How UK law reforms and enforcement trends affect corporate crime risk in 2024

A new ‘failure to prevent fraud’ offence was enacted, which applies to a large company (UK or non-UK) that fails to prevent an associated party from committing fraud in order to benefit the company or its clients. This offence will come into force late 2024. The only defence is having reasonable procedures in place to prevent fraud. Guidance is expected on reasonable procedures in Spring 2024.

Changes in leadership at the SFO, coupled with expanded pre-investigation powers, may see a reinvigoration of enforcement activity.

Investigations trends/developments

The UK Crown Prosecution Service signed the UK’s 13th Deferred Prosecution Agreement (DPA) with Entain plc following a bribery investigation by HMRC. It is the first with no SFO involvement.  The DPA relates to Entain’s legacy Turkish-facing business and the activities of former third-party suppliers and former employees. At GBP585 million it is the second largest corporate criminal settlement to have been reached in the UK and the first to include a charitable donation. There was a 50% discount on the fine due to Entain’s cooperation and the change in management, despite it not having self-reported. It appears that the investigation was initially driven by tax concerns but expanded into a bribery investigation.

SFO

The scene is set for a more active SFO following key changes made both internally and to the law in 2023, including:

• Law reform on corporate criminal liability to make it easier to prosecute companies
• Extended pre-investigation powers for the SFO
• A change in leadership with the appointment of a new directive, Nick Ephgrave
• Extensive recruitment¹
• Internal reform following criticism from independent reviews into how disclosure is conducted
• A new power for the NCA to order (and help finance) a serious fraud-related SFO investigation

If all goes according to the SFO’s plan, these changes mean that enforcement risk increases for companies. We expect fraud to be an enforcement focus for the SFO. 

FCA

There has also been a change in leadership at the UK Financial Conduct Authority (FCA). One of the two newly appointed co-Directors of Enforcement and Market Oversight joins the regulator from the National Crime Agency, where he was the Director of Intelligence.

The FCA has invested in a new Fraud Team tasked with delivering an internal Fraud Framework for assessing firms’ anti-fraud systems and controls. It hopes this will improve its ability to assess firms and identify where it needs to intervene. The FCA also has been working with the National Economic Crime Centre to develop a multi-agency Fraud Targeting Centre, and it is working with the UK Financial Intelligence Unit so that it can access the SARs database.

Sanctions has been an area of increased focus by the FCA following firms’ need to respond to the imposition of widespread sanctions following Russia’s invasion of Ukraine.  The FCA is using an increasingly data-led approach to supervise firms proactively in order to ensure they have appropriate sanctions systems and controls. This includes using synthetic  data, provided by the Office of Financial Sanctions Implementation (OFSI), to test firms’ sanctions screening processes. OFSI and the FCA have entered into a Memorandum of Understanding that provides for more regular and proactive sharing of information between the two organisations. The CEO of the FCA has made it clear that, while OFSI is the primary enforcer of the UK sanctions regime, the FCA will also consider it appropriate to bring regulatory enforcement cases if it identifies material weaknesses in firms’ sanctions systems and controls.

The FCA has decreased the number of enforcement investigations into substantive market abuse, with the number of open cases falling since 2018/19. Insider dealing accounts for most (82%) of the ongoing market abuse investigations, while 26% of cases closed by the FCA in 2022/23 concerned market abuse. However, since 2018, the FCA has fined five firms and three individuals more than GBP19.5m for various failures in their market abuse surveillance arrangements². These include: implementing and using inadequately calibrated surveillance systems; unclear allocation of responsibilities relating to the operation of surveillance controls; inadequate testing of surveillance systems prior to and after deployment; lack of guidance or training for staff reviewing surveillance alerts; incomplete market abuse risk assessments; and lack of senior management oversight of surveillance activities.

Public sector fraud

The Public Sector Fraud Authority, formed after the pandemic, has a specific remit to tackle public sector fraud. Its Enforcement Unit is expected to become active in the ‘2023/2024 financial year’.³ There will also be a new trade sanctions enforcement authority in 2024 – the Office of Trade Sanctions Implementation (OTSI).

Some authorities are coming under pressure to use their powers to support human rights and the net zero agenda, and we expect this to be a reoccurring theme. For example:

• In a judicial review, an NGO alleged that UK authorities should be actively investigating (i) whether the import of cotton into the UK value chain from particular regions where modern slavery was alleged to be a risk breached the Foreign Prison-Made Goods Act 1897 (FPMGA); and (ii) whether cotton goods with their origin in those regions could be criminal property under the UK Proceeds of Crime Act 2002 (POCA) with trading in them amounting to criminal conduct. The NGO’s challenge failed. An appeal is due to be heard in May. Read more. 
• ClientEarth (an environmental charity) is challenging a decision by the UK Financial Conduct Authority to approve a prospectus of an energy company on the basis that it contains inadequate climate-related disclosures. ClientEarth alleges that the prospectus did not explain how climate change risks affect the specific business of the company, or how significant those risks were to the company, and that it did not sufficiently cover the impact of the Paris Agreement on the company’s business and finances. Read more.

Even if these claims don’t succeed legally, they are succeeding in achieving a lot of publicity for the claimants’ causes.

Law reforms impacting corporate criminal liability

There were significant changes to the rules on corporate criminal liability. A new rule for corporate attribution means that a broader range of individuals can now trigger corporate liability for economic crime.  The old ‘directing mind and will’ test has been enhanced with a new ‘senior manager’ test. The new rule came into effect on 26 December 2023. We expect to see it extended to all crimes (not just economic crimes) this year when the Criminal Justice Bill is passed. Read more. Officers of a company which has committed an offence can also be liable if the prosecutor can show  ‘consent connivance or neglect’.  The test for consent, which is that the relevant individual had knowledge of material facts which constitute the offence by the company and agreed to its conduct of the business on the basis of those facts, is a relatively low bar.

A new corporate criminal offence was also introduced which applies where a large company fails to prevent fraud by an associated party, intending to benefit the company or its clients/customers. It is a strict liability offence, with only one defence available – that of having reasonable procedures in place to prevent fraud. We are currently awaiting guidance from the government on ‘reasonable procedures’. The new offence is expected to come into force in the second half of 2024. It has very wide territorial reach, as it could apply to UK and non-UK companies, where all the misconduct occurs overseas, provided there are victims in the UK. It is likely that the offence will be used to prosecute cases of serious fraud against UK victims, eg misleading statements to UK investors or UK pension schemes and UK tax payers (via public procurement fraud). Private prosecutors will also want to use this new offence.

The SFO continues to push for reform to the rules on disclosure, and an independent review was announced in 2023. 

Internal investigations – key considerations

The new ‘senior manager’ test for corporate attribution means that, before conducting an interview during an internal investigation, it should be considered whether the individual meets the new ‘senior manager’ test. If so, that person’s conduct can be attributed to the company. Consider how to structure the interview to get considered and reliable evidence rather than a knee-jerk reaction; achieving that is often easier if the individual receives independent legal advice.

Likewise, the new failure to prevent fraud offence means that fraud committed by an employee may be attributed to the company if the individual’s intention has been to benefit the company or customers, directly or indirectly. All the underlying fraud offences covered by the new offence involve an element of dishonesty, the legal test for which involves establishing the defendant’s knowledge of relevant facts at the time. There will need to be careful thought regarding how to conduct interviews in a way that doesn’t elicit inaccurate recollections on knowledge of facts and intention.

With the increased enforcement risk against companies from these law reforms, it is important to consider how to structure an internal investigation to maximise claims to legal privilege. An internal investigation may well not be covered by litigation privilege, and legal professional privilege only applies to communications between a client and solicitor. What this means is that, unless the investigation is carried out by lawyers, there is a real risk that materials generated during the investigation will not be privileged.

Chat applications are increasingly used in the workplace, allowing workers to easily communicate and collaborate with each other. We are seeing more and more chat data in scope for investigations; merely searching standard document types such as efiles and emails is often no longer sufficient. This poses some novel challenges during an internal (and external) investigation for data preservation, collection, document review and production to the authorities. GCs and Heads of Risk must ensure that policies are fit for purpose, and actively policed. Read more. 

More companies are likely to have to conduct internal investigations focusing on ESG (environmental, social and governance) issues, for example into treatment of workers in their supply chains. Careful thought will need to be given to how these investigations are structured, bearing in mind the chance of follow-on civil or regulatory action.

Sectors targeted by law reforms or criminal enforcement action

The new Online Safety Act 2023 imposes obligations on internet services and search engines. Failure to comply risks large fines and potential criminal sanctions against senior managers. 

Crypto asset businesses have been the subject of increased money laundering regulation. Law reforms in the Economic Crime and Corporate Transparency Act 2023 aimed at making it easier for the authorities to seize crypto assets will mean that these businesses may find themselves more involved in enforcement activity . 

Payment services firms are also under particularly high scrutiny in relation to AML (where they are seen to be lagging behind) and fraud prevention.

The FCA is conducting a review of private market valuation practices following concern that they may not be robust, particularly given current high interest rates. The primary focus is likely to be managers and funds holding asset classes where material valuation write-downs may cause market instability. Inevitably any such review will cast a light on questionable valuation practices, and businesses will want to revisit the robustness of their valuation processes.

More generally, the authorities are keeping a close eye on unsupervised communications. OFGEM fined a financial services institution for not recording and retaining electronic communications made by wholesale energy traders on privately owned phones via WhatsApp, which discussed energy market transactions. 

Cross-border coordinated investigation or enforcement activity

Companies should assume that UK authorities are speaking to their overseas counterparts. The previous Director of the SFO publicly stated on many occasions the importance attached to international cooperation. Both the SFO and the FCA have secondees from overseas enforcement authorities. The SFO stated this year, “We rarely encounter any cases that don’t span multiple jurisdictions and require some form of collaboration with overseas law enforcement.”⁴

The UK has made good use of Overseas Production Orders. This new tool, which became effective in October 2022, allows UK authorities to make requests directly to communications service providers, including social media platforms and messaging services, located in the U.S. According to a written statement made on 19 December 2023, the UK has made over 10,000 such requests.

Predictions for 2024

• Businesses will need to get ready for the new failure to prevent fraud offence by ensuring that they have reasonable procedures in place to prevent fraud.
• They will also need to ascertain the company’s senior managers and ensure that their economic crime training is up to date.
• Good compliance culture is a part of the antidote to reduced direct supervision, which is an inevitable consequence of the move to greater hybrid working. The unauthorised use of unmonitored personal devices and encrypted communication applications may be widespread, and poses significant enforcement risk particularly to those in regulated sectors. It also impairs the ability of internal investigators to find facts quickly should an allegation of misconduct arise. GCs and Heads of Risk must ensure that policies are fit for purpose, and actively policed.
• Crime increases when individuals are under financial pressure. The cost of living crisis, coupled with the combination of remote working, reduced/thinly spread compliance budgets, volatile markets and stressed supply chains increases the risk of financial crimes such as corruption, market abuse and fraud. GCs and Heads of Risk will need to be agile to respond, and ensure that compliance policies and speak-up programmes are refreshed and firmly embedded in their organisations’ cultures.
• Climate change funding, eg carbon offsetting programmes or low-carbon development or renewable energy, often involves dealing with governments, and therefore presents a higher corruption risk. We expect to see more companies adding ESG to financial crime risk screens as bribery and corruption risk surfaces in carbon offset and other net zero related schemes. Many are already doing so.
• More companies are likely to have to conduct internal investigations focusing on ESG (environmental, social and governance) issues, for example into treatment of workers in their supply chains. Careful thought will need to be given to how these investigations are structured, bearing in mind the chance of follow-on civil or regulatory.

This article is part of our Cross-Border White Collar Crime and Investigations Review. Please click here for our overviews and insights in other jurisdictions.

Footnotes

_{1. Sara Chouraqui, Joint Head of Fraud, SFO told the American Bar Association that the SFO is recruiting 100-150 new investigators and prosecutors (October 2023)}
2. As at 6 December 2023
3. Public Sector Fraud Authority Annual Report 2022-2023
4. Chief Capability Officer SFO September 2023