On 6 November 2024, the Government published its guidance on the procedures that organisations can put in place to prevent persons associated with them from committing fraud offences. A copy of the guidance can be found here. We make the following initial observations.

• First, and by way of reminder, section 199 of the Economic Crime and Corporate Transparency Act 2023 created a new corporate criminal offence of “failure to prevent fraud”.  The new offence means that an organisation will commit an offence where a person associated with it commits a fraud offence intending to benefit the organisation or, in some circumstances, the organisation’s clients.  We explained some of the key concepts raised by the offence in our update last year – available here: Burges Salmon - Corporate Crime & Investigations - New Approach to Corporate Criminal Liability & New Offence of Failure to Prevent Fraud (burges-salmon.com).
• The new offence will come into force on 1 September 2025, so affected organisations have just over nine months to assess how they are going to be impacted by the legislation and to develop and implement their fraud prevention procedures.
• It will be a defence for an organisation to prove that (i) it had in place such procedures to prevent associated persons from committing fraud as it was reasonable in all the circumstances to expect (“reasonable prevention procedures”), or (ii) it was not reasonable in the circumstances to expect it to have any prevention procedures in place.  The government’s guidance describes the general principles that should guide the development of procedures to prevent fraud.  The principles reflect those contained in guidance on procedures that provide a defence to other ‘failure to prevent’ offences.  They are:
  • Top level commitment: Responsibility for the prevention and detection of fraud rests with those charged with the governance of the organisation. The board of directors, partners and senior management of a relevant body should be committed to preventing associated persons from committing fraud. They should foster a culture within the organisation in which fraud is never acceptable and should reject profit based on, or assisted by, fraud. 
  • Risk assessment: The organisation assesses the nature and extent of its exposure to the risk of employees, agents and other associated persons committing fraud in scope of the offence. The risk assessment is dynamic, documented and kept under regular review.
  • Proportionate risk-based fraud prevention procedures: An organisation’s procedures to prevent fraud by persons associated with it are proportionate to the fraud risks it faces and to the nature, scale and complexity of the organisation’s activities. They are also clear, practical, accessible, effectively implemented and enforced.
  • Due diligence: The organisation applies due diligence procedures, taking a proportionate and risk-based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified fraud risks.
  • Communication: The organisation seeks to ensure that its prevention policies and procedures are communicated, embedded and understood throughout the organisation, through internal and external communication. Training and maintaining training are key.
  • Monitoring and review: The organisation monitors and reviews its fraud detection and prevention procedures and makes improvements where necessary. This includes learning from investigations and whistleblowing incidents and reviewing information from its own sector.
• Notably, the guidance specifies that is not intended to provide a safe harbour: even strict compliance with the guidance will not necessarily amount to having reasonable prevention procedures if the organisation in question faces particular risks arising from the unique facts of its own business that have not been addressed.  Conversely, departures from suggested procedures within the guidance will not automatically mean that an organisation does not have reasonable prevention procedures.

We will soon be sharing more detailed commentary on the new guidance and what organisations can do to prepare.  In the meantime, if you have any questions on this development and the steps your business might take to mitigate the associated risks, please contact Guy Bastable, Andrew Matheson or Sam Aldous in Burges Salmon’s Corporate Crime & Investigations team.