Preparing for the UK’s Economic Crime and Corporate Transparency Act
June 2024 | SPOTLIGHT | FRAUD & CORRUPTION
Financier Worldwide Magazine
June 2024 Issue
The cost of fraud in the UK more than doubled to £2.3bn in 2023, according to BDO’s ‘FraudTrack’ report, with the number of reported cases rising by 18 percent to a three-year high.
Employees can commit fraud in a wide variety of ways, including dishonest sales practices, hiding important information from consumers or investors, and dishonest practices in financial markets. Individuals, other organisations or the taxpayer may end up defrauded and out of pocket as a result.
The question for organisations is how to defend against this ongoing tsunami of fraudulent activity.
The ECCT
The UK’s Economic Crime and Corporate Transparency Act 2023 (ECCT) comes into force during 2024. The Act has many components but, in terms of fraud, certain organisations will be liable where a specified fraud offence is committed by an employee or agent, for the organisation’s benefit, and the organisation does not have reasonable fraud prevention procedures in place.
Organisations are in scope of the ECCT if they meet two of the three following criteria: they have (i) more than 250 employees; (ii) more than £36m in turnover; and (iii) more than £18m in total assets. Such organisations are required to implement ‘reasonable procedures’ to comply with the ‘failure to prevent fraud’ component of the Act.
Principally, organisations will be held to account and discouraged from turning a blind eye to fraud committed by employees, or other associated persons, which may benefit the organisation. There is therefore a need to implement or improve fraud prevention procedures, leading to a change in corporate culture to help prevent fraud.
But what constitutes reasonable procedures? It is important not to confuse or rely on those procedures implemented for other financial crime purposes – such as bribery – as all procedures need to be specific to fraud.
The first step is to conduct a fraud risk assessment. This document should comprehensively outline current fraud risks across the organisation, evaluate the probability and impact of those risks, and identify how bad actors might try to compromise existing control frameworks.
A comprehensive fraud risk assessment will help organisations identify vulnerabilities, detect fraud earlier and strengthen their overall risk profile. Risk assessments must be reviewed on a regular basis and updated according to the organisation’s operations.
Top level commitment, also known as ‘tone from the top’, means the responsibility for fraud lies with those charged with the governance of the organisation. The board, directors and the senior leadership team, as opposed to just the chief executive or managing director, should be committed to preventing staff and associated persons from committing fraud.
Moreover, they should adopt an organisational culture in which fraud is never appropriate, and should reject ‘income’ derived from or aided by fraud. Those at the top must lead by example, cascading the message throughout the organisation.
They should commit to acting with integrity, honesty, transparency and responsibility, and be accountable for the tone, culture, behaviours and consequences of all who play a vital part in running the organisation, whether employees, contractors or suppliers. Doing so helps to detect and prevent financial crime arising within their organisation.
C-suite leaders, including the chief executive and the chief financial officer, often say there is no fraud taking place within their organisation. But how much compliance do they undertake in terms of fraud awareness and education? Many leaders admit to undertaking none, which in itself is a worrying situation.
Education and awareness
Education and awareness play a significant role in fraud risk management. If employees do not know what constitutes fraud, how can they be expected to uncover it, let alone report it?
The ECCT should discourage organisations from turning a blind eye to fraud. It will encourage more organisations to implement or improve prevention procedures, driving a major shift in corporate culture. And while the involvement of senior management will vary depending on the size and structure of the organisation, these individuals should emphasise the organisation’s stance on preventing fraud.
Additionally, organisations need to ensure there is clear governance across their operations in respect of fraud prevention measures, with specific counter fraud policies and procedures that have board approval. All senior leaders should foster a culture in which staff feel empowered to speak up if they encounter fraudulent practices.
An organisation that has fraud prevention policies in place but fails to implement adequate procedures or train its workforce accordingly may find itself subject to prosecution.
A culture that normalises challenging fraud and raising concerns should be embraced. Where fraudulent activity is suspected, early intervention is best, so employees should be encouraged to speak up if they have any concerns, no matter how insignificant they may appear.
An education and awareness programme also needs to be complemented by robust governance. Fraudulent behaviour stems from motivation, rationalisation and opportunity, so enforcing the behaviours expected within an organisation can only be achieved by acting against those that cross the line.
As is frequently the case, a ‘fail to prepare, prepare to fail’ approach to fraud risk management should be embedded across all organisations. However, in many instances, organisations do not understand the extent of their exposure to fraud, never mind how to mitigate and manage such risks. The ECCT aims to change this, with severe penalties for organisations that fail to comply.
Robert Brooker is director of partnerships at Altia Solutions Ltd. He can be contacted on +44 (0)7904 803 649 or by email: robert.brooker@altiaintel.com.
© Financier Worldwide
BY
Robert Brooker
Altia Solutions Ltd.