The Economic Crime and Corporate Transparency Act 2023 (ECCTA) received Royal Assent on 26th October 2023. ECCTA forms part of the UK Government’s efforts to implement its Fraud Strategy – published in May 2023 [1].
The Fraud Strategy sets out that fraud makes up 40% of all crime and cost the UK at least £6.8 billion between 2019 – 2020. In addition to causing individual loss and economic loss the strategy also frames fraud as a major national security threat; through its links to organised crime and terrorist funding. The strategy notes that the UK is an attractive target for fraudsters due to its relative wealth, rapid adoption of new digital technologies and fast and frictionless payment systems. The strategy emphasises the urgency of disrupting and tackling fraud (aiming at a 10% reduction from pre-Covid levels) and ensuring that fraud is more successfully investigated and prosecuted.
Three key changes brought in by ECCTA in pursuit of these objectives include a new failure to prevent fraud offence, expansion of the identification doctrine and attempts to ensure that POCA is fit for purpose in dealing with cryptoassets.
The Government has recently published draft guidance on the new failure to prevent fraud offence. Having finally reached this milestone, this article discusses the changes brought about by ECCTA 2023 and whether these changes show any realistic signs of bite within the criminal justice system.
Failure to Prevent Fraud Offence
Section 199 ECTA introduces a new criminal offence of ‘failure to prevent fraud’. This is modelled on previous failure to prevent offences such as ‘failure to prevent bribery’ and ‘failure to prevent tax evasion’ under s.199 a corporate or partnership is guilty of an offence if an associated person commits a fraud offence intending to directly or indirectly benefit that corporate or partnership.
Section 199 is only applicable to “large organisations” exempting small and medium sized organisations from liability. S.201 ECCTA specifies that a “large organisation” is one which satisfies two or more of the following criteria in the financial year that precedes the year the fraud was committed:
i) Turnover of more than £36 million;
ii) Total assets of more than £18 million; or
iii) Has more than 250 employees
Under ECCTA, an associated person includes an employee, an agent, a subsidiary or any person that otherwise performs services for or on behalf of the body. S.199 will also cover a broad range of fraud offences. Schedule 13, ECCTA sets out that the fraud offences covered include: cheating the public revenue, fraudulent trading, false accounting, fraud by abuse of position, fraud by false representation, fraud by failing to disclose information, obtaining services dishonestly and participating in a fraudulent business.
The potential territorial reach of the offence is also expansive. The Government Fact Sheet on Failure to Prevent Fraud sets out that irrespective of the location of the corporate, partnership or its subsidiary – if an employee commits fraud under UK law or targets UK victims the organisation could be prosecuted. This will be the case even if the organisation and its employee are overseas[2].
An organisation will not be liable for failure to prevent fraud if it was the intended victim of the fraud (s.199 (3)). An organisation is also not liable if it can show that it had in place reasonable prevention procedures that it could be expected to have or that it was not reasonable for the organisation to have prevention procedures in place (s.199 (4)).
The failure to prevent fraud offence is not yet in force. It is anticipated that it will come into force in late 2024 or 2025 once corporates have had opportunity to put into place reasonable procedures after the final Government guidance on this is published.
Whilst this new offence may seem like a significant and far-reaching reform in the criminal law of fraud the extent to which it will be enforced in practice remains uncertain. Enforcement approaches to other failure to prevent offences indicate that these offences are rarely used and rarely result in prosecutions or convictions. Dr Jennifer Collins sets out in her evidence to the Public Account’s Committee on public sector fraud that:
“The substantive offence of failure to prevent bribery, found in section 7 of the Bribery Act 2010, has been little used since its implementation in 2010. To the best of my knowledge, this has led to three section 7 corporate convictions. The offence of failure to prevent the facilitation of tax evasion (ss. 45 and 46 of the Criminal Finances Act 2017) has resulted in no convictions since its implementation”[3].
The Government sets out in its fact sheet relating to this offence that the purpose of the offence is to deter fraud and lead to a shift in culture [4]. While ‘deterrence’ may seem to be a laudable aim, ‘deterrence’ is often vaguely used as an assumed and self-explanatory justification in criminal law without question and without any deterrent effect ever being quantitively investigated.
If large corporate organisations know that the real prospects of any investigation or prosecution remain minimal then the extent to which normative shifts lead to a fraud prevention culture remains uncertain. This is especially as there is no individual liability introduced for failure to prevent fraud – leading to the risk that the advantages of pursuing a high fraud risk but high profit culture outweighs any prospective criminal law disadvantages.
Expansion of the Identification Principle
Unlike the failure to prevent fraud offence, the expansion of the identification doctrine is likely to result in changes to the way that fraud offences are investigated and prosecuted.
Prior to ECCTA, a corporate could only be liable if prosecutors were able to attribute the criminal conduct and culpability to its “directing mind and will”. The “directing mind and will” test was fraught with difficulties for investigators and prosecutors. This included:
i) Narrowness of the doctrine
ii) Difficulty identifying a “directing mind and will” in large organisations with complex structures.
iii) Test out of touch with the realities of decision making and the division of labour in corporate structures.
iv) Uncertainty as to the scope of the test and whether limited to Board of Directors and Chief Executive.
v) Lack of clarity as to relative importance of the status of the individual within the organisation vs the actual authority exercised for the purposes of attributing liability.
As a result of these issues, prosecutors have historically had limited appetite to pursue criminal cases that seek to attribute liability to large corporates and multinationals – these cases are often long, labour intensive, expensive and rarely result in positive charging decisions or convictions. In practice prosecutions and convictions against large corporate entities for fraud offences have remained low relative to perceived levels of corporate offending.
S.196 ECCTA is a significant improvement when it comes to attribution of corporate criminal liability. S.196 provides:
1) If a senior manager of a body corporate or partnership acting within the actual or apparent scope of their authority commits a relevant offence after this section comes into force, the organisation is also guilty of the offence.
Senior manager is defined by s.196 (4) as an individual who plays a significant role in – (a) the making of decisions about how the whole or a substantial part of the activities of the body corporate or partnership are to be managed or organised, or (b) the actual managing or organising of the whole or a substantial part of those activities.
Schedule 12 species the offences that are covered by the new identification principle. This includes a comprehensive list of fraud and economic crime offences including: cheating the public revenue, conspiracy to defraud, false accounting and offences involving money laundering s.327 – s.330 POCA 2002.
Cryptoassets & POCA
ECCTA also introduces new criminal and civil powers for UK investigators with respect to the confiscation, seizure, detention and recovery of cryptoassets.
These amendments are enacted after much criticism from law enforcement agencies and investigators in relation to the powers available with respect to cryptoassets. The decisions in AA v Persons Unknown [2020] 4 WLR 35 and DPP v Briedis [2021] EWHC 3155 Admin established that cryptoassets constitute property under English law.
Despite these cases, the position with respect to civil enforcement powers over cryptoassets under POCA remained particularly unclear. This is because prior to the amendments in ECCTA, Part 5, POCA only provided for the recovery of cash (Chapter 3), listed assets (Chapter 3A) and money held in an account maintained with a relevant financial institution (Chapter 3B). The definitions provided in POCA appeared to exclude cryptoassets from any of these categories. Significantly, whilst ‘money’ is not defined by POCA it is required to be held by ‘a relevant financial institution’ that is narrowly defined by s.303Z1 (5A) POCA as a bank, building society or an electronic money institution/payment institution regulated by law. This would exclude cryptoassets.
Other criticisms of POCA prior to ECCTA included:
i) Failure to account for the volatility of cryptocurrency or dramatic market fluctuations in value
ii) Failure to account for the distinct way cryptoassets are stored, rapidly transferred and realised.
iii) The difficulties caused by the lack of regulation over cryptoassets.
iv) Difficulties in identifying the true owner of cryptoassets or a cryptowallet.
S.179 and Schedule 8 ECCTA amend the confiscation regime in POCA in several important ways. This includes:
i) Removing the requirement for a person to be arrested before cryptoassets can be seized.
ii) Enabling officers to recreate cryptoassets wallets and transfer “unhosted” cryptoassets (not in the custody of a third party analogous to a bank) into a law enforcement-controlled wallet.
iii) Seize cryptoassets related items such as notebooks containing recovery seeds and electronic hardware wallets containing keys.
iv) Provision of enforcement powers to Magistrates courts i.e. to authorise the sale or destruction of cryptoassets.
S.180 and Schedule 9 ECCTA amend the civil recovery regime in POCA. Changes introduced include:
i) Introduction of powers to seize and detain cryptoassets and cryptoassets related items when executing search warrants. This includes powers for officers to transfer assets into a law enforcement controlled wallet. (Chapter 3C, Part 5 POCA).
ii) Enabling the freezing of cryptoassets held in cryptowallets administered by cryptoassets exchanges and custodial wallet providers (Chapter 3D, Part 5 POCA).
iii) Providing for forfeiture of cryptoassets following seizure or a freezing order (Chapter 3E, Part 5 POCA).
iv) Enabling detained or frozen cryptoassets to be converted to cash before forfeiture proceedings in the Magistrates Court. This is designed to mitigate volatility of cryptoassets values and can be applied for by law enforcement agency or the asset holder (Chapter 3F, Part 5 POCA).
The changes brought about by ECCTA provide law enforcement investigators with an enhanced confiscation and civil recovery toolkit that can deal with cryptoassets. These provisions are likely to be heavily relied upon in the coming years. Government statistics show that civil recovery under Part 5 POCA brings in around half of total assets recovered as compared with confiscation powers between 2022 – 2023[5].
There is therefore a real danger that the new civil recovery provisions introduced by ECCTA will be overused whilst criminal investigations and prosecutions fall out of favour. This is especially due to the length, complexity and difficulty of the criminal route and investigators and agencies that have limited resources and capacity. As the modus operandi of fraud and money laundering becomes more complex with individual responsibility harder to attribute – there may be less appetite to pursue criminal convictions.
Conclusion
Overall, ECCTA presents a mixed bag when it comes to successfully achieving the objectives set out in the Fraud Strategy 2023. The expansion of the identification doctrine is a radical reform that is likely to result in significant changes to the investigation and prosecution of fraud. Conversely, the impact of the new failure to prevent fraud offence is questionable.
ECCTA also clearly represents an effort by Government to keep legislative powers in line with advancements in technology and digital assets. The cryptoassets related amendments to POCA are likely to be increasingly use by investigators especially as crypto assets and exchanges become even more widely used to transfer the proceeds of crime. There is a danger that these new provisions may be overused as seen in relation to interpretation given to ‘recoverable property’ in civil proceedings. Especially compared to pursuing lengthy investigations that often do not result in charges or criminal prosecution in cases where fraudsters increasingly operate from overseas and use more sophisticated means to hide their identities. Excessive use of the civil recovery regime in relation to cryptoassets due to difficulty and lack of capacity to pursue criminal prosecutions and convictions is unlikely to achieve the Government Fraud Strategy objectives to meaningfully reduce fraud by 10% from pre-covid levels.
[1] See Fraud Strategy: Stopping Scams and Protecting the Public. May 2023
[2] Economic Crime and Corporate Transparency Act: failure to prevent fraud offence, factsheet 1 March 2024
[3] Written evidence from Dr Jennifer Collins to Public Accounts Committee, 15 May 2023
[4] Economic Crime and Corporate Transparency Act: failure to prevent fraud offence, factsheet 1 March 2024
[5] Asset Recovery Statistical Bulletin: financial years 2018 to 2023
Further information
For more information from the crime team, contact clerks@36crime.co.uk
Involving Preetika Mathur