Understanding the New ‘Failure to Prevent Fraud’ Offence: What you ned to know
Incoming legislation – the Economic Crime and Corporate Transparency Act (ECCTA) – is creating big changes in how organisations approach fraud prevention, most notably by introducing a new ‘failure to prevent fraud’ offence.
But recent research from KPMG, which highlights the scale of the UK’s fraud problem and the lack of preparation by UK corporates and other institutions, shows that few businesses are ready to comply with the new legislation.
Here we look at why, now more than ever, it is critical for all organisations to review their fraud risk management frameworks, fraud prevention controls, and anti-fraud technology.
Understanding the ‘Failure to Prevent Fraud’ offence
The new ‘failure to prevent fraud’ offence is one of the biggest shake-ups in corporate economic crime law in decades.
Under the legislation, organisations will be liable to pay an unlimited fine if a fraud offence is committed by an employee or agent for the organisation’s benefit and the organisation does not have adequate fraud prevention measures in place.
Lack of awareness or involvement in the fraud by management will not be accepted as an excuse or prevent an organisation from falling foul of the new rules.
The expectation is that the failure to prevent fraud offence will come into force by 2025, once the government has published guidance on what it considers ‘reasonable procedures’ to prevent fraud.
Though the legislation is targeted at large organisations, it still represents a good opportunity for all organisations to review and update their approach to fraud risk management. Not least of all because many of the large organisations that fall under the new legislation will also require their partners to be compliant.
The UK’s growing fraud problem
A key aim of the new failure to prevent fraud offence is to put a brake on rising fraud levels. The UK’s Home Office estimated in September 2022 that fraud accounts for 40% of crime, while the National Fraud Intelligence Bureau puts the value of reported losses due to fraud in 2023 at £2.1bn.
KPMG’s Fraud Barometer also highlights the extent of fraud, finding that 226 cases of fraud worth more than £100k reached the courts in 2023, with a total value of £992.2m
The research also found that after professional criminals, management and employees are the most likely perpetrators of fraud and, together, were involved in nearly half the recorded cases in 2023 to the value of £221.3m.
As a major financial hub, London is unsurprisingly the nation’s fraud hotspot, with KPMG noting £701.4m of fraud across 43 cases in the capital.
However, the North West and the Midlands both recorded significant increases in fraud over the last year, with fraud values in the North West jumping from £24.7m in 2022 to £122.1m in 2023.
Fraud is a nationwide problem that all businesses should take seriously.
Reviewing and mitigating fraud risk: best practices for compliance
Despite the growing fraud problem and the impending legislative changes to combat this, KPMG’s research also found that 50% of respondents to its risk and fraud survey did not feel their organisations had properly assessed the fraud risks facing their business and the potential impact.
This is particularly concerning given that fraudsters are becoming more sophisticated and using technology to assist fraudulent activity.
They will also look for loopholes in technology systems and processes and manipulate data so fraud attempts can go under the radar.
Managers and employees are a particular threat in this respect because they can use their knowledge of internal controls and processes to circumvent them, as demonstrated by this fraud conducted by an Apple employee.
In reviewing fraud risk management frameworks, there are several factors that organisations need to consider, starting with who is responsible for fraud at the board level.
This also ties in with other regulatory changes, such as the recently announced 2024 UK Corporate Governance Regime (also known as UK SOx), which not only introduces tighter payment controls but also requires a company’s board to make a public declaration on internal controls.
Want to know more about UK SOx?
Visit our UK SOx Resource Hub
Employee training and robust procedures are also key, as is the use of technology to combat fraud.
The fight against Authorised Push Payment (APP) fraud – one of the largest fraud threats facing UK businesses and one that can also be used to facilitate scams by staff members – demonstrates this clearly.
Risk mitigation strategies include staff training and awareness building to spot red flags, while technology solutions, such as Account Name Verification (a Confirmation of Payee service), help identify potentially fraudulent accounts.
Understanding the scope of the new offence
The new offence covers a wide range of fraudulent activities, including:
- Internal fraud: Fraud perpetrated by employees or other individuals within the organisation
- Third-party fraud: Fraud committed by external parties, such as suppliers, customers, or business partners
- Tax fraud: Deliberate attempts to evade taxes, including corporate tax and VAT
The ECCTA imposes specific responsibilities on organisations to prevent fraud, including:
- Risk assessment: Assess the risk of fraud and implement proportionate measures to mitigate those risks
- Due diligence: Conduct due diligence on third parties, such as suppliers and customers, to identify and mitigate potential fraud risks
- Training and awareness: Provide adequate training and awareness programs to employees to prevent and detect fraud
- Monitoring and reporting: Implement effective monitoring and reporting systems to identify and report suspicious activity
The ECCTA is likely to have a significant impact on various sectors, including:
- Financial services: Banks, insurance companies, and other financial institutions are particularly vulnerable to fraud and will need to strengthen their fraud prevention measures
- Professional services: Law firms, accounting firms, and consulting firms may be targeted by fraudsters, especially in relation to client money and tax matters
- Healthcare: Healthcare providers may be at risk of fraud, particularly in relation to billing and procurement
- Retail: Retailers may be vulnerable to fraud, such as point-of-sale fraud and supply chain fraud
There will be stricter compliance requirements on large organisations compared to smaller businesses. Large organisations will need to implement more robust fraud prevention measures, including risk assessments, due diligence, and training programs.
Smaller businesses may be able to rely on less formal procedures, but they still need to take reasonable steps to prevent fraud.
Taking the next steps towards compliance
APP fraud is just one example of how a combined defensive approach encompassing people, processes, and technology can be effective.
Yet, the very nature of fraud is that it is ever-changing, and fraud perpetrated by employees and managers can be particularly complex and difficult to detect.
A multi-faceted approach is, therefore, essential both to prevent fraud and to ensure compliance with the latest regulatory requirements related to the failure to prevent fraud offence.
An organisation’s approach to fraud prevention starts at the top, and responsibility for fraud at the board level should be clearly defined.
Further down in the organisation, finance professionals should receive up-to-date training on spotting potentially fraudulent activity, while robust controls and processes, such as dual sign-offs for payments, are key to reducing the potential for fraudulent transactions. And, as is becoming increasingly the case, technology will be vital.
The role of technology in fraud prevention
AI-Driven Analytics can identify anomalies and patterns in large datasets that may indicate fraudulent activity. By analysing historical data and real-time transactions, AI can flag suspicious behaviour, such as unusual spending patterns or unauthorised access attempts. This proactive approach enables organisations to investigate potential threats early on.
Automated Reporting Systems can streamline the process of generating reports and identifying potential risks. These systems can automate tasks like data collection, analysis, and report generation, reducing the risk of human error and improving efficiency. This can help organisations meet regulatory reporting requirements and identify areas of concern.
And overall, maintaining data integrity and implementing strong cybersecurity measures are crucial for effective fraud prevention.
Organisations must ensure that their data is accurate, complete, and protected from unauthorised access. This involves implementing robust access controls, encryption, and regular security audits. By safeguarding sensitive information, organisations can mitigate the risk of data breaches and fraud.
By leveraging technology, organisations can enhance their fraud prevention capabilities, meet compliance requirements, and protect their reputation.
However, it is essential to remember that technology is not a silver bullet. A comprehensive approach that combines technology with human expertise is necessary to effectively address the complex challenges posed by fraud.
Want to learn more about a multi-layered approach to fraud & error prevention?
Watch our webinar with CFO Sean Moriarty and Customer Success Director, Fiona Brown as they discuss what a successful, multi-layred approach to fraud prevention looks like
Next steps
The ECCTA is just one of a raft of changes we expect to see in the regulatory landscape of 2025 – including more scrutiny on crypto, blockchain, cyber, and sustainable finance.
Businesses are increasingly being asked to take more responsibility for fraud prevention in their supply chain – with regulators cracking down on players large and small across the board.
Whilst it’s good for consumers and the economy, it means you need to make changes to make sure you don’t fall foul of compliance.
To see how AccessPay can provide an always-on, automated fraud prevention service – or to speak to one of our experts about other ways we can help – get in touch here