Major Reform of Financial Crime Regulation

With the enactment of the Economic Crime and Corporate Transparency Act (ECCTA) in October 2023, this year has brought with it major reform in how the UK regulates financial crime – and particularly fraud. ECCTA has introduced a number of significant changes to the existing financial crime regime, including a new failure to prevent fraud offence, a modified regime for establishing corporate criminal liability, expanded powers for the Serious Fraud Office (SFO), and a series of other reforms designed to make it harder for criminals to carry out illicit activities, and to launder the proceeds of such activities, in the UK.

The passage of ECCTA presents two big questions. First, will the SFO, the main agency in the UK responsible for investigating and prosecuting cases involving serious financial crime, make full use of its new powers? After several high-profile disappointments in recent enforcement actions, commentators have questioned whether the SFO has the necessary direction and resources to prosecute the most significant and complex financial crime cases, notwithstanding the arsenal of legislative tools at the agency’s disposal.

Second, will the SFO now pivot away from bribery and corruption enforcement and concentrate instead on major fraud? Reported figures for fraud have shown an increase in recent years and it is currently the most common criminal offence in the UK. There would seem to be more public and government appetite to prosecute fraudsters than perpetrators of other types of economic crime – including bribery. Whereas bribery offences often involve distant jurisdictions and may not directly hit the pockets of UK taxpayers, the effects of fraud domestically are immediate and painful. With the SFO’s resources under competing pressures, and the government prioritising a crackdown on fraud, will bribery enforcement take the hit? Also, where conduct may demonstrate both the characteristics of bribery/corruption and fraud, will the prosecutor now look to potential fraud offences in preference to bribery/corruption offences?

New failure to prevent fraud offence

In the year ending September 2022, fraud amounted to 41% of all crime in the UK and the introduction of robust legislation to combat this type of crime has long been a priority of the government. The new failure to prevent fraud offence (the “FTPF Offence”) is yet another manifestation of the broader failure to prevent model, which has proved popular with governments in recent years, and which requires corporates to take reasonable measures to prevent financial crime offences at source. Corporates failing to do so face criminal liability – even if they had no substantive involvement in, or knowledge of, the commission of the underlying offence.

Unsurprisingly, the FTPF Offence is similar to the existing failure to prevent offences in the UK Bribery Act 2010 and the Criminal Finances Act 2017. Under the new FTPF Offence, an in-scope organisation will be criminally liable if an “associated person” commits a relevant fraud offence intending to benefit either the organisation or those to whom the associated person provided services. “Associated persons” include employees, agents, subsidiaries, and other persons who perform services on the organisation’s behalf. Its coverage under the FTPF Offence is potentially wider than under the UK Bribery Act 2010.

In contrast to the existing failure to prevent offences, the FTPF Offence only applies to organisations that meet at least two of the following requirements in the financial year preceding the year of the fraud offence.

• More than 250 employees.
• More than GBP36 million in turnover.
• More than GBP18 million in total assets.

Accordingly, for now, the new offence does not apply to small businesses and only captures a small proportion of medium-sized businesses. However, the Secretary of State has the power to amend these thresholds through secondary legislation and we may see them reduced over time.

The FTPF Offence applies in respect of a range of predicate fraud offences including, for example, fraud by false representation, by failing to disclose information, or by abuse of position, as well as false accounting, fraudulent trading, and cheating the public revenue. Types of fraudulent conduct potentially falling within the ambit of the FTPF Offence are very broad and include dishonest sales practices, concealing important information from consumers or investors, and dishonest practices in financial markets. Notably, however, the FTPF Offence does not apply in respect of money laundering offences because parliament considered that these are already covered in an existing regime. Again, the Secretary of State has the power to modify the FTPF Offence by adding other offences relating to economic crime.

An organisation convicted of an FTPF Offence can be given an unlimited fine. However, an organisation will have a defence if it can establish that, at the time the fraud was committed, the organisation had in place reasonable procedures to prevent fraud. The government will soon publish guidance on what constitutes “reasonable procedures” in the context of preventing fraud. It should be noted that under ECCTA the test is “reasonable’’ and not ‘‘adequate’’ as it is under the UK Bribery Act 2010. Nothing may turn on this in practice but there is a distinction between something that is reasonable as opposed to adequate which one could interpret as a stricter test than is the case with reasonableness. Notwithstanding this, the authors expect that the government’s guidance will echo the high-level principles reflected in the guidance for the existing failure to prevent offences, such as top level commitment, proportionate policies and procedures, due diligence, communication and training, monitoring and review, and risk assessments. The FTPF Offence will come into force after the government publishes this guidance.

New corporate criminal liability regime

Law enforcement agencies and government representatives have long been calling for reform to the law on corporate criminal liability, which was both outdated and, for many corporates, largely ineffective. Although not going as far as some may have wanted or lobbied for, these agencies will be pleased to see that ECCTA has addressed this issue for certain economic crimes.

So, what was the issue with the old regime? Historically, any offence requiring proof of a mental element (eg, knowledge or suspicion) was only imputable to a corporate where the offence was committed by a person representing the corporate’s “directing mind and will”. This test, known as the “identification principle”, has long frustrated law enforcement agencies in cases against large organisations, whose complex and devolved management structures make it almost impossible to identify the individuals ultimately responsible for misconduct. There are several high-profile examples of the English courts throwing out cases against large organisations that were predicated on the identification principle. In SFO v Barclays PLC, for example, the English Court of Appeal held that Barclays was not criminally liable for the conduct of its CEO or group finance director on the basis that they did not necessarily have the authority to approve or bind the business to the decisions they took. This decision emphasised that even the most senior individuals within an organisation will not always constitute the company’s “directing mind and will” for the purpose of corporate criminal liability.

Over time, this has resulted in a two-tier justice system for corporates that penalises smaller companies, who might only have one or two individuals responsible for management decisions, and are therefore far easier to prosecute under the identification principle, while essentially allowing larger companies to turn a blind eye to criminal conduct committed by their employees.

ECCTA goes some way to addressing this issue by modifying the identification principle. Under the new law, an organisation will be criminally liable for a relevant offence if the offence is committed by a senior manager acting within the actual or apparent scope of their authority. A “senior manager” is any person who plays a significant role in making management decisions about all or a substantial part of the organisation’s activities, or in actually managing or organising such activities. For in-scope offences, there will no longer be any requirement for a prosecutor to establish that the individual who committed the underlying criminal act(s) was the organisation’s “directing mind and will”.

For now, the expanded corporate criminal liability regime only applies to certain specified economic crimes, such as bribery, theft, money laundering, fraud, false accounting, fraudulent trading, and various other statutory and common law offences. However, the Secretary of State has the power to add further offences through secondary legislation, and the government has already pledged to reform the identification principle for all criminal offences when a suitable bill arises.

Expansion of SFO powers

ECCTA also enhances the SFO’s power to compel individuals and corporates to provide information before a formal investigation is opened. Section 2A of the Criminal Justice Act 1987 empowers the SFO to compel the production of information in overseas bribery cases. ECCTA expands this power so that, in addition to international bribery, it also applies in respect of domestic bribery, as well as cases concerning other types of economic crime. In the SFO’s Strategic Plan 2022–2025, the agency emphasised that the use of Section 2A powers at the “earliest possible stage usually results in high-quality targeted intelligence packages, which allow an investigation to advance more quickly”, and noted that it wanted this power expanded so it could be used in other cases, in addition to foreign bribery. The SFO got its wish, and we can expect the agency to put this new power to good use in all of its investigations – for both bribery and fraud.

Other reforms

In addition to the powers that will directly benefit the SFO, ECCTA also introduces a series of other reforms designed to make it harder for criminals to operate and launder criminal property in the UK. One of the most significant is the long overdue reform of Companies House. A history of weak controls and an absence of investigation powers for the Registrar has made it all too easy for criminals to exploit the register of companies for illicit activities. For years, criminals have incorporated and used UK companies to add a veneer of legitimacy to their illicit operations, while providing false information about key individuals to ensure criminals cannot be connected to these entities. The recent surge in authorised push payment fraud is a good example of how criminals have successfully exploited Companies House to extract money from victims. One popular scheme used by fraudsters involved incorporating an entity using the name of a legitimate corporate (“A”) and then masquerading as A to request a payment from one of A’s debtors. If the debtor conducted any due diligence on the sham entity prior to making payment, they would see it registered on Companies House, assume the sham entity was A or part of A’s corporate group, and often make payment.

ECCTA is likely to make it more difficult for criminals to abuse the register for the purposes of financial crime. For example, the new law grants the Registrar the power to query information, reject information that seems incorrect or inconsistent with information already on the register, and share information with enforcement agencies. ECCTA also introduces identity verification requirements for new and existing directors, Persons with Significant Control, and those providing documents to Companies House. In addition, ECCTA changes the law relating to limited partnerships, including by tightening the Companies House registration process, increasing transparency requirements, and establishing more significant penalties for non-compliance.

Other reforms include giving enforcement agencies new powers to seize and recover cryptoassets. The NCA’s National Assessment Centre estimates that over GBP1 billion of illicit cash was transferred overseas using cryptoassets in 2021. ECCTA has introduced provisions for police and the NCA to seize cryptoassets more easily and convert them into money before a forfeiture hearing has taken place. In exceptional circumstances, there will also be a power to destroy seized cryptocurrency.

Further, by enhancing the Register of Overseas Entities Regime, if the necessary investment is provided to make the register effective by monitoring, investigating, and prosecuting those who are in breach of the requirements to register ownership, then it should be more difficult for criminals to own UK land through overseas companies.

Signs of Change at the SFO?

The last few years have seen mixed results for the SFO. There is no doubt that the agency has achieved some successful enforcement actions. For example, the GBP280 million paid by Glencore after it was convicted in 2022 of a bribery scheme to gain preferential access to oil in Africa represented the largest amount ever ordered in a corporate criminal conviction, and encompassed the largest confiscation order ever in an SFO case. However, there have also been some significant failures. The collapse of the SFO’s cases against two former directors of Serco in 2021 and three G4S executives in 2023 following serious disclosure failures by the agency are perhaps the most notable.

As a result, some lawyers and commentators have called into question the leadership of former SFO director Lisa Osofsky, and, more broadly, whether the agency is sufficiently resourced to achieve its mission. Further, enforcement agencies, including the SFO, have not always been the quickest to deploy new investigative and enforcement powers created by the government. For example, the introduction of the UK Bribery Act did not precipitate a flood of anti-bribery enforcement actions, after it was introduced in July 2011. Similarly, Unexplained Wealth Orders (UWOs) were greeted with much fanfare when they were first introduced in 2017 but were used sparingly by investigators, including the SFO. It should be noted, however, that amendments to the legislation relating to UWOs may result in an increase in the number of such orders being sought.

There are signs of change at the agency – including the new director. As ever, though, its success will also depend on how effectively the government is prepared to back the SFO – and this will require significantly more investment.

New SFO director

On 25 September 2023, Lisa Osofsky was replaced by Nick Ephgrave, the former Assistant Commissioner of the Metropolitan Police Service. While his appointment came as a surprise to many lawyers and commentators in the white-collar crime space, Ephgrave has considerable experience at the top of UK law enforcement. He has served as Chair of the National Police Chiefs’ Council Criminal Justice Co-ordination Committee and held roles on the Criminal Procedure Rules Committee and the Sentencing Council. As a result of his experience at the top of the Metropolitan Police, Ephgrave will be especially well connected in the UK and international law enforcement communities, and it is likely that the SFO will become more collaborative with other agencies in the UK and beyond in their investigations and enforcement actions.

New SFO directors almost always bring fresh energy and perspectives to the role and a desire to hit the ground running. However, Ephgrave will be particularly keen to do so. He will be mindful of the SFO’s recent failings, the question marks surrounding the SFO’s reputation, and the increased expectations on the SFO that invariably follow significant pieces of legislation, like ECCTA. Ephgrave will want to make an impact quickly.

Focus on resolving operational challenges

The SFO is also clearly alive to the operational challenges it faces in its investigations and prosecutions – and committed to resolving them. A perennial issue for the SFO has been having enough people to staff existing cases, which are invariably labour-intensive, while also being able to open new investigations when new intelligence comes to light. The SFO’s Business Plan 2023–2024 is highly focused on hiring and retaining the people it needs to deliver on its mission and ensuring that those individuals have the requisite skills to perform effectively. For example, the Business Plan contains commitments to increase the SFO’s permanent headcount, explore and develop new compensation options for staff, and provide employees with the right combination of leadership and technical skills.

Another significant issue for the SFO in recent years has been its performance on disclosure – most notably in the Serco and G4S cases referred to above. In addition to making internal improvements to the SFO’s systems and processes around disclosure, the SFO has called on the government to change the rules on disclosure in criminal cases to make it easier for the agency to prosecute offenders. The SFO’s Strategic Plan 2022–2025 states that the substantial volume of data in each SFO case, and the concept of “relevance” that applies in disclosure, exposes the agency to disproportionate operational risks. The Strategic Plan cites the Rolls Royce investigation as an example, which generated 30 million documents, and the comment of Lord Justice Gross that “the burden of disclosure should not render the prosecution of economic crime impractical”.

So, will this plea for help from the SFO lead to an overhaul of the disclosure rules in criminal cases? The SFO and other law enforcement agencies/leaders have had some success in influencing government. For example, the same Strategic Plan also called for a change to the rules on corporate criminal liability and an expansion of the SFO’s powers under Section 2A of the Criminal Justice Act 1987. The UK government has already delivered on those requests. However, the process of disclosure is such an important and integral part of the UK criminal (and civil) justice system that to try to reduce or manipulate the obligation to give full disclosure of all relevant material must be examined very carefully before it is tampered with.

2024 and Beyond

So, what can we expect from the SFO as we move into 2024? Inevitably, the type of enforcement actions brought by the SFO will be driven largely by available intelligence. For example, if the SFO receives leads on significant bribery issues, those cases will likely dominate the enforcement landscape in the coming months and years at the expense of other types of economic crime.

However, following the passage of ECCTA, we expect that, over time, we will see the SFO focusing increasingly on fraud. Ultimately, fraud is a much bigger problem than bribery in the UK in terms of both its pervasiveness and impact on UK-based victims. As a result, the UK government is under more pressure to crack down on fraud than on any other type of economic crime and that pressure will percolate down to the SFO.

The authors also think the agency is likely to become more effective at investigating and prosecuting serious economic crime than it has been in recent years. The SFO has powerful new tools at its disposal following the passage of ECCTA, including the FTPF Offence and the new rules on corporate criminal liability. It has clear plans in place to address its main operational problems, including with respect to headcount and performance during disclosure processes, and it has proven that it is able to influence legislation to obtain new powers and remove operational challenges (and that it intends to keep doing so), ultimately making it a more effective enforcement authority.

Further, the spectre of more Deferred Prosecution Agreements (DPAs) looms large and should not be ignored. The introduction of DPAs (extended to the new FTPF Offence) has been a success in recovering fines and the disgorgement of ill-gotten gains and, although the Glencore conviction demonstrates that the SFO will seek criminal convictions where DPAs may not be appropriate or available, the authors suspect that the SFO and other agencies will encourage more self-reporting and co-operation in return for DPAs.

Consequently, the authors think there will be a greater number of investigations and enforcement actions as we move into 2024 and beyond, together with the continuing trend of law enforcement agencies looking to DPAs as a solution to otherwise long and complicated investigations and prosecutions.