Finance departments in multinational companies with operations in the United Kingdom (UK) are about to get a shock. Why? Because groundbreaking legislation is currently meandering its way through the UK's corridors of power that, when passed, will punish businesses for failing to prevent employee fraud.
In this article, you will learn what the new law is, what it means - and most importantly, how to prepare for it.
The Failure to Prevent Fraud Offence (due to be enacted in 2024) is essentially an amendment to the Economic Crime and Corporate Transparency Bill 2022. However, and the following is important, legal experts say it's much more than an amendment - it's effectively the most significant change in UK corporate criminal enforcement in over a decade.
According to the UK government, there are two clear objectives:
Let's dive into both points.
First, employees commit fraud for different nefarious reasons. One of them is, for example, manipulating financial records so that both the employee and the business benefit (e.g., boosting the company share price).
The UK government wants to close existing legal loopholes and punish companies that 'turn a blind eye' to these scenarios.
Secondly, employees may also commit fraud solely for their benefit. Astonishingly, companies worldwide lose 5% of revenues to employee accountancy errors and internal fraud, almost $4 trillion annually.
And the bottom line is this: The Failure to Prevent Fraud Offence is also about reducing fraud due to its detrimental effect on society and increasing corporate tax revenue lost to illegal employee activity.
The new legislation targets larger businesses operating in the UK. If a company meets two out of the three following criteria, then it's in the crosshairs:
It's also important to remember that the Failure to Prevent Fraud Offence is internationally significant, given how many multinational companies operate within the UK (a G7 country). Crucially, the UK government has yet to clarify the exact criteria - and has on record stated that secondary legislation that's even stricter is still on the cards.
What does this all mean? It means the risk of financial penalties, criminal charges, and tremendous reputational damage for failing to comply with the new legislation must be kept on top of and managed.
And what has the UK government said about the penalties if a company is convicted? The first point is that individual liability does not apply to this legislation. In plain English: Courts won't prosecute company bosses and directors for failing to prevent fraud.
This may be welcome news for many diligent and law-abiding finance, internal controls, and compliance professionals with enough on their plate due to individual liability risks, as found within money laundering and sanctions violations. However, this is not to say the Failure to Prevent Fraud Offence will be a light touch - because it won't.
The UK government, sending a strong message to the business community, states that courts can impose unlimited fines for violations.
And the reality is this: When governments state unlimited penalties, companies that don't enact robust processes to comply with the law play a high-risk strategy. Why? Because, apart from severe reputational damage, the penalties for financial crimes (when the fine is unlimited) can be staggering.
For example, in late 2022, for corporate law violations, the UK's SFO (Serious Fraud Office) fined Glencore Energy a massive £280 million.
Will the government dish out nine-figure fines for Failure to Prevent Fraud infractions? Currently, that's anyone's guess. However, history tells us that when governments in jurisdictions worldwide impose unlimited penalties for financial crimes, such as fraud and money laundering, astronomical fines often send shockwaves across the business world.
We will now reveal three crucial tips for internal controls and compliance teams to help prepare for the Failure to Prevent Fraud Offence.
remQ is a continuous monitoring software for SAP ERP and S/4HANA, with a large library of built-in controls that help check master data and business processes to avoid financial losses through errors and fraud. remQ can be set up in less than a day, works regardless of organization size and industry, requires no consulting project, and reduces the cost of compliance through automation.
As mentioned earlier in the article, the new legislation will likely become law in 2024, possibly in the latter half of the year. However, no one is sure when - it may arrive much sooner.
But something is certain: In a blink, we'll all suddenly be in the middle of next year, wondering where the time went. And it's imperative to start monitoring and keeping track of the latest developments.
Bookmarking and regularly checking the official policy paper from the UK government is a smart move, especially because it's getting updated frequently (as of writing, the last update was three days ago).
Setting up a google news alert is also a great way to ensure your team is more likely not to miss anything regarding the legislation.
The next action finance departments should make in 2023 to mitigate the risk of failing to comply with the Failure to Prevent Fraud Offence is to seek professional advice.
Consulting with legal professionals specializing in corporate fraud within the UK and with a proven track record in your business's industry is a wise option. In this article, we cannot make specific recommendations. Also, each sector presents unique internal controls vulnerabilities.
But here is some good news: Law firms are already all over this.
And it's likely that solicitors you may have a relationship with have prepared helpful information to get you started and can make some initial recommendations.
Finally, returning to the first tip about staying up to date with the latest developments, another piece of advice is to subscribe to newsletters that corporate fraud solicitors publish - many law firms have already released material regarding the Failure to Prevent Fraud Offence.
The next necessary action CFOs should take to mitigate the risk of failing to comply with the Failure to Prevent Fraud Offence is investing in technology. And specifically, embracing the future of internal controls: automation.
Internal controls processes are fundamental procedures to mitigate fraudulent activity by employees. And they are also vital because they help companies comply with increasing laws and regulations, such as the impending company fraud law in the UK.
But there is a growing problem. Ineffective manual internal controls procedures are no longer fit for purpose in a digitalized world of instant transactions 24/7.
It's astounding that with manual internal controls, it takes an average of 18 months for an organization to discover fraud - possibly far too late to avoid a financial penalty for a violation.
However, the incredible developments in regulatory and financial technologies are already proving to be a game-changer. And internal controls automation helps businesses reduce employee fraud and stay compliant because the technology can proactively detect and prevent issues in real-time.
To illustrate this, we can examine how automated internal controls software solutions, such as remQ (a VOQUZ Labs product), function.
In the case of remQ, which operates within SAP ERP and S/4HANA as an add-on, users are far more likely to stay compliant with the UK's Failure to Prevent Fraud Offence. Why? Because businesses can identify potential fraudulent activity by employees the moment it happens and take appropriate action (meeting the requirements of the new legislation).
VOQUZ Labs' Internal Controls Automation 101 guide will further help you learn more about the benefits, especially within a SAP ERP and S/4HANA environment.
The UK's Failure to Prevent Fraud Offence will likely pass (and immediately be law) in late 2024 at the latest. So, the good news is that there is still plenty of time to prepare.
We couldn't go through everything in this article, but here are some additional items that should also be on all internal controls teams' checklists in preparation for the new legislation:
To learn more about how remQ can assist your business with its goals to cut audit errors, reduce fraud, and stay compliant with laws and regulations within your SAP environment, you can learn more here.
Paul is a RegTech content writer & strategist with extensive experience in digital marketing and journalism. His work has appeared in the Guardian newspaper. He also holds a degree in International Relations, where he studied global sanctions compliance and cross-border finance.
Do you have any questions or something to add? Just leave us a message, please! Your message will be delivered by e-mail to us and will not be published.