Economic Crime and Corporate Transparency Act 2023 (“ECCTA”)

Failure to prevent fraud (FTPF) offence – putting the reasonable procedures theory into practice

In September last year, we wrote about the act and in particular, its applicability to how senior interims would need to operate within client companies of any size to ensure they were adhering to the Act’s requirements. This can be found at https://iim.org.uk/economic-crime-corporate-transparency-act-2023-implications-senior-managers/

In November 2024, the Home Office issued some substantial guidance (46 pages) on how to establish an approach to ensuring the organisation can show it is taking the Act seriously. The Act comes into force on 1^st September this year, allowing four months from now to get to grips with the approach required.

Needless to say, the guidance is just that, it is not a tight specification or standard operating procedure to follow. This government document relates to that part of the Act dealing with ‘Failure to Prevent Fraud (FTPF)’ and builds upon the Bribery Act 2010. It is anticipated that organisational procedures will similarly build on what exists from that Act. Given the complexity of the legislation, nearly all entities will be likely to require expert legal support.

In summary, there is no ‘one size fits all approach’ but there are some logical steps to walk through in building any approach. These include:

• Being clear about what does fraud mean for your organisation?
• What level of internal resource do you have available to establish and maintain the approach? Is this practical?
• Any response will need to go across all organisational functions so foster a culture of collaboration at all stages.
• Build an organisational fraud risk map and use it to assess and prioritise the main points of concern.
• Be specific. Any groundwork you do is likely to identify many risks. While all this information is valuable and should steer what you do, to develop an appropriate response to the FTPF offence, ensure specific inclusion of fraud being ‘to the benefit of the organisation’.
• Prioritise, prioritise, prioritise. The risk analysis is lkely to find many gaps. Deal with the ones that are going to have the biggest organisational impact.
• All the procedures do not have to have new resources. Use what you already have effectively. None of us have unlimited financial or human resources so a balance remains a requirement.
• Use existing communication channels to expand fraud awareness messages, including whistle blowing.
• Build employee engagement from the outset so that the approach becomes part and parcel of how people operate and think (culture).
• Make sure active review is built in on a regular if not frequent basis so that things are kept fresh and up to date. Especially when the regulations get updated – and most do. Not to mention the changing shape of the organisation.