What does new anti-fraud regulation mean for UK plc?

Legal experts are expecting the enactment of a series of new anti-fraud measures this year, particularly via the economic crime and corporate transparency bill. What effect will this have on British businesses?
Gettyimages 1366039494

This year is set to be a significant one for the legislative side of the fight against financial crime in the UK. That means there’s plenty of debate about it – in the Houses of Parliament, around boardroom tables and within legal chambers. 

Matt Horne worked for the National Crime Agency for nearly a decade, latterly as deputy director of investigations, before becoming head of policing at government at Clue Software at the end of 2022. He says that, while the legislation is rarely perfect, it remains a key weapon. 

“Developments in technology, increasing global connectivity and gaps in control are combining to drive the evolution of economic crime. There is an opportunity to turn the tide on this national security threat – and the time is now,” Horne declares.

Businesses concerned about ensuring their ongoing compliance with the law in this area would be well advised to keep tabs on the likely legislative developments. Here’s what they can reasonably expect to see this year.

The economic crime and corporate transparency (ECCT) bill

The ECCT bill passed through the House of Commons in just over four months and has already had its second reading in the Lords. It contains two much-discussed provisions, the first of which is the creation of a specific offence covering the “failure to prevent” an economic crime. 

This measure is long overdue, according to Emma Radmore, legal director at law firm Womble Bond Dickinson. 

There is an opportunity to turn the tide on this national security threat – and the time is now

“Finally, we’re getting an offence of failure to prevent fraud and false accounting for all UK businesses (an offence that companies commit when a senior manager is involved) and, for those subject to anti-money-laundering supervision, failure to prevent money-laundering,” she says. “All UK businesses should already have policies in place to prevent the facilitation of bribery and tax evasion. This new offence will broaden their need for risk assessments, top-level commitment and practical implementation.”

Radmore is referring to the Bribery Act 2010 and the Criminal Finances Act 2017, both of which already apply the “failure to prevent” model. But this has had limited success in securing convictions so far, because a person must hold a senior position in a company and be able to act autonomously to be held liable under these acts. The new “failure to prevent” provisions within the ECCT could make it easier to bring wrongdoers to justice. 

At present, the lack of specific legislation on corporate criminal liability in the areas of fraud, money-laundering and false accounting means that proof is required that someone involved in such crimes is a “directing mind and will” of their organisation. The final version of the ECCT bill, on the other hand, is expected to specify that a company’s “associated persons” – encompassing employees, agents and other intermediaries – are included when it comes to establishing corporate criminal liability.

That expansion of scope may sound alarming, but there’s no need for employers to panic, according to Alun Milford, a partner in the criminal litigation team at Kingsley Napley. He says that companies with reasonable prevention procedures in place would not be expected to police every action taken by their employees. 

Firms that operate ethically, understand where their risks lie and take proportionate steps to address these through appropriate compliance procedures should have nothing to fear

“Firms that operate ethically, understand where their risks lie and take proportionate steps to address these through appropriate compliance procedures should have nothing to fear,” Milford explains. 

But Francesca Titus, a barrister and partner at McGuireWoods, foresees another potential problem for employers. “If this offence becomes law, companies will be spending millions trying to show that they did all they could to prevent those they do business with from committing financial crimes,” she predicts. “The trouble is, the law won’t discriminate on the size of company involved. It will hit all organisations, not just those the Serious Fraud Office wants to target.”

Reforms to Companies House 

The second ECCT provision that’s prompted much debate centres on procedures at Companies House. The bill incorporates measures designed to prevent fraud and money-laundering by requiring more detailed information in applications for company registration and imposing more stringent checks on applicants. 

Ivan Heard, global head of fraud solutions at software firm Quantexa, observes that the UK’s relatively frictionless process of company formation applies “little to no scrutiny” on applications and those making them. 

“The ECCT bill should give Companies House the mandate to proactively verify individuals when they register, helping to prevent bad organisations from gaining access to the system,” Heard says.

But he adds that Companies House will need an increase in funding if it’s to adopt more sophisticated analytical tools. These could help it to monitor internal and external data sets for deeper assessments of businesses and individuals, supporting the rapid detection of suspicious shell companies.

Companies will need to assess whether there’s a legal basis for sharing the requested personal data.

Improved transatlantic co-operation

Signed last year, the US-UK data access agreement (DAA) requires both countries to ensure that their laws permit a telco in one jurisdiction to respond to direct requests for information made by a relevant authority in the other. 

This pact was designed with fighting transnational organised crime, terrorism and child exploitation in mind, but Helen Simm, a partner at law firm Browne Jacobson, stresses that it can also be invoked in investigations concerning fraud, bribery and money-laundering. 

She adds that the DAA raises some concerns about the data privacy rights of technology users. “Companies will need to assess whether there’s a legal basis for sharing the requested personal data. This may prove challenging for many, particularly while the provisions are new and have yet to be tested through the courts.”

A stronger grip on crypto assets

The UK government’s plans to regulate crypto assets more robustly may prove the most significant regulatory development this year. That’s the view of Indraneel Basu Majumdar, senior financial services solicitor at Harper James. 

The imposition of new rules could “profoundly affect” businesses in the sector, bringing them within the regulatory framework governing other financial products – and, potentially, allowing crypto assets to “grow and flourish as a valid asset class”, he predicts.

For now, though, it’s a case of softly-softly. “The phased regulatory approach will enable firms to assess where their businesses will be: within or without the regulatory framework,” Basu Majumdar says. “This is helpful for those who are looking to establish crypto businesses but are worried about the direction of travel.”