Small organisations

To re-cap our introductory article, the offence broadly applies to “large organisations” where two out of the three below requirements are met:

• more than 250 employees
• an annual turnover of more than £36 million
• a balance sheet worth more than £18 million.

On the face of it, the offence aims to hold large corporates accountable where an “associated person” (any person who performs services for or on behalf of the relevant organisation) commits a specified fraud offence for the organisation’s benefit and that organisation lacked reasonable fraud prevention procedures at the time of the fraud.

But the devil is in the detail, as government guidance confirms that the legislation will extend its reach to the subsidiaries, supply chain partners and franchisees of such large organisations, even where those entities don’t themselves meet the large organisation criteria.

They may be considered an “associated person” under the offence if providing services for or on behalf of a large organisation. To mitigate this risk, large organisations may impose contractual fraud prevention requirements on their suppliers, agents (directors or other individuals authorised to enter contracts on behalf of the organisation) and franchisees.

Subsidiaries

A company is considered a subsidiary of another company (the parent company) if the parent company:

• owns more than half of the voting rights in the subsidiary
• is a member of the subsidiary and has the right to appoint or remove most of its board members
• is a member and controls most of the voting rights through an agreement with other members, or
• has the right to exercise a dominant influence over the subsidiary by virtue of provisions in a control contract or the subsidiaries articles of association.

This also includes subsidiaries of subsidiaries within a corporate group.

A subsidiary is automatically considered an associated person for the purpose of the offence if it commits a fraud intending to benefit the parent company. Importantly, a subsidiary also risks being liable in its own right if one of its employees commits fraud intending to benefit the subsidiary even when that subsidiary is not itself a large organisation. In such circumstances, the parent company will not be held liable. This demonstrates that smaller companies won’t be immune to the effects of the pending offence and should remain alert to fraud risk.

Supply chains

A supply chain organisation may also be liable under the offence if, for example, it commits fraudulent acts or neglects required due diligence and fraud prevention procedures. However, unlike subsidiaries, companies in a supply chain aren’t automatically considered an associated person for the purpose of the offence unless they provide services directly for, or on behalf of, a relevant body.

This means that simply contracting with a large organisation will not, in and of itself, create liability for the large organisation under the offence. However, large organisations will be liable in circumstances where a supply chain organisation qualifies as an associated person and commit fraud intended to benefit the large organisation.

Any consideration of the reasonableness of fraud prevention procedures will factor in the level of control, proximity and supervision a large organisation would have over a person or entity acting on its behalf. Where supply chains involve several entities, the organisation is likely to exercise control over only the relationship with its immediate contractual counterparty. Liability for the large organisation therefore depends on whether the relevant fraud risks fall within its scope of influence.

Franchisees

The same logic applies to franchise arrangements.

Individual franchisees are not automatically treated as associated persons simply because they’re part of the franchise system. But if a franchisee commits fraud while providing services for the franchisor, the franchisee could be considered an associated person. The franchisor would consequently face liability under the offence if fraud was committed by its franchisee. However, as with supply chains but unlike subsidiaries, there’s no trickle-down effect. This means that an associated person of a franchisee would not also be an associated person of the franchisor.

Territorial reach

Crucially, the scope of the offence doesn’t just stop at UK-based organisations (which includes unincorporated partnerships but excludes other unincorporated organisations). It will also apply to in-scope organisations based overseas, including subsidiaries, supply chain entities and franchisees, if the fraud has a UK nexus; that is, one of the fraudulent acts took place in the UK or the gain or loss occurred in the UK.

For example, if an employee of a large organisation based in the US commits fraud by selling counterfeit goods to UK customers, a UK nexus would be established due to the harmful effect of the fraud on UK citizens. Comparatively, the offence won’t apply to UK organisations whose subsidiaries or employees based overseas commit fraud abroad which doesn’t cause a gain or loss in the UK. The offence therefore only applies where the base fraud offence is committed under UK law.

It’s important to note that, in some countries, local laws may obstruct UK organisations from applying the same procedures overseas as they would on home turf. In such cases, any assessment by the court of the reasonableness of the organisation’s fraud prevention procedures would consider the procedures that the organisation could realistically have been expected to implement, as this may vary for overseas employees and agents.

A new threshold

Previous failure-to-prevent offences, such as that under the Bribery Act 2010, didn’t tailor their scope to the “large organisation” threshold. This distinction presents unique challenges for businesses, particularly those that may grow into the scope of the new offence over time.

For example, smaller businesses that later exceed the 250-employee threshold or become part of a larger corporate group may find themselves subject to the offence, even if they weren’t previously required to follow similar compliance measures.

Given the absence of benchmark cases for businesses transitioning into the scope of this offence, organisations of all sizes should take proactive steps to assess their fraud prevention practices. Find out what practical action you can take to prevent fraud in our previous article.

Failure to prevent fraud offence: How we can support you

The introduction of the failure to prevent fraud offence has resulted in a more intricate legal landscape, where not only large organisations but also smaller entities, whether subsidiaries, supply chain partners, or franchisees, must navigate new responsibilities. Please contact Andrew or Jocelyne if you have queries about any of the points raised in this briefing.

Our Regulatory & Compliance experts can provide tailored advice to help organisations assess their exposure, design effective fraud prevention strategies and ensure compliance with this new corporate offence. By taking proactive steps now, businesses can safeguard themselves against potential legal risks and strengthen their corporate governance frameworks.