and continuous communication back it.

Governance: Structuring Responsibility for Real Results

Clear governance is the backbone of any fraud prevention framework. Section 3.1 stresses that organizations should define, document, and communicate who is responsible for every aspect of fraud prevention, from risk assessment to whistleblowing, and from detection to disciplinary actions.

Best practice governance includes:

  • Designated responsibility for horizon scanning, risk assessment, policy development, disciplinary action, whistleblowing, investigation, and ongoing review.
  • Direct access for compliance leadership to the board or CEO, even if day-to-day reporting is elsewhere. This ensures critical issues don’t get buried in middle management.
  • Documentation of decisions and actions. Board minutes should capture key compliance decisions, risk reviews, and follow-up actions.
  • Succession planning for compliance leadership. Governance should account for staff turnover and ensure continuity in anti-fraud efforts, even when key personnel are absent or leave the organization.

In some organizations, the board or senior executives will be personally involved in designing fraud prevention measures; in others, they will delegate this responsibility to the Head of Ethics and Compliance while retaining ultimate accountability. The key is active engagement and oversight.

Commitment to Resources: Funding and Training

Fraud prevention is not a costless endeavor. The guidance is explicit: senior management must allocate a reasonable and proportionate budget for compliance leadership, fraud prevention staff, training, and technology, including due diligence tools and platforms. This budget commitment must be sustained for the long term, not just as a one-off initiative.

Training is equally crucial. Senior management must champion not only initial training but also ongoing refreshers and updates, ensuring that all staff, especially those in high-risk roles, are equipped to identify and prevent fraud. Resilience is key: anti-fraud practices must be maintained even when staff are on vacation or sick leave or when there is turnover.

Leading by Example: The Tone at the Top

The “tone at the top” is more than a catchphrase; it is the bedrock of ethical culture. Senior managers must embody the standards they expect from the rest of the organization. This means:

  • Openly challenging rationalizations for fraud. Whether it’s “everyone does it,” “it’s not material,” or “it’s for the good of the business,” these are dangerous myths that must be confronted.
  • Encouraging early reporting of concerns. Leadership should foster an open culture where staff feel empowered to speak up, no matter how minor the issue may seem. The earlier a problem is raised, the less likely it will snowball into a major scandal.
  • Making ethics a daily practice, not a quarterly campaign. Whether through regular reminders, integration into performance evaluations, or simply modeling the right behaviors, leaders set the ethical weather for the company.

Communication: Reinforcing the Anti-Fraud Message

Top-level commitment must be consistently and credibly communicated to all key audiences, including employees, contractors, agents, suppliers, and business partners. The guidance recommends tailoring the message for different stakeholders; what resonates with employees may differ from what is relevant for contractors or vendors.

Effective anti-fraud communication should:

  • Highlight the organization’s commitment to integrity over short-term gains.
  • Reinforce the real-world consequences of violating anti-fraud policies.
  • Regularly spotlight examples of ethical leadership, transparency, and collective action against fraud.

The Importance of Whistleblowing

Section 3.1 places significant emphasis on whistleblowing—not only establishing clear channels but also creating a culture where speaking up is encouraged and protected. Senior management should ensure:

  • There are safe, independent channels for reporting concerns.
  • Whistleblowers are protected from retaliation.
  • Reports are acted on quickly and transparently.

A strong whistleblowing culture indicates that leadership is committed to identifying and addressing problems before they become systemic.

The “Why” Behind Top-Level Commitment

Why is all of this so critical? Because fraud is adaptive. It thrives in ambiguity, and it flourishes when leadership is distracted, disinterested, or inconsistent. The Economic Crime and Corporate Transparency Act 2023 raises the stakes: organizations now face not just reputational and commercial damage but also criminal liability if they cannot show that their prevention procedures were reasonable and implemented with real top-level commitment.

The regulators and prosecutors will look for evidence of this commitment. Are senior managers personally invested? Do they walk the talk? Can they demonstrate, with documentation, that anti-fraud policies are embedded in the organization’s DNA?

Practical Steps for Compliance Professionals

What should compliance professionals do today?

  1. Engage with your board and C-suite. Make sure they understand their personal and collective responsibilities under the Act.
  2. Audit your current governance structures. Identify gaps in accountability, communication, or resource allocation.
  3. Refresh your anti-fraud messaging and training. Ensure it is regular, targeted, and endorsed by top management.
  4. Enhance your whistleblowing framework. Benchmark it against best practices and ensure visible support from leadership.
  5. Document everything. If it’s not written down, it didn’t happen. Ensure that minutes, decisions, and compliance actions are accurately recorded.

Conclusion: Leadership Sets the Standard

Section 3.1 is clear: fraud prevention is not just the job of compliance or internal audit. It is the duty of those at the top. Authentic leadership means investing in people, systems, and culture; communicating a vision of integrity; and never wavering, even when the pressure to bend the rules is immense.

For the modern compliance professional, this is both a challenge and an opportunity. With exemplary leadership, organizations can move beyond reactive compliance and build an enduring culture where ethical conduct is the norm and fraud has no place to hide.

Join us tomorrow, where we will consider a fraud risk assessment.

Categories
Data Driven Compliance

Data Driven Compliance – Understanding the UK’s New Failure to Prevent Fraud Offense with Sam Tate

Welcome to Season 2 of the award-winning Data Driven Compliance. In this new season, we will look at the new Failure to Prevent Fraud offense. Join host Tom Fox as we explore this new law and how to comply with it through the lens of data driven compliance. This podcast is sponsored by Kona AI. In this first episode of Season 2, Tom is joined by Sam Tate, Global Head of Regulatory and Investigations at the international law firm Clyde & Co.

Tate to discuss the significant changes brought about by the latest UK law on the Failure to Prevent Fraud offense, which was introduced as part of the Economic Crime and Corporate Transparency Act of 2023 and took effect on September 1, 2025. He also highlights the challenges of prosecuting large corporations for fraud. Tom and Sam examine the new compliance requirements under the law, their impact on multinational companies, and the extended jurisdiction that covers actions affecting the UK. Practical steps for companies to take in response to the new law are also discussed, emphasizing the need for a thorough risk assessment and robust compliance programs.

Key highlights:

  • Overview of the New Fraud Law
  • Implications for US Companies
  • Market Response and Compliance Challenges
  • Prosecutors’ Perspective and Enforcement
  • Corporate Response and Compliance Strategies
  • Impact on International and Regulated Entities

Resources:

Clyde & Co

Sam Tate at Clyde & Co

ECCTA’s Failure to Prevent Fraud Offense—Is your Organisation ready?

Check out KonaAI

Click here for KonaAI White Paper Rethinking Compliance: Practical Steps for Adapting to the UK’s New Fraud Legislation.

Connect with Tom Fox on LinkedIn