top of page
IMG_9175.PNG
MARCH2025INSIGHT.jpg

Economic Crime and Corporate Transparency Act 2023

– Coverage Implications Of The Looming Entity Risk

The date of this UK legislation suggests it is ‘old news’ but in fact it contains a new corporate criminal offence of "Failing to Prevent Fraud", which will soon be coming into effect. This gives rise to some interesting considerations for existing insurance products and potentially some opportunities.

 

There has so far been much speculation around how traditional covers such as D&O, Crime and Professional Liability might respond. New exposures like this open up an uncertainty that may or may not be not be helpful to the insurer, broker or insured.

WHAT ARE THE KEY ISSUES AND QUESTIONS FOR THE INSURANCE INDUSTRY HERE?

1. What is the UK Economic Crime and Corporate Transparency Act (ECCTA), which came into force in October 2023?

It is a statute whose primary purpose is to fix corporate entities with greater criminal responsibility for the acts of their people. Since December 2023 a corporate entity will be found criminally liable where a senior manager who was “acting within the actual or apparent scope of their authority” commits one or more of a long list of specified economic crime offences. This is a broad category which includes fraud, bribery, money laundering, sanctions, tax evasion, terrorism, accounting and FSMA offences, amongst others.

 

As part of this objective, it has also introduced the new corporate offence of Failing To prevent Fraud (“FTPF”). This follows precedents set by the Bribery Act 2010 (“failure to prevent bribery”) and Criminal Finances Act 2017 (“failure to prevent tax evasion”).

2. Why are we talking about this again now?

 

With fraud being the most common crime type in the UK, amounting to around 40% of all crime in England and Wales, these new measures are part of a wider government ambition to reduce fraud and protect potential victims, including business victims. The Home Office has recently published guidance about this new offence. You can read that guidance here.

 

3. When does the failure to prevent fraud offence come into force?

1st September 2025. The implementation date for this element of the ECCTA was deferred to allow firms time to update their control frameworks. How this preparation is progressing is a question underwriters and brokers may wish to ask clients when discussing an impending renewal.

 

4. What is the aim of the offence?

 

Introduced last year as part of the ECCTA, the offence is intended to hold large organisations to account if they profit from fraud. Under the offence, large organisations may be held criminally liable where an employee, agent, subsidiary, or other “associated person”, commits a fraud intending to benefit the organisation. Examples may include dishonest sales practices, the hiding of important information from consumers or investors, or dishonest practices in financial markets. The offence is intended to encourage organisations to build an anti-fraud culture, in the same way that the failure to prevent bribery crime helped corporate culture since its introduction in 2012.

5. To what types of fraud does the offence apply?

 

These are known as “base” frauds – it must be established that they have been committed before the new offence can apply. “Established” does not necessarily mean anyone has been convicted of them. Often the base fraud and the new offence will be prosecuted together. Here is a list of the base frauds on which the new offence of FTPF will be based:

  • Fraud by false representation (section 2 Fraud Act 2006)

  • Fraud by failing to disclose information (section 3 Fraud Act 2006)

  • Fraud by abuse of position (section 4 Fraud Act 2006)

  • Participation in a fraudulent business (section 9, Fraud Act 2006)

  • Obtaining services dishonestly (section 11 Fraud Act 2006)

  • Cheating the public revenue (common law)

  • False accounting (section 17 Theft Act 1968)

  • False statements by company directors (section 19 Theft Act 1968)

  • Fraudulent trading (section 993 Companies Act 2006)

Aiding, abetting, counselling, or procuring the commission of any of the listed offences would also qualify as a base fraud offence

 

6. Does it apply to all entities?

 

No, it applies only to incorporated organisations that are defined as ‘large’ under the ECTTA. So, this will include companies and LLPs. Confusingly, it introduces a new measure of what is ‘large’ which firms need to understand. It will be deemed to be large if it meets two of the following criteria:

 

  • more than 250 employees

  • more than £36 million turnover

  • more than £18 million in total assets

 

Importantly, only the entity can be guilty of the offence of FTPF – individuals cannot be prosecuted under the ECCTA, although as we have already established, they can be prosecuted for the ‘base fraud’ under the related and defined legislation. D&O policies of course primarily provide cover to individuals with only parasitic cover for companies where they indemnify these individuals and some limited pure entity coverage such as for securities claims (“Side C”). I have written recently about the issue of entity cover being included in D&O policies – see here.

 

The question of when the entity and individual can be prosecuted for related offences may result in complications for firms protected by a suite of liability insurance products, with the possibility that alleged offences may be subject to claims by the individual under one policy and by the entity under a different policy

7. How far does the jurisdiction of prosecutors extend?

 

Potentially quite far actually. The base fraud needs to have been one of the UK offences. If the person could be prosecuted for that base fraud in the UK then the new offence may apply either because the offender is in the UK or because the benefit was actually received in the UK. Then the large organisation can be based anywhere and be subject to the offence. It is a nuance that those representing the interests of large international organisations with small UK-based operations will need to ensure their clients understand.

8. What is the defence to the crime?

Organisations will have a defence if they demonstrate on the balance of probabilities they have reasonable procedures in place to prevent fraud, or if they can demonstrate it was not reasonable in all the circumstances to expect the organisation to have prevention procedures in place.

 

9. How will the crime be investigated?

 

In England and Wales, the SFO will likely investigate. Organisations may self-report a base offence. The organisation’s willingness to co-operate with an investigation under the ECCTA and to make a full disclosure will also be taken into account in any decision as to whether it is appropriate to commence criminal proceedings and if so, which type of proceedings, for example, a prosecution or a Deferred Prosecution Agreement (DPA). DPAs are quite a strong likelihood here. In these situations the organisation may be tempted to “throw individuals under the bus” to get a better deal. Step up, D&O policy!

10. What are the penalties on conviction?

 

A fine, the size of which will be determined by the court depending on the circumstances. Fines are not typically of concern to insurers, but the defence costs will be not inconsiderable in cases that are likely to be complex and sensitive.

11. What does having reasonable procedures in place look like?

 

The fraud prevention framework put in place by organisations should be informed by the following six principles:

  • top level commitment

  • risk assessment

  • proportionate risk-based prevention procedures

  • due diligence

  • communication (including training)

  • monitoring and review

 

There will be a focus on top level commitment which sets the culture of the organisation: the board of directors, partners and senior management of a relevant body should be committed to preventing associated persons from committing fraud. They should foster a culture within the organisation in which fraud is never acceptable and reject profit based on, or assisted by, fraud.

IMPACT ON INSURANCE PRODUCTS

12. What types of insurance products may be impacted by the new offence?

 

It’s important to remember that this new offence is about the company being beneficiary of a crime, not a victim. This affects the type of products likely to be impacted. Further, if the base offence wouldn’t ever be covered it’s difficult to see how the new corporate offence would be either. With this in mind, we go through a list of candidates below:

 

Crime – not likely to be impacted as this covers the company as a victim of fraud, and there is no liability cover. Crime cover could potentially provide a solution – by way of an extension - where a company is a victim of another company’s failure to prevent fraud – so company A has suffered a fraud at the hands of company B and could be covered for its loss once company B is convicted of the FTPF offence. Company B may already be covered as a victim of the external fraud, depending on the nature of the fraud, but this is far from certain.

Cyber – similarly, the first party cyber cover will likely not be impacted. The base fraud offences are all related to fraud committed by people in the organisation against other businesses to benefit the organisation, not to directly harm the organisation itself. The cyber liability section would not cover liability for the base fraud and it is difficult to see how the company’s liability under the new offence would be covered either.

D&O – fraud is of course a big driver of D&O claims – it always has been. The offence is corporate and so the company will not be covered under an existing D&O policy. Could Side C potentially capture a prosecution for a securities fraud due to deliberately misleading statements to investors about financial performance or ESG credentials for instance? Not on standard definitions of Securities Claim which are limited to civil and potentially regulatory claims only (not criminal). What might conceivably happen is “follow-on” civil securities claims by investors under s90 or s90A FSMA (or under US securities laws where they apply) after a criminal investigation into a FTPF offence, which would normally be covered.

 

Offences against the company that rely on scrutiny of the behaviour and decisions of the directors and other senior people will likely draw the D&O policy in to protect those individuals as witnesses or potential targets.

 

It’s unclear whether the new offence will lead to more investigations into base frauds – at the moment there’s nothing to suggest this will happen, but base frauds alleged against individuals will lead to those people seeking coverage, if they qualify as Insured Persons.

 

If the company is fined heavily for the FTPF offence, might it sue the directors for breach of fiduciary duty to recover damages equivalent to the fine? This is a really complex one – worth an article on its own! The law is not completely settled, but the company, having been convicted of a criminal offence, may not be able to recover against the directors for breach of their duties because, having been convicted, it cannot benefit from its own wrongdoing (Safeway v Twigger, 2010). Given the uncertain state of the law, it might still try – so the directors would need to defend themselves at the very least and trigger the defence costs cover.

 

Corporate legal Liability (“CLL”) – this is an interesting one. It’s corporate cover sold alongside D&O or as part of a wider MLP policy. It’s possible criminal investigations and prosecutions of the company may be picked up under CLL unless deemed to arise out of the provision of professional services (see below) in which case it is likely to be excluded. This was the subject of the January 2025 Newsletter.

Professional Liability – an institution that has deliberately or recklessly mis sold its products or services to gain more customers is committing a base fraud and one would expect a PI / civil liability policy to pick up civil claims arising from that. But what about the new offence? Whilst some PI policies give criminal defence costs, this is often restricted to certain types of offence (eg under GDPR). Investment Management PI policies typically do provide broad criminal defence costs cover to the entity so long as the prosecution arises out of the provision of professional services, so it is possible an asset manager would be covered here.

 

General / Public Liability – whilst these policies provide entity coverage and may cover criminal prosecutions, they require an occurrence giving rise to a personal injury, defamation or media related injury, or physical damage. It is therefore a stretch to see how the new offence would trigger this type of cover.

 

So, the prime candidates for policies being impacted would appear to be D&O, CLL and PI depending on their exact terms. There may be an opportunity here to provide express coverage for criminal defence costs for the company for the FTPF offence if linked to a peril or person that’s already insured. As mentioned, there may also be an enhancement angle for Crime insurance.

 

What does seem likely is the scope for complex discussions around the nature and extent of coverage under a range of policies with the risk of unwanted gaps or overlaps.

 

13. What about public policy and insurability concerns?

 

So far we have been focussed on covering defence costs and established that some policies may cover these. There is nothing in public policy that would prohibit this coverage as all are innocent until proven guilty. What about following a conviction? The offence of failing to prevent fraud is essentially that of negligence (not having “reasonable” procedures in place), and so technically public policy might not require the defence costs on conviction to be repaid and the fine might be insurable. However, the facts as established by the court may point to worse behaviour than mere negligence, which would likely mean public policy would prevent coverage of the fine and give the insurer a right to reclaim the defence costs.

Many policies generally state that fines will be covered “if insurable”. This is always a very fact sensitive exercise. In practice insurers will be unlikely to agree to cover a criminal fine levied for the new offence unless ordered to by a court that has decided the fine is legally insurable.

 

14. Product Enhancements?

 

Now that we will soon have three corporate offences of “failing to prevent…” (bribery, tax evasion, and fraud) and given following the ECCTA it will be easier to fix corporations with criminal liability for the acts of their people, is it time for the insurance industry to recognise this new and developing category of negligent but criminal exposure for companies, whilst also recognising the limitations? Companies that have rigorous measures in place to prevent bribery, tax evasion and fraud are likely to be better risks generally, so a great litmus test.

Given companies will need to be prepared to demonstrate to law enforcement agencies they have reasonable precautions in place, these could be convenient assessment points for insurers and brokers in the underwriting / placement process. Perhaps building a dedicated analysis service into the process with enhanced protection and discounts for companies scoring highly would be a great way to differentiate. Indeed, that process of independent assurance could perhaps be a chargeable risk management service in some scenarios given the benefit it would provide in the defence of a claim by the entity.

 

Enhanced protection might be lower retentions, extra add-ons such as reputational costs coverage, and dedicated cover for the corporate offence of FTPF where linked to an already insured peril or person.

LOOKING FORWARDS

 

Prosecutions under the ECCTA will be closely watched by large companies and LLPs and the insurance market should also take an interest. There are potential complications ahead for insurers but also opportunities. Our analysis is that some market-standard wordings may provide cover but more could be done on a conscious level to provide real comfort for buyers and sellers like.

Meanwhile, the trend of ”failure to prevent” offences is likely to continue with political pressure already to broaden the scope to all economic crime.

 

This is a trend ripe for some product innovation that helps align different existing products, providing clearly defined enhancements under an extension and potentially backed up with a risk assessment – or independent assurance process – that could be sophisticated enough to help form part of the “reasonable precautions” defence in the event of a prosecution. Is the market ready to take this challenge on?

bottom of page