Key Takeaways from Failure to Prevent Fraud Offence Seminar

Last week, Shoosmiths hosted an event with insurance broker, McGill and Partners on the new ‘failure to prevent fraud offence’.

During this breakfast seminar we heard directly from representatives across the fraud prevention landscape, who delved into the requirements of the new offence and how organisations across England and Wales can best protect themselves.

Here are our key takeaways:

Insights from Law Enforcement

Nick Sharp, Deputy Director Fraud at the National Economic Crime Centre (NECC) and Samuel Wright, Senior Lawyer at the Serious Fraud Office (SFO) led the opening session discussing the fraud threat within England and Wales.

Sharp highlighted that in the year ending September 2023, England and Wales experienced approximately 3.24 million incidents of fraud, making it the most prevalent crime type, accounting for 38% of all estimated crime against adults. The financial impact is significant, with individuals and businesses reporting losses of £2.1 billion to Action Fraud by the end of December 2023.

Despite 71% of victims suffering financial loss, a substantial number of those who lost money were refunded in full (71%), while 3% received partial refunds, and 21% received no refund. During this period, an estimated 2.8 million adults, or roughly 1 in 17, fell victim to fraud. In summary, whilst volume frauds are trending down, high-harm frauds are increasing.

It was outlined that the following offences fall within the scope of the failure to prevent fraud offence:

• Fraud by false representation (section 2 of the Fraud Act 2006)
• Fraud by failing to disclose information (section 3 of the Fraud Act 2006)
• Fraud by abuse of position (section 4 of the Fraud Act 2006)
• Obtaining services dishonestly (section 11 of the Fraud Act 2006)
• Cheating public revenue (common law)
• False accounting (section 17 of the Theft Act 1968)
• Fraudulent trading (section 993 of the Companies Act 2006)
• Participation in a fraudulent business (section 9 of the Fraud Act 2006)
• False statements by company directors (Section 19 of the Theft Act 1968)

The session reinforced the messaging that businesses must have a top-level commitment to combating fraud. This commitment is underpinned by a thorough risk assessment to understand the risks associated with fraud, which is crucial for effective prevention.

It was noted that organisations should implement robust but proportionate risk-based prevention procedures that strike the right balance between robustness and practicality. Due diligence was identified as playing a key role in preventing and detecting fraudulent activities. Regular communication and training were also raised as an important factor to ensure that personnel are aware of fraud risks and prevention strategies. Organisations should also continuously monitor and review anti-fraud measures to adapt to changing threats and improve effectiveness.

Preparing for the failure to prevent fraud offence

Daren Allen, partner at Shoosmiths conducted a workshop on the best practices for businesses to mitigate the fraud threat. The session underscored that the 2024 market trends suggest a surge in complex fraud schemes, propelled by advancements in Artificial Intelligence. This includes automated assaults, custom phishing, deepfakes, and malware programmed with ChatGPT and image generation modules.

The economic slump coupled with easier access to fraudulent practices has resulted in a rise in ‘fraud as a service’. This includes advanced tools and guides readily available for budding fraudsters on the dark web. Amidst dwindling patience, increased alternatives, and reduced disposable income, companies striving to uphold customer satisfaction are wary of causing disruptions in the client experience. The shift towards digital payment methods has also introduced new potential attack vectors, with the anonymity provided by digital currencies aiding illicit activities.

Allen clarified that the Economic Crime and Corporate Transparency Act 2023 (ECCTA) was necessary due to the difficulties encountered in prosecuting large UK companies, as evidenced by the SFO’s unsuccessful case against Barclays in 2018. The ECCTA was also required because the ‘identification principle’ makes it hard to establish liability within extensive corporate structures. The prosecution must demonstrate that the offence was committed through the actions of an individual who can be identified as the directing mind and will of the business.

Before the new offence comes into effect, the Government plans to publish guidance outlining what would constitute reasonable fraud prevention procedures. This guidance is expected to follow principles similar to those in the Bribery Act 2010 Guidance, which was published by the Ministry of Justice.

The optimal preparation an organisation can implement involves the following steps:

• Assessing and managing the risk associated with fraud.
• Implementing fraud prevention measures to mitigate these risks.
• Regularly reviewing fraud detection controls and mechanisms to ensure their effectiveness.
• Having a robust fraud response plan in place to handle any incidents of fraud that occur.

Fraud: Incorporating insurance and claims management into your procedures

Francis Kean, partner at McGill and Partners highlighted in this session that incorporating insurance and claims management into your procedures is a vital part of fraud prevention. This entails understanding potential fraud risks, particularly those insurable, and ensuring adequate insurance coverage, including policies for employee dishonesty and cyber liability.

A robust process for managing insurance claims in the event of fraud is necessary, which includes incident identification, documentation gathering, and liaising with the insurance company. Implementing fraud prevention measures such as strong internal controls, regular audits, and employee training programs are crucial.

Advanced detection tools like data analytics also help to identify fraudulent activities early. A response plan should be in place to effectively handle detected fraud, including reporting to law enforcement and insurance companies, conducting internal investigations, and taking corrective actions. Remembering, while insurance is a key component, focusing on prevention and detection is equally important to minimise fraud occurrence.

Conclusion

The seminar provided valuable insights into the landscape of fraud prevention. The discussions highlighted that the introduction of ECCTA marks a significant step towards combating a significant issue.

However, the fight against fraud is not solely a legal battle. It requires a comprehensive approach that includes incorporating insurance and claims management into organisational procedures. As we move forward, it’s crucial for organisations to stay informed and proactive in their efforts to mitigate fraud risks, ensuring a safer and more secure business environment.