РУС
ENG
HSE University Anti-Corruption Portal
United Kingdom Develops Guidance on Preventing Fraud in Organisations
Natalia Gorbacheva, Vladislava Ozhereleva

The UK Home Office has issued the Economic Crime and Corporate Transparency Act 2023: Guidance to Organisations on the Offence of Failure to Prevent Fraud (hereinafter, the Guidance).

Business
Business
Photo: Giuseppe Milo / CC BY 2.0

The paper is a follow-up to the amendments to the anti-corruption legislation concerning the fight against corruption in the private sector that introduced new corpus delicti for organisations, i.e. failure to prevent fraud*, whereas the presence of the proper corporate procedures to prevent fraud proved by the organisation is a circumstance mitigating liability. The relevant provisions will enter into force on 1 September 2025.

The Guidance contains the recommendations for organisations on how to create the conditions for countering fraud. The list of suggestions is tentative and can be adapted in accordance with the organisational structure, territory and sector of activity, as well as other characteristics of organisations. Any retreat from the list of the measures suggested will not automatically mean that the organisation has not adopted the proper measures to prevent fraud if the competent authorities consider the implemented procedures as sufficient based on the balance of probabilities.

1. Top level commitment

The Guidance states that the top level commitment to prevent and detect fraud rests with the top management and the board of directors (or its equivalent) (hereinafter, the corporate management). This is the reason why the corporate management should be committed to combating fraud, formulating the culture of zero tolerance of fraud and refusing to have the profit proceeding from or gained through fraudulent activities.

To this end, organisations can undertake the following measures:

1. Communication and endorsement of the organisation’s stance on countering fraud that can include:

  • A commitment to reject fraud, even if this results in short term business loss, missed opportunities or delays;
  • Articulation of the business benefits of rejecting fraud (reputational, customer and business partner confidence);
  • Articulation and endorsement of the relevant body’s policies or codes of practice on fraud prevention and responsibility for the violation of their provisions;
  • Naming the key individuals and/or departments involved in the development and implementation of the organisation’s fraud prevention procedures;
  • Reference to any membership of collective action against fraud.

2. Ensuring that there is clear governance across the organisation in respect of the fraud prevention framework by:

  • Appointing the persons responsible for implementing the measures to prevent fraud, in particular, for assessing risks and detecting new ones, collecting, processing and forwarding information on the effectiveness of anti-fraud measures to the corporate management, conducting investigations, implementing and enforcing disciplinary liability measures, and participating in developing, adopting and putting fraud prevention measures in practice;
  • Ensuring that the Head of Ethics and Compliance (or similar person) has direct access to the board or CEO;
  • Maintaining governance when members of staff move to other positions, leave the organisation or are off work with illness;
  • Reporting to the board;
  • Minuting decisions and actions to prevent fraud.

3. Commitment to resource, in particular:

  • Allocating a reasonable budget for preventing fraud, including remuneration of competent employees and their training;
  • Resourcing the fraud prevention plan over the long term.

4. Encouraging employees to disclose ethical dilemmas that can lead to fraud.

2. Risk assessment

The organisation assesses the nature and extent of its exposure to the risk of fraud in scope of the offence.

Such assessment should be undertaken in three stages:

  • First stage: development of typology of the employees and persons associated with the organisation;
  • Second stage: analysis of the circumstances that can lead to fraud of employees and associated persons;
  • Third stage: detection of fraud risks related to employees and associated persons taking account of such elements of offence as the motive, rationalization and territorial scope of the organisation’s activities. The risks detected in the course of the initial assessment can be classified by their probability and impact on the operations of the company.

Every stage of assessment should be documented.

The baseline assessment of risks should be undertaken:

  • Regularly, once or twice a year;
  • In response to external changes, defined by the organisation.

Besides the baseline assessment, it is recommended that organisations carry out assessments in emergencies. The Guidance stresses that failing to undertake any risk assessment for emergencies may mean that the organisation is not considered by law enforcement to have reasonable fraud prevention measures in place.

The sources of information necessary to undertake assessments can be:

  • Data collected previously by the organisation for different purposes, including for analysis of compliance with legal requirements;
  • Audit findings;
  • Information on violations in a specific sector (sectors) where the organisation operates, recommendations on implementation of best practices of other organisations operating in the same area on how to prevent fraud put forward by regulating authorities;
  • Anti-fraud law enforcement practices in the private sector.

3. Proportionate risk-based fraud prevention procedures

The Guidance states that organisations should implement the procedures to prevent fraud by persons associated with them that should be proportionate to the fraud risks they face and to the nature, scale and complexity of their activities. In this context, the following requirements should be taken into consideration:

  • Reducing the opportunities for fraud, in particular, by conducting managerial checks, assessing fraud risks systematically, managing conflicts of interest, preventing/mitigating fraud risks in procurement;
  • Reducing the motive for fraud, including by amending the existing bonus framework that encourages risk-taking and prohibiting the exercise of duties in conflict-of-interest situations;
  • Putting in place consequences for committing fraud;
  • Enhancing the culture of non-tolerance to fraud by incorporating relevant provisions in internal regulations, organising training, and including the indicators of compliance with ethical standards in the assessment of performance of employees and associated persons;
  • Adopting adequate measures in emergencies;
  • Testing the fraud prevention measures;
  • Avoiding duplication of functions related to enforcement of both the anti-fraud provisions and the law on finance, ecology and other matters.

4. Due diligence

The Guidance states that due diligence also in the context of mergers and acquisitions is an element of effective fraud prevention in the private sector. In order to enhance the effectiveness of these procedures, companies can adopt such measures as

  • Analysing a wide range of data about the associated persons, for instance, information on previous contracts, reputation, tax reporting, fraud prevention measures undertaken, information on any relevant criminal and/or administrative proceedings also with the use of digital solutions;
  • Including fraud prevention provisions in the contracts with the persons associated with the organisation and the possibility to terminate the contract in case these obligations are not respected;
  • Monitoring of well-being of staff and agents to identify persons who may be more likely to commit fraud because of stress, workload or other reasons.

5. Training, awareness-raising and information disclosure

The Guidance stresses that companies should seek to ensure that its prevention procedures, including relevant policies and codes, are communicated throughout the organisation.

For this purpose, the document suggests the following measures:

  • Obliging the employees and associated persons to undergo fraud prevention training taking account of the level of risk and maintaining the relevance of the information provided in training;
  • Incorporating fraud prevention information in the existing procedures, for example, in the documents regarding the sales target or interaction with clients;
  • Informing employees and associated persons about the outcomes of fraud investigations, including the sanctions imposed, through internal mechanisms;
  • Creating fraud reporting channels, investigating relevant facts and protecting whistleblowers.

6. Monitoring and review

The Guidance also highlights that in order to better understand whether the anti-fraud measures are affective, it would be appropriate for organisations to:

  • Monitor the effectiveness of measures to detect fraud and attempted fraud, investigate the cases and control the implementation of the fraud prevention measures;
  • Review the measures undertaken to timely react to the changes of fraud risks that can happen also naturally due to external changes, failure of employees and associated persons to prevent fraud or changes in the activities of the organisation.

*In line with the Economic Crime and Corporate Transparency Act 2023 fraud is:

  • Cheating the public revenue;
  • Using forged documents to defraud;
  • Embezzlement/theft;
  • False accounting;
  • False statements by company directors;
  • Trade fraud;
  • Participating in fraudulent business carried on by sole trader;
  • Obtaining services dishonestly;
  • Money laundering.
Tags
Education and enlightenment
Compliance
See more
Tags
Education and enlightenmentCompliance

We use cookies in order to improve the quality and usability of the HSE website. More information about the use of cookies is available here, and the regulations on processing personal data can be found here. By continuing to use the site, you hereby confirm that you have been informed of the use of cookies by the HSE website and agree with our rules for processing personal data. You may disable cookies in your browser settings.