The UK Government has introduced a new corporate criminal offence under the Economic Crime and Corporate Transparency Act 2023, specifically targeting companies that fail to prevent fraud. This offence marks a significant shift in how corporate fraud is expected to be managed and prevented.
For large travel companies doing business in the UK, various activities are at-risk under the new offence, including dealings with regulators, insolvency protection providers (such as bond obligors and trade associations), shareholders, investors, banks, acquirers and consumers. It is therefore important that travel companies understand the new law and implement the preventative procedures which will reduce the risk of fraud and give a defence if there is fraud. The law is expected to come into force by 2025.
To be liable under this new offence, three primary elements must be present:
1. Commission of a fraudulent offence
An individual must commit a specific type of fraudulent act. Examples of such offences include:
2. Relevant relationship
The person committing the fraud must be an employee, agent or someone providing services for the company. This broad definition ensures that a wide range of potential fraudsters within an organisation’s ecosystem are covered, including travel agents appointed by the company.
3. Intended benefit
The fraudulent act must be intended to benefit the company itself or someone to whom the person provides services on behalf of the company (such as a travel supplier to the company).
It is important to note that a company can be held liable even if the management had no knowledge of the fraud being committed. An offence is punishable by an unlimited fine which will likely be calculated by reference to the size of the organisation, the seriousness of the offence and any aggravating or mitigating circumstances.
A crucial aspect of this legislation is that it holds companies accountable irrespective of whether the company’s management knew about the fraudulent act. This strict liability approach underscores the importance of having robust preventative measures in place.
One of the key defences available to companies under the new law will be the implementation of reasonable procedures designed to prevent fraud. These procedures need to be tailored specifically to the company’s operations and should stem from a comprehensive risk assessment that identifies potential areas of risk and the necessary measures to mitigate those risks.
The new failure to prevent fraud offence primarily targets “large organisations.” A company is considered a large organisation if it meets two or more of the following criteria:
1. Turnover: Annual turnover exceeds £36 million.
2. Balance sheet total: total assets exceed £18 million.
3. Number of employees: More than 250 employees.
This means that many travel companies operating in the UK, particularly those with substantial operations and revenue, will fall within the scope of this legislation. Small companies are generally not covered by this offence, but they may still wish to consider implementing fraud prevention measures as a best practice. They may also be required to do so by a trade partner if they are in a “relevant relationship” with that other company (e.g. a travel agent for a supplier).
Travel companies need to develop a system that is not only effective but also demonstrates due diligence in preventing fraud. Here are the steps involved in creating such a system:
1. Conduct a risk assessment: Identify areas where fraud could potentially occur within the company’s operations. For travel companies, this could involve:
2. Identify at-risk individuals and activities: determine which employees or agents are most likely to engage in fraudulent activities and in what context. This might include:
3. Implement preventative measures: based on the risk assessment, develop and implement policies and procedures designed to prevent fraud. These measures might include:
4. Document the system: Ensure that all policies and procedures are well-documented. This documentation should include the rationale behind each measure, the expected outcomes, and the process for regular review and updates.
5. Monitor and Review: continuously monitor the effectiveness of the fraud prevention system and make necessary adjustments based on feedback and evolving risks.
The UK Government has announced that it will publish detailed guidance on the reasonable preventative steps that companies should take to comply with this new legislation. This guidance will be crucial in helping companies understand and implement the necessary measures effectively.
Directors and senior managers play a pivotal role in the success of any fraud prevention strategy. Their responsibilities include:
The introduction of the new failure to prevent fraud offence under the Economic Crime and Corporate Transparency Act 2023 represents a significant shift on what companies are expected to do to manage and reduce the risk of fraud. For travel companies operating in the UK market, this legislation necessitates a proactive approach to fraud prevention. By understanding the requirements and implementing robust preventative measures, companies can not only comply with the law but also provide themselves with a defence if there is fraud of which the management were unaware.