The continued creep of criminal law into the business sphere

April 2025  |  SPOTLIGHT | FRAUD & CORRUPTION

Financier Worldwide Magazine

April 2025 Issue

In 2025, companies will be increasingly expected to act as policeman, informant and star witness in the fight against fraud. The Serious Fraud Office (SFO) and the Financial Conduct Authority (FCA) will look to them to detect, investigate, prevent and then report crime, as well as support prosecutions. Legislation will also expect them to do so.

While there is a role for companies doing all the things you would expect, such as having internal controls and carrying out due diligence on the companies with whom they do business, actively pushing companies to report their own staff or agents for committing crime when it can land the company in trouble, is a step too far.

The SFO

In the autumn of 2024, the SFO issued a press release stating that, in the event of fraud, it should only be contacted by companies or whistleblowers. Members of the public that have been victims are now required to contact Action Fraud, a service that is in the process of being scrapped after journalists exposed damming failings.

Essentially, the SFO wants to increase corporate cooperation. This includes encouraging internal investigations with staff, provided the companies in question keep the SFO informed from an early stage with a view to businesses self-reporting financial crimes they uncover.

The legal function of any business will be all too aware of the enormous impact ‘internal investigations’ (often in fact for practical reasons undertaken by an external law firm) have on the day to day functioning of a business. Assembling the right team, setting the parameters of the investigation, considering legal privilege, coordinating with human resources to ensure employment laws are respected, addressing data privacy concerns, gather evidence, framing communication and reporting findings are all factors to have in mind.

Having the SFO in the background, which may step in at any time, will be of real concern to businesses. In the SFO’s five-year strategy, it highlighted that it would use new powers to compel the production of information from organisations even before investigations have been formally opened.

Whistleblowers

It is suspected that the majority of the SFO’s historic cases have come to the attention of the authorities via self-reports or whistleblowers.

However, given the small number of cases the SFO deals with each year and the danger of whistleblowers being identified through more information being given on this topic, there is a lack of statistical information about this. Nick Ephgrave, the current director of the SFO, has spoken of his desire to explore incentivisation of whistleblowers. For example, Mr Ephgrave is keen that whistleblowers should be paid.

Currently progressing through parliament is The Office of the Whistleblower Bill, which aims to establish an independent office of the whistleblower (OWB) to protect whistleblowers. The Bill sets out how the OWB will be empowered to set, monitor and enforce minimum standards for the management of whistleblowing cases.

If the OWB is created, it will lead to changes in how organisations deal with whistleblowers who may choose to go to the OWB rather than report internally. Many organisations will now be looking at ensuring they have robust internal protections for those wishing to make disclosures and will likely need to revisit their current procedures.

The Financial Conduct Authority (FCA)

The FCA already encourage people to make whistleblowing reports directly to them in confidence.

The FCA’s approach to tackling financial crime involves the firms it regulates having robust systems in place to ensure they are not used for fraud, and to take active steps and evidence their approaches to protecting consumers.

The FCA expects firms to be proactive in stopping clients becoming victims of fraud and to welcome supervision by the FCA. The FCA is actively setting higher standards for the financial services industry and is vocal about how criminal enforcement will be used as a deterrent.

The Economic Crime and Corporate Transparency Act 2023

A new law in the UK aims to improve transparency of corporate entities and prevent economic crime. It is designed to promote the UK as a safe place to do business, support national security and disrupt financial crime.

The 2023 Economic Crime and Corporate Transparency Act (ECCTA) introduces the most fundamental reforms to company regulation since the 1800s. The Act aims to prevent the abuse of corporate structures by stopping fraudulent companies being registered and making it easier to shut down those already created.

ECCTA creates a new offence holding organisations liable where employees, agents, subsidiaries or other ‘associated person’ commit a fraud intending it to benefit the organisation. There is only one defence and that puts the burden on the company to have reasonable fraud prevention procedures in place.

The offence applies to all large incorporated bodies, subsidiaries and partnerships, large not for profit organisations such as incorporated charities and incorporated public bodies. ‘Large organisations’ must meet at least two of the following criteria: a turnover of more than £36m, a balance sheet total of more than £18m and have more than 250 employees.

Although the law, when it comes into force on 1 September 2025, is only applicable to large organisations, the government has already indicated that the principles may be helpful to smaller organisations. It is therefore possible that we will see the law widened to incorporate other sizes of organisation in the near future.

Furthermore, ECCTA guidance requires organisations to demonstrate that they have adequate fraud prevention procedures in place by: (i) having a top level commitment to preventing fraud; (ii) ensuring comprehensive risk assessments have been undertaken; (iii) implementing proportionate risk-based prevention procedures; (iv) carrying out due diligence; (v) communicating policies and evidencing staff training; and (vi) monitoring and reviewing procedures.

As the government states, the aim of the ‘failure to prevent’ fraud offence is to make it easier to hold organisations to account for fraud committed by employees, or other associated persons, which may benefit the organisation, or, in certain circumstances, their clients. In theory, the new law will make it easier to criminally prosecute corporates for failing to stop their staff or others linked to the business from committing fraud and at the same time prosecute the individuals who actually committed the offence.

Even for organisations that already have robust and well implemented anti-fraud and corruption policies in place, the new law will bring increased costs as those policies are revisited. No business is an island, and it appears the criminal law is increasingly looking for entities to be more circumspect when choosing with whom to do business.

Who will cover the costs?

Unlike the SFO, the FCA acknowledges there is often a great cost in having financial crime controls in place, but offers no firm solutions. There is no other area of criminal activity where the witnesses or victims are made responsible for preventing crime, gathering evidence and investigating wrongdoing. Why should corporate crime be different?

The way to fight fraud is by having a powerful deterrent and efficient law enforcement that takes swift and decisive action against wrongdoers, not by passing the buck to business.

Conclusion

2025 will see the continued creep of corporate criminal law into the business sphere. This, in turn, will increase the costs of doing business alongside the ever-present threat of an investigation, regardless of whether a business or its employees has in any way been involved in criminality.

 

Francesca Titus is a partner at McGuireWoods. She can be contacted on +44 (0)20 7632 1685 or by email: ftitus@mcguirewoods.com.

© Financier Worldwide

BY

Francesca Titus

McGuireWoods

©2001-2025 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.