In a previous alert titled "UK Limited Partnership Reform Becomes Law: A Practical Guide of How Best to Get Ready to Comply," we discussed the changes to limited partnership law ushered in by the Economic Crime and Corporate Transparency Act 2023 (ECCTA) and their impact on private fund managers (Managers). ECCTA may further affect Managers when the offence of "failure to prevent fraud" (FTPF), comes into effect on 1 September 2025.
The steps necessary to comply with the FTPF provisions in ECCTA will remind Managers of those they took to comply with the Bribery Act 2010 as well as the provisions for the failure to prevent tax evasion in the Criminal Finances Act 2017. Further, FTPF obligations similar to those in ECCTA already apply to Financial Conduct Authority regulated Managers under the Financial Crime Guide. Managers will, however, need to show that they are aware of and have considered the impact of the ECCTA's FTPF provisions and the government's FTPF guidance (the guidance) on their businesses and compliance policies. They will also have to consider the impact of the FTPF provisions on existing and intended fund investments, including investments in portfolio companies, and relationships with service providers, such as placement agents.
What is the FTPF offence?
A "large organisation" (Large Organisation) is guilty of an offence if an "associated person," commits a fraud offence intending to benefit (directly or indirectly) the Large Organisation or any person to whom, or to whose subsidiary undertaking, the associate provides services on behalf of the Large Organisation.
Other organisations can also be guilty of an offence if an employee commits a fraud offence intending to benefit (whether directly or indirectly) the organisation, the fraud offence is committed in a financial year of a parent undertaking of which the organisation is a subsidiary undertaking and the parent undertaking is a Large Organisation.
What is the penalty?
Organisations found guilty of a FTPF will be liable for an unlimited fine, with the amount to be determined by a court considering all the circumstances.
What is meant by a "fraud offence"?
"Fraud" is the deliberate use of deception or dishonesty to deprive, disadvantage, or cause loss (usually financial) to another person or party. ECCTA sets out the specific offences in Schedule 13. These include the common law offence of cheating the public revenue and also statutory offences including fraudulent trading under section 993 of the Companies Act 2006 and various offences under the Fraud Act 2006.
What is a Large Organisation?
A Large Organisation is a body corporate or partnership, wherever incorporated or formed, that satisfies at least two of the following conditions in the financial year (of the organisation) preceding the year of the fraud offence:
- Turnover: More than £36 million
- Balance sheet total: More than £18 million
- Number of employees: More than 250
What about smaller organisations (i.e., those that do not satisfy the test for a Large Organisation?)
Unlike the failures to prevent bribery and the facilitation of criminal tax evasion offences in which the offences apply to organisations irrespective of their size, smaller standalone organisations are not subject to the FTPF offence. However, a subsidiary of a Large Organisation is captured by the legislation and so (as noted above) can be prosecuted if one of their employees commits a fraud offence intending to benefit the subsidiary. Further, the guidance warns that smaller organisations should be aware that they may be considered "associated persons" while they provide services for or on behalf of Large Organisations and may be subject to contractual or other requirements that the Large Organisations impose on them to help prevent fraud.
When will a Large Organisation be a "parent undertaking"?
"Parent undertaking" in ECCTA has the same meaning as that in section 1162 of the Companies Act 2006. In essence, a Large Organisation will be a parent undertaking of a "subsidiary undertaking" if:
"(a) it holds a majority of the voting rights in the
undertaking, or
(b) it is a member of the undertaking and has the right to appoint
or remove a majority of its board of directors, or
(c) it has the right to exercise a dominant influence over the
undertaking -
(i) by virtue of provisions contained in the undertaking's
articles, or
(ii) by virtue of a control contract, or
(d) it is a member of the undertaking and controls alone, pursuant
to an agreement with other shareholders or members, a majority of
the voting rights in the undertaking."
For completeness, the conditions for a parent undertaking to also be a Large Organisation differ slightly as they are based on the net figures for aggregate turnover and balance sheet total and also aggregate number of employees of the group headed by it.
What is an "associated person"?
A person is "associated" with an organisation if they are an employee, an agent, or a subsidiary undertaking of the organisation or they otherwise perform services for or on behalf of the organisation. A person is also associated with a relevant organisation if they are an employee of a subsidiary undertaking of the organisation.
What does it mean to "perform services for or on behalf" of an organisation?
The guidance makes clear that "providing services" for or on behalf of an organisation does not include providing services to the organisation. Thus, persons, such as external lawyers, valuers, accountants, or engineers providing services to an organisation are not acting "for or on behalf" of the organisation. They are not, therefore, associated persons for the purposes of the organisation's FTPF.
When is an organisation exempt from FTPF?
An organisation is not guilty of an offence when it is, or was intended to be, a victim of the fraud offence.
What about the "reasonable procedures" defence?
It is a defence for an organisation to either prove that, at the time the fraud offence was committed, the organisation had reasonable prevention procedures in place or that it was not reasonable in the circumstances to expect the organisation to have any prevention procedures in place.
Are the requirements for reasonable procedures defence the same as those under the Bribery Act 2010?
It would be prudent to consider the defence requirement to be broadly similar in terms of what is expected. While similar to the defences capable of being raised against the failure to prevent the facilitation of tax evasion offences, the reasonable procedures defence is worded slightly differently to the defence relating to the "failure to prevent bribery" offence under the Bribery Act, which requires proof of "adequate" procedures. However a recent Impact Assessment (March 2025) released by the Home Office stated that the standard of reasonable procedures had been determined to be "no more onerous than that of 'adequate procedures'."
What should the reasonable fraud prevention procedures look like?
The guidance indicates that an organisation's fraud prevention framework should be informed by the following six principles:
- Top level commitment
- Risk assessment
- Proportionate risk-based prevention procedures
- Due diligence
- Communication (including training)
- Monitoring and review
The guidance sets out details on each of these principles, noting that they "should be proportionate to the risk" and are "intended to be flexible and outcome-focussed, allowing for the huge variety of circumstances" that organisations find themselves in. The guidance also makes clear that simply because an organisation is already regulated, it does not mean that its compliance procedures will automatically amount to reasonable procedures. Equally, however, organisations are not required to duplicate work and develop entirely new procedures; rather, the guidance advises that organisations assess their existing regulatory compliance mechanisms, financial reporting controls and fraud prevention measures to determine whether they are sufficient to prevent the risk of frauds that lie within the scope of the FTPF offence.
Would the GP/Manager of a fund be guilty of a FTPF where there is a fraud in a portfolio company of the fund?
This will depend on whether (a) the portfolio company is an associated person of the GP/Manager and (b) the GP/Manager (or any person to whom the portfolio company provides services on behalf of the Manager) benefits, directly or indirectly. A GP/Manager may be deemed to be a parent undertaking of the fund (assuming the threshold tests are met) where, for example, the fund is a limited partnership and GP/Manager is entrenched and not capable of being removed by the limited partners and, for the purposes of this analysis, will be a parent of the fund and grouped with its portfolio companies.
What about the liability for a FTPF of an organisation that is established outside the UK?
A non-UK organisation will be liable when an associated person commits a fraud offence under the law of the UK (i.e., to be liable, all or part of the underlying fraud or the actual - as opposed to just intended - gain or loss that results from the fraud must occur in the UK). Therefore, a non-UK organisation will be guilty of a FTPF when its UK employee commits a fraud. By contrast, a UK organisation whose non-UK employees commits a fraud abroad that results in no actual gain or loss in the UK will not be guilty of a FTPF.
Does the guidance provide an example of FTPF that is directly relevant to Managers?
Yes. The guidance provides the following example in the context of fund raising that is noteworthy both for a Manager raising a fund itself or through a placement agent or similar service provider, who, based on the test above, would likely be an associated person:
An investment fund provider promotes investment in a 'sustainable' timber company, knowing that, in fact, this company's environmental credentials are fabricated, and that the timber is harvested from protected forest. Investors are deceived into placing funds with the investment fund provider. The base fraud is fraud by false representation. The intent is to benefit the fund provider. The associated person is the relevant member of staff at the investment fund provider who knowingly used the false information in the investment fund's brochures for clients. The investment fund provider could be liable under section 199(1)(a) unless a court determines that it had reasonable procedures in place to prevent this fraud. Again, the offence applies even if investment is not actually secured – it is enough that the fraud was intended to benefit the investment fund provider.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.