The new corporate offence of failure to prevent fraud is coming into force on 1 September, under the Economic Crime and Corporate Transparency Act 2023 (ECCTA). The new offence marks a change in corporate accountability, shifting the focus from reaction to prevention.

The intention of the new offence is to ensure organisations take responsibility for preventing fraud being committed by an 'associated person' – with serious consequences for those organisations that meet the criteria of a relevant body and fail to take preventative action as required. An 'associated person' can be anyone who provides a service for or on behalf of the relevant body and accordingly an organisation could be held liable for fraud as a result of the activities of someone who is not a director or officer.

In this article, the latest in our 'Understanding ECCTA' series, we take a look at how the new failure to prevent fraud offence could have an impact on an organisation's insurance cover, in particular its Directors & Officers (D&O) liability cover.

Failure to prevent fraud

In brief, the new offence of failure to prevent fraud imposes criminal liability on a relevant organisation if they fail to prevent fraud committed by an associated person for their benefit.

The offence is a strict liability one – which means there is no need to show complicity or even knowledge of senior management. The only defence available will be if the relevant body has reasonable procedures in place to prevent fraud – at the time the fraud took place.

For a more detailed analysis of ECCTA and the failure to prevent fraud offence (including the fraud prevention procedures that could be deemed to be reasonable) see our second article in our 'understanding ECCTA' series - Understanding ECCTA New corporate offence of Failure to Prevent Fraud - what do you need to know.

D&O liability cover

A D&O policy provides cover for legal costs and expenses that may be incurred by a director, officer or, in some instances, senior employees of a company in relation to claims brought against them as a result of a wrongful act. A wrongful act is typically defined very broadly and will include any act, error or omission by them whilst acting in their capacity as directors and officers or in a managerial capacity. The policy will cover defence costs as well as any damages payable to a third party as a result of a court order or settlement.

There are usually two core elements of cover:

  • Side A – which provides individual directors (including de facto and shadow directors) and employees in managerial positions with an indemnity for claims brought against them for a wrongful act where the company is unwilling or unable to indemnify them.
  • Side B – which will reimburse the company to the extent that the company has indemnified its directors, officers or senior employee in respect of claims brought against them for a wrongful act.

The trigger for cover is usually a claim against the individual director or officer, not the company. Some policies also have Side C, otherwise known as entity cover, which provides cover for the company itself – rather than for individual directors and officers – most commonly in relation to securities claims brought against the company.

A D&O policy also usually covers defence costs in connection with any criminal prosecution and investigation costs which a director, officer or senior manager incurs in connection with an official investigation. The scope of the investigations cover can be limited, so for example, it is common for cover to require that there be a formal investigation or inquiry into the company or the individual at which the individual's attendance is formally requested in writing, or where the individual concerned has been named in writing as being personally under investigation.

ECCTA and D&O insurance

With the offence of failing to prevent fraud, the focus is on the roles and responsibilities of the 'associated person' rather than a job title. This means many more individuals could be implicated in investigations or prosecutions – not just company directors and officers. Whilst the offence is not focused on the prosecution of individuals, it is likely that Serious Fraud Office (SFO) investigations into any alleged offence will require those individuals who are alleged to have committed or assisted in the fraud in question to attend interview or give evidence, incurring investigation costs.

Under ECCTA there are also new requirements that require all 'key persons' associated with Companies' House to verify their identity, via a mandatory identity verification regime (IDV). In that regard see our third article in our 'Understanding ECCTA' series - Understanding ECCTA: Identity verification. If these requirements are not followed the director or key person could be fined and the organisation found guilty of a criminal offence. While criminal fines and penalties are excluded from D&O cover, there is likely to be cover for defence costs.

Organisations should therefore be engaging with their brokers, and through them, their insurers to understand whether D&O cover is, or can be, provided in relation to the ECCTA offences and if so, the increased premium that would no doubt be payable as a result.

In particular, policyholders will want to consider the following:

  1. Whether cover under current D&O policies will extend to an 'associated person' under ECCTA: This will depend on whether the definition of 'an insured person' for the purposes of the D&O policy would extend to any associated person who commits a fraud offence. Organisations will want to ensure that the definition is drafted widely and, if possible, includes 'associated persons' as a specific category of insureds.
  2. Whether investigations cover is broad enough to capture ECCTA investigations: As mentioned, cover for investigation costs under a D&O policy, can sometimes be limited. Policyholders should look to ensure that their cover is as broad as possible and, where they can, to extend this to cover pre-investigations and internal investigations. It is also important to check that an "associated person" would be covered for their costs of providing evidence to an investigation into the company, or any outside entity in relation to which they have a managerial role at the request of their employer, as well as an investigation into them personally.
  3. Whether there are any relevant policy exclusions: Policyholders should check that there are no exclusions that might cut across cover for ECCTA offences. In particular, D&O policies will usually exclude cover for fraud or dishonesty, but this exclusion should only kick in where fraud is established by final non-appealable judgment or by formal admission in writing. The insurers should be obliged to continue to forward fund defence costs until that point, albeit those costs are then repayable to insurers if fraud is established.
  4. Whether fraud by one employee will contaminate D&O cover for another: Ideally, a D&O policy should also include robust wording to the effect that any fraud on the part of one insured will not be imputed to another insured - so that any finding of fraud by one "associated person" will not detrimentally impact cover for another.

D&O renewal

With ECCTA coming into force imminently, insurers may want to review an organisation's fraud prevention procedures when considering whether, and on what terms, to offer D&O cover on renewal. Organisations who are not ready may find that insurers increase premiums or look to exclude cover for these claims.

Ahead of 1 September organisations should already have reviewed and strengthened their fraud prevention procedures. As set out above, organisations can only avoid liability if they can prove they had reasonable fraud prevention procedures in place at the time a fraud offence was committed. What is considered reasonable will vary depending on the size, structure and risk profile of the organisation, and the size and complexity of its operations. The greater the risk of fraud, the stronger controls to prevent it will need to be.

To assist organisations in ensuring they have a sufficient fraud prevention framework in place the government has issued 'Guidance' which outlines six core principles that should be considered. Insurers will no doubt have these principles in mind when considering an organisation's fraud prevention procedures – and whether they are willing to extend cover under a D&O policy as a result.

If you have any questions about the issues raised in this article, please get in touch with Samantha Holland. To receive future articles in our Understanding ECCTA series and related insights, sign up to our mailing list.