Failure to Prevent Fraud: A New Era of Liability

The landscape of corporate criminal liability is rapidly changing. Historically, prosecuting corporations for fraud required proving direct involvement from senior management. However, a growing trend – the ‘failure to prevent fraud’ offense – is shifting the burden of responsibility. This means companies can now be held criminally liable for fraudulent acts committed by employees, even if senior leaders weren’t directly involved. This article will break down this new standard, explore its implications, and outline how organizations can build effective fraud prevention programs to mitigate risk.

Key Takeaways

New Standard of Liability: Companies can be prosecuted for fraud committed by employees, regardless of senior management's direct involvement.

Proactive Compliance is Crucial: A robust fraud prevention program is no longer optional; it’s a necessity for mitigating legal and financial risk.

Global Impact: While originating in the UK, similar legislation is being considered in other jurisdictions, including the US and EU.

Focus on Prevention: The emphasis is on demonstrating a genuine commitment to preventing fraud, not just reacting to incidents.

The Rise of 'Failure to Prevent' Offenses

The concept of ‘failure to prevent’ offenses originated in the UK with the Bribery Act 2010. This law established that commercial organizations could be held liable if they failed to prevent bribery, even if the bribery was committed by an associated person (e.g., an employee, agent, or subsidiary). In 2017, the Criminal Finances Act expanded this principle to cover fraud, money laundering, and tax evasion. This means that a company can be convicted of a crime if it doesn't have adequate procedures in place to prevent these offenses, even if it didn’t know about or authorize the criminal activity.

Historically, prosecutors needed to prove a ‘directing mind’ – that a senior manager knowingly facilitated the fraud. This was often difficult to establish. The ‘failure to prevent’ offense eliminates this requirement, making it significantly easier to prosecute corporations. The focus shifts from proving intent to evaluating the adequacy of the organization's compliance program.

Understanding Corporate Criminal Liability

Corporate criminal liability is the legal responsibility of a company for the actions of its employees and agents. The penalties for conviction can be severe, including substantial fines, reputational damage, and even the disqualification of directors. The shift towards ‘failure to prevent’ offenses dramatically increases the risk of prosecution.

For example, in 2022, a UK-based financial services firm was investigated for a multi-million pound fraud scheme perpetrated by a rogue employee. While the firm claimed it was unaware of the fraud, investigators found significant gaps in its anti-fraud controls. The firm ultimately faced a substantial fine and a lengthy investigation, even though no senior executives were directly involved in the fraudulent activity. This case illustrates the power of the new standard.

What Constitutes an Adequate Fraud Prevention Program?

Simply having a policy against fraud isn’t enough. Prosecutors will assess the entire program, looking for evidence of proactive risk assessment, robust internal controls, and ongoing monitoring. Key elements of an adequate program include:

• Risk Assessment: Regularly identify and assess fraud risks specific to your organization, industry, and geographic locations.
• Policies and Procedures: Develop clear, comprehensive policies and procedures addressing fraud prevention, detection, and reporting.
• Training: Provide regular training to all employees, especially those in high-risk roles, on fraud awareness and prevention.
• Internal Controls: Implement robust internal controls, such as segregation of duties, authorization limits, and regular audits.
• Reporting Mechanisms: Establish confidential and accessible reporting channels for employees to raise concerns about potential fraud.
• Investigation Procedures: Develop clear procedures for investigating suspected fraud incidents.
• Continuous Monitoring: Regularly monitor transactions and activities for suspicious patterns.

The Global Expansion of 'Failure to Prevent'

While the ‘failure to prevent’ offense originated in the UK, its influence is spreading. The US Department of Justice (DOJ) has signaled its intention to adopt similar principles, emphasizing the importance of proactive compliance programs. In Europe, discussions are underway regarding the harmonization of corporate criminal liability laws, which could include a ‘failure to prevent’ standard. Companies operating internationally must be aware of these evolving legal landscapes and adapt their fraud prevention strategies accordingly. According to the Association of Certified Fraud Examiners (ACFE), organizations with strong anti-fraud controls experience 41% fewer fraud incidents, highlighting the direct correlation between proactive measures and reduced risk.

How Didit Helps

Didit provides a comprehensive identity platform designed to help organizations mitigate fraud risk and meet their compliance obligations. Our solutions include:

• Identity Verification: Robust ID document verification with automated fraud detection.
• Liveness Detection: Advanced liveness checks to prevent spoofing attacks.
• AML Screening: Real-time screening against global sanctions lists and watchlists.
• Fraud Signals: Analysis of IP address, device data, and behavioral signals to identify suspicious activity.
• Workflow Orchestration: Customizable workflows to automate fraud prevention processes.

By integrating Didit into your compliance framework, you can demonstrate a proactive commitment to preventing fraud and reduce your exposure to legal and financial risk.

Ready to Get Started?

Don't wait until it’s too late. Protect your organization from the growing threat of fraud and the consequences of 'failure to prevent' offenses.

Request a demo today: https://demos.didit.me

Learn more about our pricing: https://didit.me/pricing

FAQ

What is the difference between 'knowing' fraud and 'failing to prevent' fraud?

Traditionally, proving corporate criminal liability required showing that the company, through its senior management, “knew” about and facilitated the fraud. ‘Failure to prevent’ shifts the burden. It focuses on whether the company had adequate systems and controls in place to reasonably prevent fraud, regardless of whether anyone within the company knowingly participated.

What industries are most at risk of prosecution under 'failure to prevent' laws?

While all industries are potentially at risk, those with higher fraud rates or greater regulatory scrutiny are particularly vulnerable. These include financial services, healthcare, e-commerce, and any sector dealing with large sums of money or sensitive data.

How can I demonstrate that my company has an ‘adequate’ fraud prevention program?

Documentation is key. Maintain detailed records of your risk assessments, policies, training programs, internal controls, and investigation procedures. Regularly review and update your program to ensure it remains effective and aligned with evolving best practices. The UK’s Serious Fraud Office (SFO) provides guidance on what constitutes an adequate program.

Is insurance coverage available for 'failure to prevent' offenses?

Coverage can be complex and often limited. Many Directors & Officers (D&O) policies have exclusions for criminal acts. It’s crucial to review your insurance policies carefully and consider supplemental coverage if necessary. Proactive fraud prevention is still the most effective way to mitigate risk.