Understanding the new 'Failure to Prevent Fraud' Offence in a Public Sector context

IndustriesPublic & Social SectorPublic and Social Sector insights

'Failure to Prevent Fraud' in the Public Sector

The UK Government has recently announced a new corporate criminal offence – the 'failure to prevent fraud' offence – within the Economic Crime and Corporate Transparency Act 2023.

Fraud is currently the most common crime in the UK, and this new offence is designed to drive a cultural shift, encouraging organisations to improve their prevention procedures and reduce instances of fraud. It strengthens existing powers to fine and prosecute organisations for fraud committed by their employees and agents, closing loopholes that have allowed organisations to avoid prosecution in the past.

This new offence holds large organisations, both in the public and private sectors, accountable for fraudulent activities committed by their employees or agents.

To be deemed a 'large' organisation, you must meet at least 2 of the following 3 criteria, in line with the Companies Act 2006:

  1. Turnover of more than £36m;
  2. Balance sheet of more than £18m; and
  3. More than 250 employees.

These criteria lead to a large majority of UK incorporated public bodies, as well as large charities, falling within the scope of the offence.

What is the 'Failure to Prevent Fraud' Offence?

This new offence makes a public sector organisation meeting the ‘large’ criteria liable if it fails to prevent a specified fraud offence from being committed by an employee or agent, and the fraud is intended to benefit the organisation. For example, an employee that has targets to meet may commit fraud to meet these targets, and as a result of meeting the targets, the organisation benefits.

The offence is committed where the organisation did not have reasonable fraud prevention procedures in place - it does not need to be demonstrated that organisation leadership encouraged or knew about the fraud.

In the current climate of tight public sector finances, public and social sector organisations cannot risk falling foul of this new offence and being faced with an unlimited fine, when straightforward fraud prevention measures and due diligence procedures can be implemented.

Reasonable fraud prevention procedures for Public Sector organisations

This new legislation means that public and social sector organisations are effectively required to review and enhance their anti-fraud systems and controls to cover fraud committed for their benefit by employees or agents. Full guidance on the new offence for public sector organisations from the Home Office is expected later in 2024.

The Government launched the Counter Fraud Functional Standard in 2018, which applies to all government departments and their arms-length bodies (for example the NHS), and is designed to provide guidance in relation to the management of counter fraud, bribery, and corruption. Other public sector organisations are not required to adopt this standard. However, they may be familiar with or already be complying with it on a voluntary basis, and should therefore understand and already have reasonable procedures in place to combat fraud.

Many public sector organisations at current may not have adequate measures in place in preparation for the failure to prevent fraud offence. The good news is that there is still time to rectify this and here are some reasonable procedures that public sector organisations can take:

  1. Fraud Risk Assessment: Conduct a thorough fraud risk assessment to understand and address the potential fraud risks within the organisation. Traditionally fraud risk assessments have been inward-looking, aiming to prevent fraud to the detriment of the organisation from employees or agents. But these now need to encompass the risk of employees or agents engaging in fraud which benefits the organisation.
  2. Policies and Procedures: Develop and implement robust policies and procedures to mitigate the fraud risks identified in risk assessments.
  3. Third Party Management: Third party companies supplying goods and services to and on behalf of an organisation may likely be considered agents in the context of failure to prevent. Therefore, they may be considered within the scope of the offence for the period they are engaged by a 'large' organisation, even if they themselves do not meet the 'large' criteria. Due diligence procedures need to be assessed to ensure that reasonable policies are in place to mitigate the risk that these agents commit fraud for the benefit of the 'large' organisation by which they are engaged.
  4. Training and Communication: Provide organisation-wide communications and regular mandatory training for employees about fraud, fraud risks, and the importance of fraud prevention.
  5. Monitoring and Review: Regularly review the effectiveness of the fraud prevention procedures, monitoring performance, and make necessary adjustments.
  6. Reporting Mechanisms: Establish clear mechanisms within the organisation and for external parties for the reporting of suspected fraudulent activities.
  7. Investigation and Enforcement: Ensure that reports of suspected fraud cases are adequately recorded, thoroughly investigated, and appropriate actions taken.
  8. Governance: Ensure that an appropriate governance structure is established to oversee fraud prevention programs. Identify accountability for oversight of the development and implementation of such programs by Board Members and Audit and Risk Committees. 

How can we help?

Mazars has a team of counter fraud specialists who can provide services to assess your organisation’s level of readiness for the new failure to prevent fraud offence, as well as assisting with in-depth reviews of current arrangements and assistance with the implementation of new policies and procedures related to fraud prevention.

In addition to this, Mazars through its internal audit services can help provide assurance and support in areas considered to be a high fraud risk (such as procurement, government grants and funding, payroll), as well as undertaking validation of existing self-assessments and policy/governance reviews. 

Examples of Public Sector organisations falling foul of the offence

Example 1:

A public sector organisation engaged a third-party supplier via a tender. The tender was won due to the attractive pricing and value for money, saving the organisation costs on a large contract in comparison to an existing contract.

However, during the contract, it was revealed that the supplier was cutting corners and was using illegal means to fulfil their commitments.

Had the public sector organisation had adequate due diligence procedures in place, it would have conducted appropriate checks during the procurement exercise and revealed that there was adverse media in relation to this supplier.

The example demonstrates that the decision makers can often be motivated to award the contract solely based on the attractive pricing, rather than conducting a rigorous and proper process. As the actions of the third-party company could be considered fraudulent, the organisation may be held liable under the 'failure to prevent fraud' offence.

Example 2:

A local council engaged a third-party supplier via a tender. The tender was won due to an extremely competitive pricing proposal, which represented a cost-saving for the council.

However, it was later established that an employee at the council was manipulating the tender process by falsely informing suppliers that lower bids had been received and pressuring them to reduce their prices.

Upon review, it was noted that the employee was solely in charge of the entire tender process, as the council did not have adequate procedures for oversight of this employee, or any formal segregation of duties in the tender process.

The actions of the council employee could be considered fraudulent due to misrepresenting the tender process. Consequently, the council could potentially face legal repercussions under the ‘failure to prevent fraud’ offence due to their lack of robust processes and procedures.

Example 3:

A charity organisation engaged a third-party to conduct a fundraising campaign to gather donations within the local area. The company secured a contract by promising strong donation increase for the charity.

However, it was later uncovered that the third-party operatives have been achieving strong results during this and prior fundraising campaigns by employing illegal sales techniques and manipulating donors emotionally.

Upon further investigation, it was revealed that the charity’s procurement and oversight procedures were inadequate in failing to prevent this fraudulent activity, as the charity had neither assessed the reputation of the third party at onboarding, nor monitored the sales techniques employed by the third‑party operators during the course of the fundraising campaign.

The unethical sales techniques and emotional manipulation could be considered as fraud and therefore, the charity may be held liable under the 'failure to prevent fraud' offence.

Get in touch

To speak to one of our fraud experts, get in touch today.

Contact us 

Key contacts

Contact us

+44 20 7063 4000
Meet our local team
Discover our offices
Or use our contact form