On 4 March 2024, certain provisions of the Economic Crime and Corporate Transparency Act 2023 (the Act) came into force bringing a significant number of changes to the UK government’s framework on economic crime and corporate transparency. The obligations and risks presented to organisations operating globally however are key to understand and moreover actively plan ahead for.
In addition to key changes to the UK’s register of overseas entities regime (relevant to those who hold properties through any corporate or trust structure involving overseas entities), the Act has created a new criminal offence of failure to prevent a fraud which can be committed in any country and is not limited to the UK.
‘Failure to prevent fraud’ offence
The Act introduces the ‘failure to prevent fraud’ offence, and defences are limited. A ‘large organisation’ will be held liable if one of numerous specified fraud offences is committed by an associated person with the intention of directly or indirectly benefitting the organisation and it did not have reasonable fraud prevention measures in place.
Under the Act an associated person is exceptionally broadly defined and includes employees, agents, subsidiaries, or any person who otherwise performs services for or on behalf of the organisation.
Organisations classed as ‘large organisations’ are those that satisfy two or more of the following conditions:
- a turnover greater than £36 million (approx. AUD 68.6 million);
- a balance sheet total (aggregate of the amounts shown as assets) greater than £18 million (approx. AUD 34.3 million); and/or
- having more than 250 employees.
The above criteria relate not just to one particular business or company, but rather where resources are held across a parent company, and its subsidiaries cumulatively meet the size threshold, then the group will fall into the category and liability can attach to whichever entity in the group is directly responsible for failing to prevent a fraud.
The parent company can also be liable where a fraud is committed by an employee in a subsidiary for the benefit of the parent and insufficient preventative steps have been taken.
The limited defences available are that either the organisation was the intended victim of fraud, or the organisation can show it had reasonable fraud prevention procedures in place.
Guidance principles on what constitutes reasonable procedures to prevent fraud are expected to be published in late 2024 but organisations will be required to have reasonable fraud prevention measures across all business operations (including with agents).
Extraterritorial application
An organisation could be held liable for the failure to prevent fraud offence regardless of the location of the corporate or relevant associated persons. This could be the case where an overseas relevant organisation – even one which does not have a UK branch or subsidiary – has an employee or agent commit fraud under UK law, or targets UK victims (for the benefit of the organisation).
Australian relevant organisations (whether it be a subsidiary, group company or parent) should therefore assess whether they have any existing or potential UK touchpoints in view of the Act and should review their fraud prevention procedures once the government guidance is published to ensure that it has reasonable fraud prevention measures in its various business operations.
For further information, please contact:
Sophie Eyre, Partner, Bird & Bird
sophie.eyre@twobirds.com