The Failure to Prevent Fraud offence several months on - key learnings so far for charities

Charity Fraud Awareness Week - Day 2

We've spoken to and advised clients about the new offence (both before the go-live date and since) about what they need to do to protect themselves from the new offence. In particular, we have had many discussions and advised on how far clients (of all sizes) need to go (or should go) with their fraud prevention procedures.

We have prepared a short summary below of some of the themes and challenges that have arisen from those conversations and from the advisory work that we have recently undertaken.

Lack of awareness of the new offence or the expectations around it

First and foremost, one of the biggest challenges that organisations and charities are facing is not necessarily being fully aware of the reach of the new offence and its impact. This is not necessarily surprising as the failure to prevent fraud offence does not seem to have received the same coverage afforded to the Bribery Act back in 2010 (which also includes a failure to prevent offence).

Ultimately though, our experience suggests that many organisations have not (initially at least) fully understood the offence and what's required in terms of reasonable fraud prevention procedures. This may lead to fraud risk assessments not stretching far enough across the charity (and a lack of proper understanding of its own fraud risk as a result). It will also, inevitably, lead to an incomplete fraud prevention framework (because charities need to understand their fraud risk before they implement fraud prevention measures).

Further, there is a risk therefore that smaller charities (i.e. those that do not meet the large organisation threshold) are less familiar with the new offence. Again, that's unsurprising but there are good reasons why those charities may well nevertheless need to be cognisant of the offence such as:

The charity is part of a wider group of corporate structures and the overall group may therefore be a large organisation (requiring fraud prevention procedures to be flowed down throughout).
The charity is on the cusp of becoming a large organisation and so needs to ensure that it has reasonable fraud prevention procedures in place for when it does eventually "tip over" into large organisation territory.
The charity works with other third-party large organisations and will therefore be expected (and may be contractually required) to comply with the large organisations' reasonable fraud prevention procedures.
The charity would benefit from implementing risk-based fraud prevention procedures as a matter of good practice and to reduce its overall potential exposure to fraud.

Existing procedures and culture

Many charities will have procedures and controls in place already as part of their governance structure (which is of course helpful and contributes towards reducing fraud risk). However, we have observed that the internal messaging on fraud might not always be prominent enough and staff might not always appreciate why certain procedures are in place. That is, of itself, not necessarily a problem (because if the current procedures work well then the fraud risk ought to be effectively mitigated) but there will be a missed opportunity in those circumstances to educate staff on fraud risk and why it's important to consider as part of their day-to-day activities. In our view, only when an organisation takes advantage of that opportunity (where fraud prevention becomes part of its regular decision making) will it then be able to say that anti-fraud is truly embedded into its culture.

Charities should therefore carefully consider what their fraud prevention messaging and approach is (particularly in the light of the 6 principles which the government's failure to prevent guidance makes clear should feed into an organisation's reasonable fraud prevention procedures). Charities may therefore wish to consider measures such as:

Having a clear zero tolerance approach to fraud contained within a tailored policy.
Regular training for staff at levels in order to educate them and keep them up to date on evolving fraud risks.
Including fraud as a regular agenda item at board level and below.
Demonstrating that the focus on countering fraud comes "from the top".
Encouraging a culture of reporting potential fraud risks.

Without the above, counter fraud will not become part of the charity's culture and there's a risk of well written fraud policies being consigned to the proverbial dusty shelf.

Third-Party due diligence

The failure to prevent fraud offence means that charities can be liable for the fraudulent acts of its associates. This includes other organisations that might be working with or on behalf of the charity.

We have observed an inconsistent approach towards due diligence on such third parties.

Charities should incorporate suitable due diligence into their dealings with third parties and adopt a risk-based approach. It is unlikely (nor desirable) for charities to conduct the level of due diligence on third parties that they would conduct internally themselves but the charities that adopt such a risk-based approach (i.e. the ones that ask the right questions and come to a considered view on the fraud risk) are the ones that are more likely to be seen as having reasonable fraud prevention procedures in place.

Charities should go further than this though and make sure that any new contracts include provisions that deal with any fraud risk, and which gives the charity the ability to continually monitor this and to be able to distance itself from any fraud incident if one arises.

Investment

Lastly, another key challenge that we have observed is one of being able to secure the appropriate level of internal investment to: (a) conduct an appropriate audit of fraud risks; and (b) implement fraud prevention procedures.

That is likely to be for several reasons, but the key ones are likely to be an incomplete understanding of the new offence (and the requirements for a successful defence) and the relatively low number of convictions that have been achieved pursuant to the Bribery Act (which might suggest that the new offence is nothing too much to be concerned about). We think that a lack of concern on this basis is mistaken, as it seems clear to us (from both Charity Commission warning reminders and suggestions that the Serious Fraud Office is looking to prosecute non-compliance) that the failure to prevent offence has teeth and will "bite".

Charities should consider fraud prevention measures to be an investment rather than a cost particularly as the UK is now taking serious steps to address its reputation as being soft or ineffective on fraud. Investing in robust anti-fraud measures now is far more cost-effective than facing fines or reputational damage in the future. It is crucial, in our view, that charities are proactive in getting their reasonable fraud prevention measures in place.

Conclusion

The offence places significant responsibility on organisations to prevent fraud. By doing things like conducting risk assessments (which must come first), developing clear policies, and fostering an anti-fraud culture, charities can show that they have reasonable fraud prevention measures in place. A charity's culture plays a pivotal role in preventing fraud. A strong anti-fraud culture, where employees feel empowered to report concerns and understand the importance of compliance, is one of the most effective deterrents to fraudulent behaviour.

The failure to prevent fraud offence is here to stay and it is likely the tip of the iceberg in the UK's ongoing fight against fraud. If they have not done so already then charities should invest now in understanding their fraud risks and implementing fraud prevention procedures. The ones that do will protect themselves in the short term but will also make it far easier to stay on top of their reasonable fraud prevention procedures in the future (because they need to be regularly revisited in order to ensure that they stay up to date and to amount to a defence to the offence).

We are here to help. Whether you need support with risk assessments, policy development, or training, our team can provide tailored advice to ensure your organisation is well-prepared.