The new ECCTA failure to prevent fraud guidance: first steps

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) represents a significant step forward in the UK's efforts to combat economic crime and enhance corporate transparency. This landmark legislation reforms corporate criminal liability laws for economic crimes, empowers agencies like the Serious Fraud Office (SFO), and introduces a new corporate offence of failure to prevent fraud.?

With the publication of official guidance from the Home Office today, the nine month countdown to implementation has begun.?

As organisations read and digest the guidance, we offer three practical next steps?for those impacted.?

?

6 principles of reasonable procedures?

Failure to prevent fraud under ECCTA continues the theme of the principles based guidance under previous failure to prevent regimes: top level commitment,?risk assessment, proportionate risk-based fraud prevention procedures, due diligence, communication and monitoring and review.??

?

From an operational and practical standpoint, the similarities in the guidance across bribery, tax evasion and now fraud means that most organisations will have a foundation on which to build their reasonable procedures defence. The opportunity here is for businesses to set their ECCTA response in the context of their existing compliance programmes rather than reinventing the wheel.? Those that have already taken preparatory steps will find this has been time well spent, with a potential order for a programme to comply with ECCTA being as follows:?

?

?

For organisations who are impacted, we set out thoughts on the initial three steps.?

?

1. Responsibility and stakeholder mapping?

Organisations should be looking to ensure that stakeholders have been identified and responsibilities have been assigned, including around increasing the awareness of the organisation’s fraud prevention policies. Such an activity should be proportionate considering the nature of the business and where existing skillsets and capabilities reside in relation to other failure to prevent regimes.?

? ?

2. Fraud Policy?

Fraud policies will need to be drafted or reviewed. Again, a consideration of the wider suite of policies and procedures in the company should be part of this effort. This activity should be ongoing, iterative and undertaken at a senior level to ensure the fraud policy remains relevant as the business evolves. Similarly, thought should be given to how this policy is communicated, how it is engaged with by the business and how it forms part of a wider set of ongoing compliance training.?

? ?

3. Fraud risk assessment?

Companies can now consider their fraud risk assessments, (whether flexing a pre-existing fraud risk assessment or by building on other assessments such as bribery or tax evasion), against the specific elements of the guidance. Areas worthy of particular consideration include the guidance on territoriality, the definition and typologies of associated persons, the victim vs. intention to benefit split, and emergency scenarios.?

Once these steps are taken organisations will have the basis on which to consider what controls should be in place (new and existing) to achieve proportionate procedures. ?

To discuss these steps, or other matters in relation to the guidance please get in touch with me or your local PwC forensics contact.?