Introducing a failure to prevent fraud offence: Impact assessment (accessible)

Question 1

Summary: Analysis & Evidence, Option 2

Accepted Answer

Description: Introducing a failure to prevent fraud offence covering all large organisations

Full economic assessment

Price Base Year:	2024
PV Base Year:	2024
Appraisal:	10
Transition:	1

Low:	-1007
High:	-740
Best:	-874

Estimate of BNPV (£m)

Best:

-874

Costs (£m)

Costs (£m)	Transition (Constant Price)	Ongoing (Present Value)	Total (Present Value)	Average/year (Constant Price)	To Business (Present Value)
Low	421	319	740	38	740
High	552	455	1,007	54	1,007
Best Estimate	488	387	874	46	874

Description and scale of key monetised costs by ‘main affected groups’

The main driver of the overall costs are training costs, followed by risk assessment costs, familiarisation costs and finally communication costs. Transition costs are driven predominately by training costs. Ongoing costs are also mainly driven by training costs. The main affected group is large corporations.

Other key non-monetised costs by ‘main affected groups’

There may be increased criminal justice system costs. After consultation with the Crown Prosecution Service (CPS) and Serious Fraud Office (SFO), additional court cases are expected to be low. Any additional costs are expected to be modest.

Benefits (£m)

Benefits (£m)	Transition (Constant Price)	Ongoing (Present Value)	Total (Present Value)	Average/year (Constant Price)	To Business (Present Value)
Low	N/A	N/A	N/A	N/A	N/A
High	N/A	N/A	N/A	N/A	N/A
Best Estimate	N/A	N/A	N/A	N/A	N/A

Description and scale of key monetised benefits by ‘main affected groups’

None. For the purpose of the EANDCB calculation, monetised benefit is given as zero.

Other key non-monetised benefits by ‘main affected groups’

By reducing fraud, the FTPF offence is expected to increase consumer confidence and ensure more money is directed towards legitimate businesses. There is also a wider socio-economic benefit as a reduction in fraud could result in lower emotional harms, victim support costs and law enforcement and Criminal Justice System (CJS) costs.

Business assessment (Preferred option)

Direct impact on business (Equivalent Annual) £m: (benefit – cost)

Cost, £m:	102
Benefit, £m:	0.0
Net, £m:	-102 (2024 PV prices)

Score for Business Impact Target (qualifying provisions only) £m:

£382.2m (2019 prices, 2020 PV)

Is this measure likely to impact on trade and investment?: N

Are any of these organisations in scope?

Micro:	N
Small:	N
Medium:	N
Large:	Y

What is the CO2 equivalent change in greenhouse gas emissions? (Million tonnes CO2 equivalent)

Traded:	N/A
Non-Traded:	N/A

People and specific impacts assessment (Preferred option)

Are all relevant Specific Impacts included?: Y

Are there any impacts on particular groups?: N

Evidence Base (for summary sheets)

Question 2

A.        Strategic objective and overview

Accepted Answer

A.1 Strategic objective

1. The strategic objective is to reduce crime, specifically fraud. Criminal activity can be enabled and perpetuated by organisations. The limited ability to hold organisations criminally responsible for fraud has raised concern that parts of corporate criminal liability law are not fit for purpose. This has created challenges in the successful prosecution of organisations for crime, particularly economic crimes.

2. Reform of corporate liability is required to protect the integrity of the UK as a safe place to conduct business. This means improving the ability for prosecutors to hold to account, and appropriately deal with, organisations whose employees, agents, or other associated persons perpetuate or facilitate economic crime. This includes clamping down on organisations without sufficient procedures in place to prevent the most common crime – fraud^{[footnote 1]}.

A.2 Background

3. In November 2020, the government recognised the need to introduce reform to corporate liability and commissioned the Law Commission to undertake a thorough examination of the issue. The Law Commission published a discussion paper setting out options for reform. They received 45 responses to the consultation and used these to inform a final options paper for government^{[footnote 2]}, published in June 2022. This paper sets out 10 options ranging from civil penalties to criminal prosecutions.

4. The government has considered the options and introduced two measures in the Economic Crime and Corporate Transparency Act 2023 (ECCT 2023), as the strongest options for reform. These are:

Amendment of the identification doctrine for economic crime (sections 196198 of ECCT 2023) and
The creation of a new criminal offence of corporate criminal liability for fraud committed by its agents for the organisation’s benefit – “failure to prevent fraud” (sections 199 to 206 and Schedule 13 of ECCT 2023).

5. This IA is exclusively concerned with the corporate criminal offence of failure to prevent fraud (see Option 2, section D): The new offence closely mirrors the Law Commission’s proposals, but the legislation also allows the Secretary of State for the Home Department (the Home Secretary) to make regulations to amend the offence (for example, by amending the list of base fraud offences)^{[footnote 3]}.

6. Under the law, an incorporated organisation or partnership is considered to have a distinct legal entity from its owners or officers and is considered a separate “legal person” in itself. As such, these organisations can be subject to criminal and civil liability. In the year to September 2020, there were over 5,000 convictions of non-natural persons, representing around 0.6 per cent of all convictions^{[footnote 4]}. These primarily relate to strict liability offences such as environmental, trading or health and safety offences. The government has recognised that the law must be improved to hold corporates accountable where their employees or other associated persons commit fraud.

Failure to Prevent Fraud

7. The failure to prevent fraud offence is intended to mirror the existing failure to prevent offences contained in sections 7, 8, and 9 of the Bribery Act 2010 (BA 2010) and Part 3 of the Criminal Finances Act 2017 (CF 2017).

8. The offence applies across the UK. Fraud legislation is devolved. In England and Wales, the offence covers a set of core fraud offences:

a. Fraud by false representation (section 2. Fraud Act 2006 (FA 2006)).

b. Fraud by failing to disclose information (section 3, FA 2006).

c. Fraud by abuse of position (section 4, FA 2006).

d. Obtaining services dishonestly (section 11, FA 2006).

e. Cheating public revenue (common law).

f. False accounting (section 17, Theft Act 1968 (TA 1968)).

g. Fraudulent trading (section 993, Companies Act 2006 (CA 2006)).

h. Participation in a fraudulent business (section 9, FA 2006).

i. False statements by company directors (section 19, TA 1968).

9. In Scotland and Northern Ireland, the offence covers equivalent core fraud offences, as set out in Schedule 13 of ECCT 2023^{[footnote 5]}.

10. The offence will apply where the fraud is committed by an employee or other associated person with a view to benefiting the organisation, or its clients^{[footnote 6]}.

11. A defence would be available where ‘reasonable procedures’ for the prevention of fraud had been implemented by the organisation (thus mirroring the approach taken in the CF 2017 for failure to prevent the criminal facilitation of tax evasion), with provision that in some circumstances it may be reasonable for no such procedures to be in place. The statutory defence in BA 2010 (failure to prevent bribery) is ‘adequate procedures’; the standard of ‘reasonable procedures’ has been determined to be no more onerous than that of ‘adequate’ procedures.

12. The offence will not have extra-territorial reach beyond the United Kingdom. The offence will only apply where the employee or associated person commits a relevant fraud offence under the law of part of the UK. This usually requires that one of the acts which was part of the underlying fraud took place in the UK, but for some offences, it is enough that the intended gain or loss occurred, or was intended to occur, in the UK. This is different from the ‘failure to prevent bribery’ offence, which applies if an organisation commits bribery outside the UK. This restriction will reduce the burden on organisations.

13. The burden of proving that the organisation had put in place reasonable prevention procedures, or that it was reasonable not to have any such procedures, should lay with the defence (that is, the organisation).

14. The sanction available for this offence would be an unlimited fine (mirroring the approach taken in the existing failure to prevent offences, both facilitation of tax evasion and bribery).

15. Section 206(3) of the ECCT 2023 adds the offence of failure to prevent fraud to Schedule 17 of the Crime and Courts Act 2013, which means that deferred prosecutions are available for this offence in England and Wales. Deferred prosecutions arrangements are not available in Scotland or Northern Ireland.

16. The government is required to publish guidance on the procedures that organisations can put in place to prevent fraud. As an organisation’s defence depends on demonstrating that it has reasonable procedures, where applicable under the circumstances, it is likely that whether an organisation is compliant with guidance will be a benchmark for determining reasonableness. This guidance was not available when estimating the regulatory impacts on organisations. To estimate compliance costs it is assumed that the guidance would be broadly similar to guidance for the existing offences of failure to prevent bribery and failure to prevent tax evasion.

A.3 Groups affected

17. The main groups affected by the measure are:

Large^{[footnote 7]} organisations and partnerships whose employees or other associated persons may be perpetrators of fraud.
The victims of corporate fraud, including the government - which may be a victim of cheating the public revenue - and other businesses, including small, medium and micro businesses.
Organisations and workers who would be required to change processes or undergo training to demonstrate that they have reasonable procedures to prevent fraud.
Prosecution agencies, such as the CPS and the SFO, who would have additional powers to pursue corporate prosecutions.
The court system which may have to try additional cases of failure to prevent fraud.

A.4 Consultation

Consultation within government

18. The following government departments and agencies were consulted during the development of this policy:

The Devolved Administrations (who consulted the devolved prosecution agencies).
Department for Business and Trade (DBT).
HM Revenue and Customs (HMRC).
HM Treasury (HMT).
Ministry of Justice (MoJ).
Serious Fraud Office (SFO).
Crown Prosecution Service (CPS).
Attorney General’s Office (AGO).
National Audit Office (NAO).
Cabinet Office (CO).
Department for Education (DfE).
Department for Health and Social Care (DHSC).
The Charity Commission.
Department for Levelling Up Housing and Communities (DLUHC).
Financial Conduct Authority (FCA).
The Pension Regulator.
The Environment Agency (specifically, the economic crime unit).
Ofgem.
NHS Counter-Fraud.
The Nuclear Decommissioning Authority (NDA).

Targeted consultation

19. In June 2021, the Law Commission published a discussion paper considering the present law relating to corporate criminal liability and options for reform^{[footnote 8]}.

20. These options fall into three categories and option a) does not exclude the others. Options b) and c) are alternatives:

a) Amending the identification principle for economic crime, that is, the principle by which economic crime committed by certain individuals in a company can result in liability for the company (in addition to liability for the individual). Various sub-options were considered, drawing on different legislative frameworks and experience in the US, Canada, Australia and the Netherlands.

b) Failure to prevent offences including an offence of failure to prevent fraud^{[footnote 9]}.

c) Civil options^{[footnote 10]} including:

Making a range of orders available in cases where a non-natural person is convicted of an offence. The discussion paper consulted on:
- Profit Orders, which would reflect the financial benefit gained from non-compliance and would be separate from any fine.
- Corporate Rehabilitation Orders, which “aim to rehabilitate the offender by ensuring tangible steps are taken that will address a company’s poor practices and prevent future non-compliance”.
- Publicity orders requiring notices to be placed in specialist media, thereby directing attention among users – and potential users – of a company’s services to their conviction.
A regime of administratively imposed monetary penalties.
Civil actions in the High Court. This would be a regime based on Serious Crime Prevention Orders under the Serious Crime Act 2007, but involving a power to impose monetary penalties as well as punitive and preventative measures that the corporation would be required to take.

A requirement for corporations to publish their anti-fraud policies, analogous to reporting requirements in the Companies Act 2006 or the Modern Slavery Act 2015^{[footnote 11]}.

21. The Law Commission’s consultation received 45 written responses. The results of the targeted consultation were not made public but some of the findings were included in the Law Commission’s final options paper^{[footnote 12]} of June 2022, which also assessed the existing “failure to prevent” offences, for bribery and the criminal facilitation of tax evasion.

22. The final options paper of June 2022 did not recommend profit orders and corporate rehabilitation orders (largely because of potential overlaps with existing regulators’ responsibilities). The other options were considered to be feasible.

23. Government decided to adopt option a) the proposed amendment to the identification principle and option b) a failure to prevent fraud offence. This is partly because the CPS expressed a preference for a failure to prevent fraud offence over the introduction of a new regime of administratively imposed monetary penalties, since there is experience of the existing failure to prevent bribery legislation^{[footnote 13]}.

24. Cost assessments of the different feasible civil options were not carried out, although the Law Commission did recommend that the implications for criminal justice costs should be examined if the civil route was selected. The large majority of costs are associated with implementing fraud prevention measures and these fall to businesses. It is likely that, in practice, these costs would be very similar to the costs presented in this IA, if the civil route had been selected.

Question 3

B.         Rationale for intervention

Accepted Answer

25. Fraud undermines the efficient operation of economies as it undermines the framework of contract law and reduces trust. This has the effect of raising transaction costs, deterring otherwise economically efficient trades.

26. This policy aims to reduce the amount of fraud conducted by organisations or their employees or other associated persons providing services on behalf of the organisation. The rationale for this policy is split into four sections:

Evidence that fraud committed by businesses is a problem in the UK.
Rationale for the choice of a “failure to prevent fraud” offence.
Discussion of the choice to restrict the offence to large organisations only.
Discussion of choice to include organisations that are not companies.

Evidence that fraud committed by businesses is a problem in the UK

27. Fraud is generally believed to be an under-reported crime.

28. It is known that some businesses engage in economic crime, including fraud, although the full extent of fraud committed by business is not known. Over the period 04/03/2024 to 21/07/2024, Companies House has removed records relating to 45,900 companies from the Register, owing to complaints about unauthorised use of names, addresses, and false mortgage applications.

29. Out of the 29 fraud cases on the SFO website, the majority concern companies, rather than individuals.

30. Some fraudulent businesses abused or attempted to abuse the COVID-19 “bounce back” loan scheme. Lenders stopped nearly £2.2 billion in potential fraud from the Bounce Back Loan Scheme and last year the government stopped or recovered £743 million of overclaimed grants in the Coronavirus Job Retention Scheme, the Self-Employment Income Support Scheme, and the Eat Out to Help Out Scheme. By building automated controls into the digital claim process, HMRC prevented more than 100,000 ineligible or mistaken claims on its employment support schemes^{[footnote 14]}.

31. The Economic Crime Survey 2020^{[footnote 15]} estimates that around 13 per cent of fraud experienced by businesses is perpetrated by other businesses (which may be competitors, suppliers or clients). Businesses may also perpetrate fraud against the public sector or against individuals.

32. Fraud committed by businesses is a recognised problem internationally^{[footnote 16]}, however the Home Office does not have reliable international data comparators.

Rationale for the introduction of the failure to prevent fraud offence

33. Individuals within companies can already be prosecuted for committing, encouraging, or assisting fraud. However, law enforcement agencies have identified numerous cases of fraud and false accounting where the current law has prevented them from prosecuting corporates when they appear to be the beneficiaries of fraud.

34. As discussed in paragraph 19 of this IA, the government commissioned the Law Commission to examine options for amendments to corporate criminal liability.

35. Government took forward two of the options in the Law Commission paper in ECCT 2023, namely, amendment to the identification principle (sections 196 to198) and the introduction of the offence of failure to prevent fraud (sections 199 to 206 and Schedule 13).

36. The amendments to the identification principle^{[footnote 17]} make it easier to hold the company to account (in addition to the individual) where a senior manager, acting in their capacity of senior manager, has committed an economic crime (including fraud).

37. However, there can be perverse incentives to overlook fraud committed by others. There is a principal-agent problem which arises due to asymmetric information and is evident at several levels: the principal [shareholders] are unable to observe and monitor the actions of agents [managers] responsible for daily business activities. This creates an asymmetry of information, where managers may make decisions or pursue fraudulent actions for their own self-interest. By extension senior leadership may line manage staff who may also not act in keeping with corporate policy or engage in otherwise fraudulent conduct.

38. The principal-agent problem is likely to be exacerbated where the principal faces no adverse consequences or may even benefit because of the fraud. Here there will be a temptation to ignore something they know is wrong.

39. The offence of failure to prevent fraud is designed to deal with cases where the organisation itself is an intended beneficiary of the fraud, although frequently, the individual fraudster will also benefit. It does not need to be demonstrated that company managers ordered or knew about the fraud.

40. The offence is intended to encourage organisations to develop procedures to prevent fraud, which should reduce opportunities for fraud to occur across the economy. This will benefit potential targets of fraud, such as businesses, individuals and the public sector.

41. The offence of failure to prevent bribery, introduced in the Bribery Act 2010, works in a similar way, by encouraging organisations to develop procedures to counter bribery. The Select Committee report on post-legislative scrutiny of the Bribery Act 2010^{[footnote 18]}, published in 2019 concluded that “the new offence of failure to prevent bribery offence is regarded as particularly effective, enabling those in a position to influence a company’s manner of conducting business to ensure that it is ethical, and to take steps to remedy matters where it is not. The assessment of many of our witnesses is that the Act is an example to other countries, especially developing countries, of what is needed to deter bribery.”

Discussion of the choice to restrict the offence to large organisations

42. Although well over 99 per cent of businesses are micro, small, or medium enterprises, large businesses account for almost half of the turnover and almost 40 per cent of employment by all businesses^{[footnote 19]}.

43. Fraud can be committed by businesses of all sizes from sole traders to multi-national conglomerates^{[footnote 20]}. It could be argued that the offence of failure to prevent fraud should be extended to organisations of all sizes.

44. However, in a micro, small, or medium company, it is expected to be easier to identify the perpetrator of a fraud than in a larger one. In 2022, the Law Commission noted that small organisations are more readily held to account using (then) existing corporate liability offences whilst large multi-national companies were able to evade action due to complex structures^{[footnote 21]}. The same discrepancy would also be expected to persist even after the introduction of the amendments to the identification principle^{[footnote 22]}.

45. In smaller, less complex organisations, it is deemed more straightforward to prosecute and therefore the benefits of a failure to prevent fraud offence are significantly lower. To avoid disproportionate burdens on small and medium companies, the government decided to restrict the offence of failure to prevent fraud to large organisations only. This is less restrictive than it may appear: Although a large majority of businesses are micro, small or medium enterprises, large businesses account for almost half of the turnover and almost 40 per cent of employment by all businesses.

46. If required, the threshold can be amended in future through secondary legislation, should it become apparent that smaller organisations should be brought into scope.

Discussion on the choice to include entities that are not companies

47. The offence applies to large, incorporated bodies and partnerships across all sectors of the economy. This includes, but is not limited to incorporation by^{[footnote 23]}:

The Companies Act 2006
Royal Charter
Statute (for example NHS Trusts)
The Limited Liability Partnerships Act 2000
The Co-operative and Community Benefit Societies Act 2014.

48. The offence also applies to partnerships which are not bodies corporate (including Scottish partnerships and Limited Partnerships formed under the Limited Partnerships Act 1907). Unincorporated organisations (other than partnerships) are not in scope. The offence also applies to bodies incorporated and partnerships formed outside the UK but with a UK nexus. By covering all incorporated organisations and organisations incorporated outside the UK but with a UK nexus, the offence is intended to be even-handed and to avoid potential loopholes that might be exploited by unscrupulous actors.

Question 4

C.         Policy objective

Accepted Answer

49. The intended outcome of these measures is to ensure fair and proportionate liability is placed on corporates for fraudulent wrongdoing, committed by senior management, other employees, agents or other associated persons providing services for or on behalf of the organisation. These measures will:

Make it possible to prosecute organisations that commit fraud or enable a poor corporate culture where regulatory requirements are ignored, thereby providing greater disincentive to engage in fraud.
Increase fraud detection and prevention methods in organisations and create an anti-fraud culture in business.

Question 5

D.         Options considered and implementation

Accepted Answer

50. The government has considered two options:

Option 1: ‘Do nothing’, this does not meet the government’s objectives.
Option 2: Create a new offence of failure to prevent fraud. The organisations in scope are large, incorporated organisations and partnerships. The two measures in this option are explained in more detail below.

51. Various civil law options were considered in the Law Commission paper (see paragraphs 19 of this IA) but, as discussed, the implications for businesses are expected to be similar and so they have not been presented here.

52. Option 2 covers all large bodies corporate and partnerships, where large is defined as following the definition in the ECCT 2023^{[footnote 24]}, sections 201 to 202^{[footnote 25]} that is they meet at least two of the following criteria:

More than 250 employees.
More than £36 million turnover.
More than £18 million on the balance sheet total

53. Note that this definition was taken from the CA 2006. In August 2024, Government consulted on amending the monetary parts of these definitions to take account of inflation since the last time that they were amended in 2013^{[footnote 26]}. Any potential amendments to the thresholds in CA 2006 will not affect the criteria in the ECCT 2023 and will therefore not affect the thresholds for the offence of failure to prevent fraud.

54. In September 2023, government published the “Medium sized business regulatory exemption assessment: supplementary guidance”^{[footnote 27]}. This uses substantially different definitions of a medium company to previous definitions. If this guidance were adopted, the number of companies in scope of the offence of failure to prevent fraud would be very significantly reduced, (there are approximately 11,008 entities with between 250 and 500 employees, see Annex L). For this reason, the Home Office is not intending to adopt this guidance.

55. The scope of organisations in Option 2 differs from that for the Failure to Prevent Facilitation of Tax Evasion offence, under Part 3 of the CF 2017^{[footnote 28]}, which applies to all bodies corporate and partnerships, regardless of size^{[footnote 29]}.

56. Option 2 is the government’s preferred option as it meets strategic and policy objectives and it should generate benefits relative to Option 1 ‘Do nothing’.

Preferred option and implementation date

57. Option 2 focuses on the largest entities, which employ nearly half of all workers. By excluding Small and Medium Businesses (SMBs), it also ensures that micro, small and medium sized organisations are not burdened and significantly reduces the overall cost to business of considering the impact of the offence. The definition of “large organisation” will be taken from sections 201 to 202 of the ECCT 2023^{[footnote 30]}.

58. The measure will come into effect once the guidance is published and an implementation period (expected to be at least six months after publication) is complete.

Question 6

E.         Appraisal

Accepted Answer

Entities in scope

59. The entities in scope of Option 2: the government’s preferred option, that are appraised (compared to Option 1 ‘Do-nothing’), in this section are any large ‘relevant body’ which is a body corporate or partnership (wherever incorporated or formed). Relevant organisations include UK incorporated bodies, taken to be companies and Limited Liability Partnerships (LLP), UK partnerships and foreign domiciled companies and partnerships with UK operations. It also includes incorporated non-profit organisations including some charities and some public sector bodies such as qualifying NHS Trusts.

60. Two sources, predominantly FAME but also Business Population Estimates (BPE) 2021 ^{[footnote 31]},^{[footnote 32]}, were used to estimate numbers of entities in scope. The distribution of entities in the UK^{[footnote 33]} is as follows:

For large firms: 11,008 companies, 141 other incorporated and branch entities, 1,275 non- commercial entities, and 30 partnerships (estimated from BPE).
For largest firms: 11,008 companies, 141 other incorporated and branch entities, 1,275 non- commercial entities, and 10 partnerships (estimated from BPE)^{[footnote 34]}.

61. Incorporated bodies in this section include public and private companies and LLPs, ordinary partnerships, other commercial organisations, and non-commercial organisations.

62. The entities in scope estimates were used to create costs for Option 2, as set out below:

a. In the low cost scenario, the entity-based definition has been used. This scenario is informed from the Economic Crime Survey (ECS) which found that 30 per cent of organisations stated that they have some form of anti-fraud policy in place^{[footnote 35]}. In this scenario organisations within this 30 per cent only incur costs in familiarisation and undertaking a risk assessment to determine whether their current measures are sufficient under this proposal. The remaining 70 per cent of the total number of larger organisations are expected to incur full costs under this scenario.

b. In the high cost scenario, the entity-based definition has been used. In the high scenario it is assumed that all companies determine they must implement full measures to ensure they are compliant with this new legislation. 100 per cent of the total number of larger organisations are in scope under this scenario.

c. In the best-case cost scenario, the entity-based definition has been used. This scenario is informed from the ECS which found that 15 per cent of organisations stated that they have some form of anti-fraud and corruption training in place^{[footnote 36]}. In this scenario organisations within this 15 per cent only incur costs in familiarisation and undertaking a risk assessment to determine whether current measures are sufficient under this proposal. The remaining 85 per cent of the total number of larger organisations are assumed to incur full costs under this scenario.

63. Non-commercial organisations are in-scope of the failure to prevent fraud offence. Those which fall under the Better Regulation Framework, interim guidance^{[footnote 37]} are included in estimates of organisations in scope and the costs. Local authorities, NHS trusts and other public bodies which do not fall under the Better Regulation Framework are not included in the estimates of organisations in scope or the EANDCB estimates. There were also not included in the wider NPSV due to the inability of robustly estimating the number that would fall in scope of the legislation This in explored in more detail the non-monetised costs section.

64. Using the entity-based definition means that a total potential of 24,900 organisations are in scope. A detailed explanation of how the organisations in scope were estimated is presented in Annex 1. The entity-based definition is used to reflect the maximum number of organisations in scope and reflects the upper bound of impacts of this proposal.

General assumptions and data

65. The analysis is based on the following general assumptions:

2024 to 2033: The analysis assumes that the measures come into force in 2024 and costs and benefits arise from that point onwards.
2024 price base year (calendar year) (PBY) and 2024 present value base year (calendar year) (PVBY).
A 3.5 per cent discount rate per the Green Book (2022)^{[footnote 38]}.
A reading speed of 300 words per minute with 80 per cent comprehension^{[footnote 39]}.
Assumes for the high scenario organisations in-scope do not have sufficient anti-fraud measures already in place and would need to implement further procedures to be confident of having a defence in the event of a prosecution for failure to prevent fraud.^{[footnote 40]}
The 2020 ECS found that 30 per cent of businesses undertake anti-fraud measures and 15 per cent have anti-fraud and corruption campaign/training^{[footnote 41]} in place^{[footnote 42]}. These estimates are used produce scenarios for the proportion of companies that have sufficient anti-fraud measure in place and form the range for the cost estimates. It is assumed that these anti-fraud procedures also cover fraud committed by employees which would benefit the company.
For the low scenario it is assumed that for all of the 30 per cent of companies who have anti- fraud measures in place they will deem these sufficient for the new regulation and will not incur further costs beyond familiarisation and risk assessment transition costs.
For the central/best scenario it is assumed that all of the 15 per cent of companies who have anti-fraud and corruption campaign/training in place will deem these sufficient for the new regulation and will not incur further costs beyond familiarisation and risk assessment transition costs.

66. The main data sources used for this analysis:

Business Population Estimates 2021^{[footnote 43]} used to inform numbers of organisations in scope and their employment.
Annual Survey of Hours and Earnings (ASHE) 2023^{[footnote 44]} used to inform wage costs.

67. As this measure was introduced during Bill passage, it was impossible to test estimates of impacts with stakeholders. So, the approach taken was to use guidance for comparable regulations to estimate costs, in particular guidance related the failure to prevent tax evasion and failure to prevent bribery offences. The IA accounted for the following:

That the burden of proof is on the organisation to demonstrate that its procedures are reasonable. HMRC use the reasonable procedures defence in the failure to prevent tax evasion offence and they have set out six principles for what constitutes reasonable procedures^{[footnote 45]}.
While the guidance set out the steps that organisations needed to take, the guidance does not set out the level of effort that organisations need to commit to. This means that the guidance alone does not allow the estimation of compliance costs for each step. Unfortunately, impact assessments or post-implementation reviews of other failure to prevent measures do not seem to exist, likely because both measures were introduced outside the better regulation framework^{[footnote 46]}. Hence, there were no previous cost assessments to draw upon.
Research to estimate the impact of failure to prevent bribery measures on small and medium sized organisations was published in 2015^{[footnote 47]}, This did not estimate cost impacts for large organisations.
This means that the analysis had to be based on judgements about the time taken to complete tasks. To validate the IA estimates, the IA estimates are compared with results for medium sized organisations contained in the research cited above.

68. Ideally, the analysis and the assumptions it makes would have been tested with stakeholders after Bill passage. As the guidance for failure to prevent fraud offence was not published at the time of writing, no consultation on the assumptions was possible before submission of the IA to the RPC. Several steps were taken to mitigate the risk this presents, including drawing assumptions from comparable existing failure to prevent regulations, using sensitivity analysis and commitments in the post implementation review on the validity of the assumptions following the publishing of the guidance.

Costs

Set-up costs

69. The set-up costs are based on costing organisations in scope using an entity-based definition. The entity-based approach is deemed the best estimate as it is assumed each individual subsidiary would want to tailor their own individual company policies.

70. Although the offence places no specific requirement on an organisation, it would be a defence, if prosecuted, for organisations to demonstrate that reasonable procedures were in place to prevent employees or other associated persons from committing fraud. In some circumstances it could be considered reasonable for there to be no procedures in place. It is assumed that organisations would follow guidance, set up systems and carry out training to ensure that they have a defence if prosecuted.

71. The guidance is expected to be similar to the guidance published for the offences of failure to prevent bribery and failure to prevent the facilitation of tax evasion^{[footnote 48]}. It is then assumed that the cost of developing reasonable procedures consistent with the guidance drives the costs.

72. The costing assumes that organisations need to undertake the following actions. These are the steps recommended in the Failure to Prevent Bribery guidance and the guidance for the offence of Failure to Prevent the Criminal Facilitation of Tax Evasion^{[footnote 49]}:

a. Familiarisation: This includes activities such as reading guidance; planning and mobilising resources; defining stakeholders and the scope of the project; identifying information sources and allocating responsibilities. It also includes setting control objectives and risk approach.

b. Risk assessment: This includes developing and populating a risk register. It also includes prioritising risks and testing risks against the companies control framework. The HMRC guidance states that procedures should be periodically reviewed. The IA therefore assumes that after the first year the risk assessment is refreshed annually but the costs of the refresh are much less than a full assessment^{[footnote 50]} as the initial required groundwork has already been done.

c. Communications: These include set-up costs from a statement to external audiences via company websites and costs every year where the management and Board set out their anti- fraud policies to staff.

d. Training: It is assumed that all staff receive on-line training from a commercial training provider. Existing guidance for similar offences requires companies to undertake training of staff and this has created significant demand for on-line training provision.

73. For the cost scenarios it is assumed that transition costs incurred differently for organisations based on whether they have sufficient existing measures in place. For the high scenario, it is assumed that no firms have sufficient measures already in place and all firms incur familiarisation, risk assessment, communication, and training costs as transition costs. For the low and best scenarios, where a proportion of companies already have sufficient measures in place it is assumed that these companies deem themselves to have sufficient measures already in place and only undergo familiarisation and risk assessment costs as transition costs. Familiarisation and risk assessment costs are assumed to still be incurred as companies will still need to become familiar with regulation and undergo a risk assessment to ensure that their current anti-fraud measures are in fact sufficient. Further detail on the methodology can be found in Annex 2.

74. The research on the impact of the Bribery Act 2010 clearly shows that compliance costs scale with organisation size^{[footnote 51]}. This is likely because larger organisations are more complex and will require more labour and total time inputs to complete a task. In the analysis, this is reflected in larger project teams for larger organisations. The number of people in the team is also a function of the range of interests in the organisation that would be expected to be involved in the project. For example, to test systems against fraud it is not unreasonable to expect that project members would be drawn from: Finance, HR, Procurement, and IT functions. The assumptions on project team size are given in Table 1.

Table 1, Project Team Sizes for Non-training Tasks and team costs ^{[footnote 52]}.

Size	Size (employees)	Core team size	Project Director	Core team rate £	Project director rate £	Blended rate /hr of input £	Non-wage Labour Costs	Blended opportunity cost of time £
Large	>250 < 500	4	1	24.08	33.19	24.43	22%	29.81
Largest	>500	5	1	24.08	33.19	24.52	22%	29.91

Source: ASHE 2023^{[footnote 53]}, DBT calculations

75. For the largest organisations it is assumed that the core team consists of five personnel^{[footnote 54]} working full-time who are managed by a project director^{[footnote 55]} who dedicates 20 per cent of their time to the project. The substantial input from senior staff is based on the current Bribery Act 2010 guidance which states that processes should show “top level commitment”. Also, the failure to prevent the criminal facilitation of tax evasion guidance states:

Those at the most senior levels of the organisation are best placed to foster a culture where actions intended to facilitate tax evasion are considered unacceptable. This principle is intended to encourage the involvement of senior management in the creation and implementation of preventative procedures. It is also intended to encourage senior management involvement in the decision-making process in relation to the assessment of risk, where this is appropriate,

page 25^{[footnote 56]}.

Table 2, Total Hours by Stage of Non-training Phase, 2022.

Set-up time by stage

	Large	Largest
Familiarisation	38	46
Risk assessment	104	128
Internal communications	13	16
External communications	13	16

Source: DBT calculations.

Familiarisation costs

76. All organisations in-scope are assumed to incur familiarisation costs when implementing this policy. Such costs are calculated by multiplying the hours taken by the blended opportunity cost of time. The main elements related to familiarisation are:

Team members reading 50 pages of guidance – the failure to prevent bribery guidance is 41 pages – which takes just over an hour per person^{[footnote 57]}, that is just over five hours for a large organisation and six hours for the largest.
Team members spend seven hours testing and defining control objectives and setting out plans and recommendations for senior leaders to discuss. This amounts to 29 hours for large organisations and 36 hours for the largest organisations.
A board or management team discussion of 30 minutes involving six people, that is three hours in total. This step is essential given that senior leaders will need to judge the level of risk they want to accept in determining what are reasonable procedures.

77. As noted above we have not managed to test these assumptions with organisations, but they represent a reasonable breakdown of tasks and steps for a reasonably complex project, which the guidance consulted suggests should receive high level commitment.

78. Multiplying these costs by the number of organisations for each of the entity sizes gives a familiarisation set-up cost estimate of £30.9 million (2024 prices) in year one in all scenarios.

Table 3, Total Familiarisation Costs (2024 prices)

Familiarisation	Total per Entity £	Low Estimate £m	Best Estimate £m	High Estimate £m
Large	1,122	14.0	14.0	14.0
Largest	1,363	16.9	16.9	16.9
Total	-	30.9	30.9	30.9

Source: DBT calculations. Numbers may not sum due to rounding.

Risk assessment

79. It would be very difficult for large organisations to demonstrate that they have reasonable procedures in place if they have not carried out, and recorded the results of, a risk assessment. The HMRC guidance on the failure to prevent tax evasion offence, which also uses a reasonable procedures defence, states that:

“It is also worth noting that in some limited circumstances it may be unreasonable to expect a relevant body to have prevention procedures in place. For example, where a relevant body has fully assessed all the risks and they are considered to be extremely low and the costs of implementing any prevention procedures are disproportionate or cost-prohibitive in relation to the negligible risks faced. However, it will rarely be reasonable to have not even conducted a risk assessment.”. HMRC guidance on failure to prevent tax evasion, page 24^{[footnote 58]}, bold emphasis added.

80. The risk assessment stage consists of time taken to gather information, evaluate and prioritise risks, test these risks and then agree the assessment at a senior level.

81. This is estimated to take up to 128 hours for the largest organisations. The estimated time taken is multiplied by the blended wage cost to give an estimate up to £3,809 per largest organisation. The main steps are:

Seven hours per team member to gather relevant information from desk research and internal and external discussions.
Ten hours per team member to develop a risk register and prioritise risks.
Seven hours per team member to test risks against controls.
A board or management team discussion of 30 minutes involving six people, that is three hours in total. This step is essential given that senior leaders will need to judge whether their anti- fraud procedures meet the failure to prevent fraud requirements and the test of reasonableness.

82. Multiplying these costs by the number of organisations gives a risk assessment set-up cost estimate of £86.0 million (2024 prices) in year 1 for all scenarios.

Table 4, Risk Assessment Set-up Costs (2024 prices)

Risk Assessment	Total per entity £	Low Estimate £m	Best Estimate £m	High Estimate £m
Large	3,105	38.7	38.7	38.7
Largest	3,809	47.4	47.4	47.4
Total	-	86.0	86.0	86.0

Source: DBT calculations, 2023. Numbers may not sum due to rounding.

Communications

83. These costs are based on the project team spending three hours each to draft, clear, legally check and place a statement on the company’s website setting out the steps it takes to tackle fraud. This is done once and not repeated^{[footnote 59]}. Similar effort is dedicated to internal communications to staff. These could include communications about codes of conduct, information cascades via huddles or team meetings or letters from senior leaders setting out the company’s anti-fraud policies to staff. Such costs are incurred by the organisations who have determined they require further anti-fraud measures to be put in place so that they comply with this new legislation.

84. In the low scenario it is assumed that 70 per cent of companies in scope are required to put in place further anti-fraud measures and will incur communications costs. In the best/ central scenario it is assumed that 85 per cent of companies in scope are required to put in place further anti-fraud measures and therefore will incur communication costs. In the high scenario it is assumed that 100 per cent of firms in scope are required to put in place further anti-fraud measures and will incur communication costs.

85. Multiplying the cost per entity by the number of organisations in scope estimates communications set-up costs of £14.7 million (2024 prices) in the low scenario, £17.8 million (2024 prices) in the best/ central scenario and £21.0 million (2024 prices) in the high scenario.

Table 5, Communications Set-up Costs (2024 prices)

Communications	Total per entity £	Low Estimate £m	Best Estimate £m	High Estimate £m
Large	754	6.6	8.0	9.4
Largest	930	8.1	9.8	11.6
Total	-	14.7	17.8	21.0

Source: DBT calculations, 2023. Numbers may not sum due to rounding.

Training

86. The training costs are a function of UK employment as well as the number of organisations as organisations will incur a cost per employee trained. Such costs are incurred by the organisations who have determined in their risk assessment to require further anti-fraud measures be put in place.

87. Business Population Estimate (BPE) employment data^{[footnote 60]} has been used to estimate the number of employees trained. All employees are expected to receive training in the first year. Estimates of unit costs are based on:

a. A base fee of £25 per trainee with a discount of up to 40 per cent for the largest organisations. The business model of providers is to charge a fee per trainee, though the fee varies by volume. The fee estimate, and the discount, is based on training to meet similar and comparable failure to prevent bribery requirements^{[footnote 61]}. In practice larger organisations might develop the training in house, assuming that the costs of the in-house option would be similar to the costs of external provision.

b. An opportunity cost of time based on the median hourly pay of all employees and a course length of one hour.^{[footnote 62]} This is similar to the length of course offered by on-line providers of failure to prevent bribery training.^{[footnote 63]}

c. Total employment of 10.6 million people, stated by the BPE. As organisations will not know who is likely to commit fraud, and the burden of proof is on the organisation to take all reasonable steps to prevent fraud, the analysis assumes that the organisation is likely to train all staff.

d. The cost of training time is calculated by adding the hourly fee for the training to the opportunity cost of one hour of an employee’s time. This is then multiplied by the number of employees.

88. In the low scenario it is assumed that 70 per cent of companies in scope are required to put in place further anti-fraud measures and therefore will incur training costs. In the best/ central scenario it is assumed that 85 per cent of companies in scope are required to put in place further anti-fraud measures and therefore incur training costs. In the high scenario it is assumed that 100 per cent of firms in scope are required to put in place further anti-fraud measures and therefore incur training costs.

89. Multiplying the cost per entity by the number of organisations in scope estimates training set-up costs of £289.9 million (2024 prices) in the low scenario, £352.0 million (2024 prices) in the best/ central scenario and £414.1 million (2024 prices) in the high scenario.

Table 6, Training Set-up Costs, £ million (2024 prices)

Training	Low Estimate	Best Estimate	High Estimate
Large	37.6	45.7	53.7
Largest	252.2	306.3	360.3
Total	289.9	352.0	414.1

Source: DBT calculations. Numbers may not sum due to rounding.

Total Set-up Costs

90. Total set-up costs (familiarisation, risk assessment, communications, and training) are estimated to be £421.5 million (2024 prices) in the low scenario, £486.7 million (2024 prices) in the central/best scenario and £552.0 million (2024 prices) in the high scenario.

Table 7, All FTPF Set-up Costs, £ million (2024 prices)

Total set-up costs	Low Estimate	Best Estimate	High Estimate
Familiarisation	30.9	30.9	30.9
Risk assessment	86.0	86.0	86.0
Communication	14.7	17.8	21.0
Training	289.9	352.0	414.1
Total	421.5	486.7	552.0

Source: DBT calculations. Numbers may not sum due to rounding.

Ongoing costs

91. The methodology for assessing the ongoing cost of FTPF is the same as that described in the set- up costs.

92. For the ongoing cost scenarios, it is assumed that costs are incurred differently for organisations based on whether they have sufficient existing measures in place. For the low and best scenarios, where a proportion of companies already have sufficient measures in place. It is assumed that those companies which deem themselves to have sufficient measures already in place undergo no ongoing costs. For the high scenario, it is assumed that no firms have sufficient measures already in place and all firms incur familiarisation, risk assessment, communication, and training costs as on-going costs.

Risk assessment

93. Ongoing risk assessment costs are calculated in the same way as they were for set-up. It is assumed that the risk assessment is refreshed annually but the costs of the refresh are much lower at 10 per cent of the set-up cost. This implies between 10 to 13 person hours each year to refresh the risk assessment in light of any events that have occurred during the year. It might also involve other tasks such as keeping central logs of training up to date. The cost is estimated to be £304 for large organisations and £374 for largest organisations.

94. In the low scenario it is assumed that 70 per cent of companies in scope are required to put in place further anti-fraud measures and therefore will incur on-going risk assessment costs. In the best/ central scenario it is assumed that 85 per cent of companies in scope are required to put in place further anti-fraud measures and will incur on-going risk assessment costs. In the high scenario it is assume that 100 per cent of firms in scope are required to put in place further anti-fraud measures and will incur on-going risk assessment costs.

95. Multiplying the cost per entity by the number of organisation in scope for years 2 to 10 estimates risk assessment ongoing costs of £6.0 million (PV 2024 prices) in the low scenario, £7.3 million (PV 2024 prices) in the best/ central scenario and £8.6 million (PV 2024 prices) in the high scenario.

Table 8, Ongoing Risk Assessment Costs (PV 2024 prices), Years 2 to 10

Risk assessment	Total per entity £	Low Estimate £m	Best Estimate £m	High Estimate £m
Large	310	2.7	3.3	3.9
Largest	381	3.3	4.0	4.7
Total	-	6.0	7.3	8.6

Source: DBT calculations. Numbers may not sum due to rounding.

Communications

96. Unlike external communication costs which are one off, organisations incur ongoing communications costs every year where the management and Board set out their anti-fraud policies to staff, calculated to be £377 for large and £465 for largest organisations. These communications establish that the organisation does not tolerate fraud, in line with the approach taken in the failure to prevent tax evasion guidance published by HMRC^{[footnote 64]}.

97. In the low scenario it is assumed that 70 per cent of companies in scope are required to put in place further anti-fraud measures and therefore will incur on-going communication costs. In the best/ central scenario it is assumed that 85 per cent of companies in scope are required to put in place further anti-fraud measures and will incur on-going communication costs. In the high scenario it is assumed that 100 per cent of firms in scope are required to put in place further anti-fraud measures and will incur on-going communication costs.

98. Multiplying the cost per entity by the number of organisations in scope for years 2 to 10 estimates communication ongoing costs of £7.3 million (PV 2024 prices) in the low scenario, £8.9 million (PV 2024 prices) in the best/ central scenario and £10.5 million (PV 2024 prices) in the high scenario.

Table 9, Ongoing Communications Costs (PV 2024 prices), Years 2 to 10

Communications	Total per entity £	Low Estimate £m	Best Estimate £m	High Estimate £m
Large	377	3.3	4.0	4.7
Largest	465	4.0	4.9	5.8
Total	-	7.3	8.9	10.5

Source: DBT calculations. Numbers may not sum due to rounding.

Training

99. In the low scenario, it is assumed that 70 per cent of companies in scope are required to put in place further anti-fraud measures and therefore will incur on-going training costs. In the best/ central scenario, it is assumed that 85 per cent of companies in scope are required to put in place further anti-fraud measures and will incur on-going training costs. In the high scenario, it is assumed that 100 per cent of firms in scope are required to put in place further anti-fraud measures and will incur on-going training costs.

100. Ongoing training costs are based on average staff turnover rates. Data from the Organisation for Economic Development (OECD) suggests that in 2022 average job tenure was 10.2 years^{[footnote 65]}. It is assumed around 10 per cent of staff are new each year and are retrained with a new employer. This is a reasonable assumption as the new employer has to demonstrate that they have taken all reasonable steps to prevent fraud.

101. Multiplying the cost per entity by the number of organisations in scope for years 2 to 10 estimates training ongoing costs of £28.5 million (PV 2024 prices) in the low scenario, £34.7 million (PV 2024 prices) in the best/ central scenario and £40.8 million (PV 2024 prices) in the high scenario.

Table 10, Ongoing Training Costs, £ million (PV 2024 prices), Years 2 to 10

Training	Low Estimate	Best Estimate	High Estimate
Large	3.7	4.5	5.3
Largest	24.8	30.2	35.5
Total	28.5	34.7	40.8

Source: DBT calculations. Numbers may not sum due to rounding.

Total ongoing costs

102. The total ongoing cost is estimated by summing the estimates for risk assessment, communications, and training costs.

103. Total ongoing costs scope for years 2 to 10 estimates a total of £41.9 million (PV 2024 prices) in the low scenario, £50.9 million (PV 2024 prices) in the best/ central scenario and £59.9 million (PV 2024 prices) in the high scenario.

Table 11, Per Year Ongoing Costs, £ million (Constant 2024 prices), Years 2 to 10

Total ongoing costs	Low Estimate	Best Estimate	High Estimate
Risk assessment	6.0	7.3	8.6
Communication	7.3	8.9	10.5
Training	28.5	34.7	40.8
Total per year 2024 con	41.9	50.9	59.9
Overall Total (PSV 2024)	318.7	387.0	455.3

Source: DBT calculations. Numbers may not sum due to rounding.

Total costs

104. Summing together set-up/ transition costs and ongoing costs produces total cost for each scenario. For the low scenario the total cost is estimated to be £740.2 million (PV 2024 Prices), in the central/best scenario the total cost is estimated to be £873.7 million (PV 2024 Prices) and in the high scenario the total cost is estimated to be £1,007.3 million (PV 2024 Prices).

105. To provide assurance over these costs, the average costs implied by our cost modelling for large and larger companies are compared to the costs for medium sized organisations of complying with the failure to prevent bribery offence contained in the research cited earlier.

106. The logic being that the costs in this IA should exceed those identified in the research given that the research finds that costs scale with organisational size.

The average per organisation costs in the central scenario are:

i. For large organisations, set up costs are around £8,500 (2024 prices) and on-going costs are £900 (2024 prices) per annum in the central scenario.

ii. For the largest organisations, set up costs are £30,100 and on-going costs are £3,100 in the central scenario. The higher costs reflect the fact that the largest organisations – those with more than 500 employees – account for a substantial proportion of UK employment^{[footnote 66]}.

In the research on the failure to prevent bribery offence ^{[footnote 67]}, medium organisations reported that the costs incurred to date, which we took to be a proxy for set up costs^{[footnote 68]}, of around £4,600 (£5,920 PY2024). With the mean annual costs of bribery prevention procedures^{[footnote 69]} being almost £2,000 (£2,570 in PY2024).
This comparison suggests that estimated set up costs are higher for large and largest organisations than for medium businesses in the research. This is explainable given that training accounts for a high share of the costs for the largest organisations and that employment is disproportionately concentrated in the largest organisations. These will therefore have much higher costs per organisation given that costs partly scale with employment.
On-going costs for large organisations are less than the research suggests for medium organisations; however, average costs for the largest organisations are higher but are perhaps not as high as might be expected. This suggests that the on-going costs in this IA could be underestimating for large business. There is a possibility that is this is partly explained by the increase in average UK job tenure since the research was undertaken^{[footnote 70]}. However, this is unlikely to explain the whole difference. Consequently, the scale of ongoing costs incurred by organisations will be directly considered as an evaluation question in the post implementation review.
Notwithstanding this, given the absence of information to work from in assessing the costs to large and largest organisations, this analysis suggests that the IA cost estimates are a mostly reasonable attempt to capture the cost implications of this policy. However, the comparison also underlines the importance of obtaining data to understand the validity of this IA’s compliance cost estimates, especially on-going costs, in the first post-implementation review.

Table 12, Total Costs, £ million (PV 2024 prices)

Cost Category	Low Estimate	Best Estimate	High Estimate
Set-Up Cost	421.5	486.7	552.0
PSV Recurring Cost	318.7	387.0	455.3
NPSV	740.2	873.7	1,007.3

Source: DBT calculations. Numbers may not sum due to rounding.

Non- Monetised Costs

107. The main non-monetised cost is the possible increase in CJS costs. After consultation with the CPS and SFO, additional court cases are expected to be low and consequently any additional costs are expected to be modest.

108. Some public sector bodies such as Local Authorities and NHS Trusts will be affected by the measure. It has not been possible to ascertain the number of organisations that fall into the large and the largest categories and therefore in scope of the legislation. Therefore, the costs to the public sector are non-monetised in this analysis. The average costs per public sector organisation that falls under the legislation is expected to be similar to those experienced by the entities costed in this IA. It is expected that a number of these public sector bodies will have sufficient anti-fraud procedures already in place and therefore will not occur the full amount of additional costs as a result of this legislation. However, the proportion of public sector bodies which have these already in place is uncertain. The cost of this policy to public sector bodies will be specifically covered in the post implementation review.

Benefits

109. There is an absence of data on the incidence and associated losses of corporate fraud, which makes it difficult to quantify benefits for the measures. This IA only provides a qualitative assessment of benefits.

110. This legislation aims to reduce the incidence of corporate criminality through behavioural and cultural changes.

Non-monetised benefits

111. The main benefit of this legislation is the cultural change it is intended to create. This change is expected to result in a deterrent effect where increased awareness and corporate liability may deter would-be fraudsters. The threat of criminal liability will encourage organisations to put fraud- prevention measures in place which can reduce fraud as:

The new offence allows for an organisation to be held responsible for failing to prevent fraud carried out by any employee or other associated person: Historically corporate criminal offences have applied only when the person considered to be the “directing mind” of the organisation has committed the offence. In large organisations, where junior management may historically have committed offences to inflate their teams’ performance to senior management, the scale of offences and subsequent losses may be considerable. A new failure to prevent fraud offence aims to incentivise organisations to stop these offences taking place and therefore is likely to reduce the level of fraud and associated losses.
It can enable increased detection of fraudulent conduct. Staff awareness of fraud will increase their ability to detect fraud by others and reduce the temptation to conduct fraudulent activity themselves. The benefits rely somewhat on the cultural changes that are expected when most large organisations are in scope.

112. Having greater fraud prevention procedures in place could improve confidence in doing business in the UK. Widespread organisational cultural change would demonstrate that organisations in this country are committed to preventing fraud and could enhance the global economic reputation of the UK, increasing international confidence in conducting business here.

113. As the main benefit is deterrence, a significant increase in prosecutions is not expected: The SFO has prosecuted the failure to prevent bribery offence (introduced in 2010) three times in the last 13 years^{[footnote 71]}, ^{[footnote 72]},^{[footnote 73]},^{[footnote 74]} and the CPS has also prosecuted the offence^{[footnote 75]}. It is likely there will be more fraud prosecutions due to relative scale of fraud compared to that of bribery. The government does anticipate the use of a Deferred Prosecution Agreements (DPAs) which have been used ten times since the introduction of the failure to prevent bribery offence^{[footnote 76]}, see, for example^{[footnote 77]},^{[footnote 78]},^{[footnote 79]}. DPAs involve companies reaching an agreement with a prosecutor, where the company is charged with a criminal offence, but proceedings are automatically suspended. The company agrees to a number of conditions, which may include payment of a financial penalty, payment of compensation and implementation of a corporate compliance programme. In addition, DPAs are publicly available and, as such, are intended to drive wider cultural change.

114. The exclusion of small and medium-sized businesses^{[footnote 80]} might be expected to reduce the possible benefits and the potential for cultural change. This effect is not anticipated to be large, since small and medium-sized organisations are more readily held to account using existing corporate liability offences. Moreover, it is possible that small and medium sized businesses may adopt some of these practices resulting in spill-over benefits.

Table 13, Summary of Monetised Costs and Benefits, £ million (PV 2024 prices), over 10 years 2023.

Description	NPSV Scenarios
Set-up cost	High	Best	Low
Familiarisation	30.9	30.9	30.9
Risk Assessment	86.0	86.0	86.0
Communication	14.7	17.8	21.0
Training	289.9	352.0	414.1
Total set-up cost	421.5	486.7	552.0
Ongoing cost
Risk Assessment	45.8	55.6	65.4
Communication	55.8	67.7	79.7
Training	217.1	263.7	310.2
Total ongoing cost	318.7	387.0	455.3
Total cost	740.2	873.7	1,007.3
Benefit	N/A	N/A	N/A
Total benefit	N/A	N/A	N/A
NPSV	-740.2	-873.7	-1,007.3
BNPV	-740.2	-873.7	-1,007.3
EANDCB (2019 prices, 2020 PV)	64.8	76.4	88.1

Source: Home Office and DBT, own estimates. Numbers may not sum due to rounding.

Summary of non-monetised benefits

115. This captures large organisations, where challenges prosecuting corporate fraud are currently greatest.

116. With all large organisations in scope, an increase in positive corporate culture is expected. This is intended to reduce the level of fraudulent activity, benefitting potential victims of fraud (including the public sector).

117. This is evidenced by the House of Lords post-legislative scrutiny of the BA 2010 (which created the failure to prevent bribery offence), which noted that organisations have seen improved corporate anti-bribery culture^{[footnote 81]}.

118. Though the exclusion of small and medium-sized organisations^{[footnote 82]} will limit the scale of a cultural shift, there is potentially a spill-over effect where some SMBs may adopt similar measures.

Value for Money (VfM)

119. To be considered value for money a policy must meet its strategic objectives. Failure to Prevent Fraud meets its strategic objectives of a) Reducing crime, specifically fraud. Specifically, that enabled and perpetuated by organisations. b) Protecting the integrity of the UK as a safe place to conduct business. c) Strengthening the ability for prosecutors to hold to account, and appropriately deal with, organisations whose employees, agents, or other associated persons perpetuate or facilitate economic crime. This includes clamping down on organisations without sufficient procedures in place to prevent the most common CSEW recorded crime – fraud^{[footnote 83]}. The progress of the policy against its strategic objectives will be a specific evaluation question in the post implementation review.

120. Failure to prevent fraud has a highly negative NPSV. Whilst there has been a monetisation of the costs, the benefits are qualitative. Consequently, the estimated NPSV in this IA cannot be considered indicative of the overall value for money for society.

121. The benefits of this legislation are non-monetisable due to an absence of data on the incidence and losses of corporate fraud. The benefits are predominately driven by improvements in the behaviour and culture within organisations in regard to fraud. This will aim to then reduce fraud committed by these organisations against both other organisations and individuals.

122. Breakeven analysis is not possible because a Home Office approved cost of fraud to businesses does not exist. A cost of fraud to businesses is vital to determining the number of frauds that would need to be prevented by the policy for its benefits to breakeven with its cost. The cost of fraud to individuals is available but research^{[footnote 84]} ^{[footnote 85]} indicates that this is significantly smaller than the cost of fraud to business, and therefore would not be suitable for analysis.

123. Fraud is the most common CSEW recorded crime with large costs to society. The total cost of fraud against individuals in England and Wales was estimated to be at least £6.8 billion in 2019^{[footnote 86]}. Whilst there is no official Home Office estimate of the cost to society of fraud against businesses, unofficial external research indicates that the total cost of fraud against businesses may be significantly higher than against individuals^{[footnote 87]}. Consequently, any reductions in fraud because of this legislation could have significant societal benefits and offset the costs estimated in this IA.

124. Additionally, having greater fraud prevention procedures in place could improve confidence in doing business in the UK by demonstrating that organisations in this country are committed to preventing fraud. This could enhance the global economic reputation of the UK, increasing international confidence in conducting business here which, whilst non-monetisable, could provide significant benefits to society.

125. The costs of the policy solely fall on business. The largest costs are attributable, across both set-up and ongoing, to the training costs. The remaining costs predominately stem from the costs to employees in terms of familiarisation, risk assessment and communication.

126. Consequently, the NPSV cannot be considered in this case to be exclusively indicative of the overall VfM to society of this legislation. Whilst there are significant costs borne on businesses, due to the scale of harm that fraud causes to society. A reduction in fraud because of this policy has the potential to provide significant benefit to society and increase its wellbeing.

Place based analysis

127. As the obligations fall on large organisations, the spatial impacts will follow the distribution of entities and their economic activities.

Sensitivity Analysis

128. Sensitivity analysis was undertaken for the key assumptions for where there is remaining uncertainty. The lack of guidance at the time of writing means that these assumptions could not be tested with stakeholders. Whilst there is evidence to validate that the assumptions are reasonable, the validity of the assumptions will be tested in the post implementation review. The sensitivity analysis explores how the overall cost of the policy changes in the face of the assumptions varying.

Number of Entities which have Sufficient Measures in Place Already

129. Many organisations will have measures in place to prevent fraud against them. The FTPF offence is concerned with preventing fraud that benefits the organisation. In some cases, the existing measures may be sufficient to do this, in other cases, organisations will need to develop new measures.

130. The sensitivity analysis estimates how the total cost of the implementing the FTPF policy varies for when different proportions of organisations conclude they have sufficient existing measures in place and therefore do not need to implement additional measures.

131. Whilst the estimates drawn from the ECS allow a range of costs to be constructed. The ECS estimates may not be directly applicable to this new legislation and the proportion of companies who have sufficient measures in place may fall below the low estimate or at different levels between the low and high estimate. Consequently, sensitivity analysis has been conducted to demonstrate how the overall cost of implementing the FTFP policy varies for different proportions of companies who need to implement new anti-fraud measures to be compliant with the new measures.

132. The sensitivity analysis utilises the same methodology as the low and best/central scenarios. The ECS provides estimates on the proportions of companies who may have sufficient existing measures in place for these scenarios. Full methodology for the sensitivity analysis is in Annex 2.

133. The sensitivity analysis provides overall costs estimates for each decile for the proportion of companies who need to implement anti-fraud measures.

134. The sensitivity analysis estimates that if all the organisations have appropriate communications and training in place, that is, they only need spend on familiarisation and risk assessment), then the total cost for the policy will be £116.9 million (PV 2024). If half of the firms have the appropriate communications and training in place, then the total cost for the policy will be £562.1 million (PV 2024). If none of the firms have appropriate communication and training in place, then the total cost of the policy will be of £1,007.3 million (PV 2024).

Table 14, Sensitivity analysis of total costs, £ million (PV 2024) as a result of changing the number of businesses that already have measures in place and do not have to implement any changes.

Proportion of businesses in scope which implement new procedures to prevent employees committing fraud	Total £ million (PV 2024)
0%	-116.9
10%	-206.0
20%	-295.0
30%	-384.0
40%	-473.1
50%	-562.1
60%	-651.2
70%	-740.2
80%	-829.2
85%	-873.7
90%	-918.3
100%	-1,007.3

Source: Home Office and DBT analysis

Training Costs

135. Training costs are around 70 per cent of the total cost of this legislation in the central scenario. The assumptions used to estimate training costs were based on similar comparable to failure to prevent bribery training. The lack of existing guidance on the failure to prevent fraud offence means that there is a degree of remaining uncertainty around the training costs. This prevents training costs assumptions being tailored precisely to the legislation and the ability to test any assumptions with stakeholders.

136. Consequently, sensitivity analysis is conducted to understand the impact on the overall NPSV of the policy of these assumptions being different to that used in the estimation.

Changes to the Discount Rate for Training

137. One of the important assumptions in the training cost is the discount rate offered to companies. Whilst the rate used in the main estimates is based on training to meet similar and comparable failure to prevent bribery requirements^{[footnote 88]}. The sensitivity analysis explores the impact on overall NPSV of the policy of the average training rate differing from the main assumption used in the analysis.

138. Table 14 shows the impact on the overall NPSV of the policy of changing the training discount rate. This shows that, a 10 per cent change in the training discount results in a 5 per cent change in the NPSV. For the central scenario, if the training discount fee was only at 10 per cent the NPSV for the policy would decrease to -£1,006.6m (PV 2024). If the training discount rate is higher at 60 per cent then the NPSV increases to -£785.1m (PV 2024).

Table 15, Sensitivity analysis of total costs, £ million (PV 2024) as a result of changing the training discount rate

Training Discount Rate (%)	High NPSV (PV 2024 Prices, £m)	Central NPSV (PV 2024 Prices, £m)	Low NPSV (PV 2024 Prices, £m)
10%	-849.6	-1,006.6	-1,163.6
20%	-813.1	-962.3	-1,111.5
30%	-776.7	-918.	-1,059.4
40% (Main)	-740.2	-873.7	-1,007.3
50%	-703.7	-829.4	-955.2
60%	-667.2	-785.1	-903.1
70%	-630.7	-740.8	-850.9

Source: Home Office and DBT analysis

Percentage of Staff That Need to Undergo Training

139. One of the important assumptions is the assumption around the number of staff that entities deemed to require training. The main assumption is that all employees will be required to undertake training. This assumption is deemed reasonable as organisations will not know who is likely to commit fraud. As the burden of proof is on the organisation to take all reasonable steps to prevent fraud, the analysis assumes that an organisation is likely to train all staff.

140. However, the lack of guidance at the time of writing meant it was impossible to test this assumption with stakeholders. Consequently, the sensitivity analysis explores the impact on the overall NPSV of the policy of changing assumption on the number of staff that are required to undergo training. For every 10 per cent decrease in the number of staff who require training, the overall NPSV increases by 7 per cent.

141. Table 16 shows that, for the central scenario, if the percentage of staff trained was only at 10 per cent the NPSV for the policy would increase to -£319.7 million (PV 2024). If the percentage of staff needing to be trained was 50 per cent the NPSV for the policy would increase to -£565.9 million (PV 2024). If the percentage of staff needing to be trained was 90 per cent the NPSV for the policy would increase to -£812.2 million (PV 2024).

Table 16, Impact on overall NPSV from Changing the Percentage of Staff who require training

Largest and Large Firms	High (PV 2024 Prices, £m)	Central (PV 2024 Prices, £m)	Low (PV 2024 Prices, £m)
100% (Main)	-740.2	-873.7	-1,007.3
90%	-689.5	-812.2	-934.9
80%	-638.8	-750.6	-862.4
70%	-588.1	-689.1	-790.0
60%	-537.4	-627.5	-717.6
50%	-486.7	-565.9	-645.2
40%	-436.0	-504.4	-572.7
30%	-385.3	-442.8	-500.3
20%	-334.6	-381.2	-427.9
10%	-283.9	-319.7	-355.5
0%	-233.2	-258.1	-283.0

Source: Home Office and DBT analysis

Changes to the Core Team size

142. Another important assumption in this assessment is around core team size. For the largest firms, this is assumed to be five full-time staff, with four assumed to be the core team size of large firms. In both cases these teams are managed by a project director who dedicates 20 per cent of their time to the project. This input from senior staff is based on the current Bribery Act 2010 guidance which states that processes should show “top level commitment”. The assumption on the level of staffing in the central scenario was provided by DBT therefore sensitivity analysis assesses the effect of core size on NPSV.

143. Table 17 shows the effect on NPSV if firms of both sizes had increased or decreased the size of their core teams relative to the central scenario in the analysis. If the firms had a smaller core team size, to three staff for large firms and four for the largest firms, NPSV would increase to around - £820.9 million (PV 2024). If firms had increased core team size, to six for the largest firms and five for large firms, NPSV would increase to -£926.5 million (PV 2024) in the central scenario.

Table 17, Changes to the Core Team size reviewing the Legislation (Largest and Large firms)

	High (PV 2024 Prices, £m)	Central (PV 2024 Prices, £m)	Low (PV 2024 Prices, £m)
Smaller teams (Large firms = 3 staff, Largest firms = 4 staff)	-692.6	-820.9	-949.3
Main scenario (Large firms=4, Largest Firms = 5 staff)	-740.2	-873.7	-1,007.3
Bigger teams (Large firms = 5 staff, Largest firms = 6 staff)	-787.8	-926.5	-1,065.3

Source: Home Office and DBT analysis

Changes in time taken to complete tasks outlined in the legislation

144. There are multiple assumptions in place around the time taken for firms to familiarise themselves with the guidance, develop a plan, risk assessment, and take measures against those risks. This also includes oversight required by seniors to deliver these changes. Such assumptions are informed by the current Bribery Act 2010 guidance.

145. Table 18 shows the effect of these tasks taking both 10 per cent longer and 10 per cent less time than the main assumptions in the central scenario on NPSV. Such shifts in the time taken to complete task could result in a 3% change in NPSV. If tasks take 10 per cent longer, NPSV decreases to - £899.0 million (PV 2024) in the central scenario. If tasks are performed 10 per cent quicker, NPSV increases to -£848.5 million (PV 2024) in the central scenario.

Table 18, Changes to time taken to complete tasks outlines in the legislation

Time taken to complete the task	High (PV 2024 Prices, £m)	Central (PV 2024 Prices, £m)	Low (PV 2024 Prices, £m)
10% less time taken	-717.4	-848.5	-979.6
Main Assumptions	-740.2	-873.7	-1,007.3
10% more time taken	-762.9	-899.0	-1,035.0

Source: Home Office and DBT analysis

Small and micro business assessment (SaMBA)

146. There will be no direct impact on small, medium and micro-businesses as the offence will apply to large organisations only. Small, medium and micro-businesses will be exempt and are out of scope of this policy.

147. Fraud is committed by businesses of all sizes from sole traders to multi-national conglomerates^{[footnote 89]}. It could be argued that the offence of failure to prevent fraud should be extended to organisations of all sizes and that the exclusion of SMBs could undermine the policy’s ability to meet its objectives.

148. However, in a small or medium company, it is expected to be easier to identify the perpetrator of a fraud than in a larger one^{[footnote 90]}. In 2022, the Law Commission noted that small organisations are more readily held to account using (then) existing corporate liability offences^{[footnote 91]} whilst large multi-national companies were able to evade action due to complex structures^{[footnote 92]} and also noted that the same discrepancy would be expected to persist even after the introduction of the amendments to the identification principle^{[footnote 93]}).

149. In smaller, less complex organisations, it is deemed more straightforward to prosecute and therefore the potential benefits of a failure to prevent fraud offence are significantly lower when applied to these SMBs. At the same time, they would potentially face disproportionate implementation burdens if not exempt. Consequently, the government decided to restrict the offence of failure to prevent fraud to large organisations only.

150. The post implementation review will specifically consider an evaluation question around if the exclusion of SMBs has undermined the ability to of the policy to meet its objectives. The threshold can be amended in future if required through secondary legislation.

151. Small and medium businesses may benefit from the expected reduction in fraud committed by large corporates.

152. As discussed in paragraphs 53 to 54, the definition of large business used in the ECCT 2023 is different to the new definition in the “Medium sized business regulatory exemption assessment: supplementary guidance”. Using the latter definition would lead to all businesses with fewer than 500 employees from being exempt from the offence and would therefore be likely to significantly reduce the intended effects of the FTPF measure.

153. Large organisations may put contractual clauses on small ones that provide services for them or on their behalf. This may result in small and medium and micro-businesses incurring some costs in relation to putting in place anti-fraud procedures. The associated costs are expected to be low, since the anti-fraud procedures would be restricted to measures designed to prevent the contractors (the small companies) from committing fraud that benefits the large organisation or its clients.

154. There is a very small risk that large organisations in scope of this legislation are deterred from engaging with organisations that are out of scope of this legislation. Large organisations in scope of this legislation could perceive those not covered by this legislation as more likely to pose a higher risk of fraud. This could result in large organisations passing up engagement with companies not covered by this legislation, which do not have to put fraud procedures in place, in favour of companies which are covered by this legislation where the perceived risk of fraud could be lower.

Question 7

F.          Proportionality

Accepted Answer

155. Given the potential impacts, this IA follows a high evidence approach as set out in Regulatory Policy Committee (RPC) guidance^{[footnote 94]}. This IA:

a. Clearly sets out the policy, the rationale for it and its objectives.

b. Sets out how organisations would be affected and monetised these where possible and fully set out how these were modelled with assumptions used.

c. Drawn on existing data sources, for example, Companies House through Fame^{[footnote 95]} and BPE.

d. Given the circumstances of the measure’s introduction it has not been possible to test assumptions with stakeholders. However, costs have been tested against the costs of comparable measures and scenario analysis has been used to show the impacts of changing assumptions.

e. Clearly states where impacts are direct or indirect and whether they fall within scope of the EANDCB (see table 19).

f. Sets out how the Home Office envisages the benefits will be realised. Given the absence of data, quantification of the benefits was not possible.

Question 8

G.        Risks

Accepted Answer

Economic and analytical risks, and uncertainties

156. The biggest risk is the inability to quantify the benefits of introducing a FTPF offence.

157. Not being able to estimate CJS costs is a risk. The CJS costs: due to an absence of evidence on potential volumes, this has not been estimated. The Home Office expects case volumes and therefore CJS costs to be low.

158. Without enforcement a partial adoption of these measures is possible. The analysis assumes that all companies will put measures in place and thus carry costs of doing so. It is possible some organisations may choose not to put precautions and checks in place. This would reduce both the cost to business and the benefits from a cultural shift outlined above.

159. Whilst the ECS is the best available evidence for estimating the proportion of organisations that have existing fraud prevention measures, there are four main risks arising from the use of ECS: (1) The ECS dates from 2020 and may be outdated despite being the most recent data available, (2) the results cover the full range of organisational sizes and may not be representative for the just the large and largest organisations that are in scope of this legislation,(3) that the proportion of companies that have anti-fraud measures and anti-fraud training in place are not accurate proxies from which to estimate low and central scenarios from and (4) the fraud prevention measures that some companies report having in the ECS does not cover fraud committed for the benefit of the organisation, therefore they do not accurately reflect the measures that would align with the guidance. The impact of these risks could be that the estimates of the low and best cost scenarios are not accurate. Consequently, sensitivity analysis has been conducted to demonstrate how the overall cost of implementing the FTFP could change if the proportion of companies that need to put in place sufficient measures varied from the scenarios.

160. A significant risk is that the IA was finished before the guidance for the legislation has been produced and published. This means that there is a risk that there is a misalignment between the IA and the guidance. This risk is mitigated by drawing guidance from existing failure to prevent legislation- taking the assumption that the guidance for the failure to prevent fraud offence will be similar. However, there is a remaining risk that the guidance deviates from previous guidance for other failure to prevent offences. This risk has been mitigated by including additional sensitivity analysis to understand the impact of changes to the assumptions on the overall estimates. Additionally, the post implementation review will specifically evaluate the validity of the assumptions following the guidance being published and any impacts of this on the overall NPSV of this policy.

161. This risk is compounded by the inability to test assumptions with stakeholders, as would usually be expected, due to the guidance not being published at the time of writing this IA. The risk presented by this was mitigated though transparency in the evidence and rationale behind the generation of the assumptions - that they have been drawn from existing failure to prevent offences. Alongside this, sensitivity analysis of has been undertaken to understand the impact on the overall NPSV of the assumptions deviating from the estimate used in the IA. Additionally, these assumptions will be tested in the post implementation review through assumption specific evaluation questions to understand the accuracy of those used in the analysis.

162. The assumptions or estimates made were derived from the existing guidance for the offences of failure to prevent bribery and failure to prevent the criminal facilitation of tax-evasion and used the best available information. Highlighted below are the assumptions where there are remaining uncertainties, driven by the absence of the specific FTPF guidance at time of writing, and the steps taken to mitigate the risks presented by this:

The training costs are DBT internal estimates based on market costs and durations for comparable training courses. This includes a discount on the per person fee for large and largest companies. The size of the discount was based on providers offering courses for similar offences (for example, failure to prevent bribery). Some providers noted and provided indicative discounts for larger training cohorts. As training costs are around 70 per cent of the total cost of this legislation in the central scenario. There is a risk that if the discount estimate is not reflective on the true discount being provided for training in large and largest organisations then there could be a significant impact on overall cost of this legislation to businesses. The risk is mitigated by undertaking sensitivity analysis to explore how the cost of the policy changes in the face of varying these assumptions and having specific evaluation questions on assumptions in the post implementation review to understand their validity.
A main assumption for training costs is that all employees will be required to undertake training. This assumption is deemed reasonable as organisations will not know who is likely to commit fraud. As the burden of proof is on the organisation to take all reasonable steps to prevent fraud, the analysis assumes that an organisation is likely to train all staff. However, the lack of guidance meant it was impossible to test this assumption with stakeholders. The risk is mitigated by undertaking sensitivity analysis to explore how the cost of the policy changes in the face of varying these assumptions. Additionally, these assumptions will be tested in the post implementation review through assumption specific evaluation questions to understand the accuracy of those used in the analysis.
The number of staff that form the team that undergoes the necessary work in regard to familiarisation, risk assessment and communications is based on the expectation that a range of individuals from different departments would be involved in complying, and documenting compliance, with the regulations. From familiarisation and planning to conducting risk assessments and dissemination. There is a risk that the estimate around the number of staff required to perform these tasks is not reflective of the true number of staff and this would then have an impact on the overall cost of this legislation to businesses. The risk is mitigated by undertaking sensitivity analysis to explore how the cost of the policy changes in the face of varying this assumption. Additionally, all assumptions will be tested specifically in the post implementation review to understand the accuracy of the assumption used in the analysis.
There is uncertainty around the extent of the time and labour commitment involved in each task involved in complying, and documenting compliance, with the regulations. Time taken to complete tasks were estimates based on the time a reasonably competent person would need to complete a task. There is a risk that there are these time estimates is not reflective of the true time taken to complete these tasks. This would then have an impact on the overall cost of this legislation to businesses. The risk is mitigated by undertaking sensitivity analysis to explore how the cost of the policy changes in the face of varying these assumptions. Additionally, these assumptions will be tested in the post implementation review through assumption specific evaluation questions to understand the accuracy of those used in the analysis.

163. Non-commercial organisations not covered by the Better Regulation Framework^{[footnote 96]}, for example, local authorities are not included in the estimates of the numbers of organisations in scope. Whilst there was an intention to include these organisations in the sider NPSV, robust estimates for the number of public sector bodies in scope could not be calculated. This means that the costs to these bodies cannot be monetised, and so have not been included in the monetised NPSV. The cost of the legislation to public sector bodies will be specifically considered in the post implementation review.

164. There is a risk that organisations undertake further actions beyond those covered in the scope of this IA. In this case, the costs arising from this legislation could be higher than estimated. The guidance issued on this legislation will allow firms to be properly informed on the necessary procedures needed so to provide an adequate defence in the case of a prosecution. This should mean that it is unlikely that firms will take additional steps.

Main assumptions in the analysis

165. In-scope organisations fully adopt the steps set out in the guidance for the offence of failure to prevent fraud.

166. The actions set out in the guidance to provide a reasonable defence in case of prosecution for failure to prevent fraud will be similar to those relating to existing failure to prevent offences.

Question 9

H.         Direct costs and benefits to business calculations

Accepted Answer

Table 19, FTPF direct costs and benefits to business £ million (2024 prices), over 10 years

	BIT scope	Direct / Indirect	Central Scenario
Set-up cost		Direct	486.7
On-going cost		Direct	457.9
Total cost		Direct	944.6
Benefits(1)		Indirect	0.0
NPSV		Indirect	-873.7
BNPV		Direct	-873.7
EANDCB (2019 prices, 2020 Base Year)	Y	Direct	76.4

Source: Home Office, own estimates.

Note: Option 2 applies to all large organisations.

(1): Qualitative assessment only for benefits. Estimates of NPSV and EANDCB assume that the measure comes into force in 2024 and the costs arise from that point on.

Question 10

I.            Wider impacts

Accepted Answer

167. No groups with protected characteristics are disproportionately affected by this new legislation.

168. It is not expected that this legislation will have any wider impact against the environment, behaviours or incentives or society in general.

169. There is a possibility that the there is an unintended impact on the behaviour of organisations that are already putting place sufficient anti-fraud procedures. There is a chance that this firms may further improve their behaviours so to maintain a higher standard of anti-fraud procedures than organisations. This is especially likely to be the case for organisations which market or pride themselves on having better anti-fraud procedures than others. In this case this may cause organisations to incur costs even when they already meet the procedures that would provide them sufficient defence in the event of prosecution.

Competition and Innovation Test

170. The proposed reforms affect companies across all sectors, and therefore no major competition and innovation impacts have been identified. The proposals will help strengthen and protect businesses and also consumers who are the target of fraud from those who aim to abuse the current corporate framework.

171. There is a chance that the exemptions of SMBs could provide them a competitive advantage. This may arise from organisations who fall under this legislation incurring the additional costs associated with the policy. This could be especially true for organisations just either side of the inclusion criteria, with organisations falling just below the thresholds and not incurring any costs gaining an advantage against competitors who fall above the threshold and do incur costs. However, it is very unlikely that the average cost to a business around the threshold are large enough to produce any meaningful competitive disadvantage for those who incur the costs.

Justice Impact Test

172. Failure to prevent fraud: As the main benefit is deterrence, a significant increase in prosecutions is not expected. Since the failure to prevent bribery offence was introduced under BA 2010, the SFO has prosecuted three corporations and has implemented nine DPAs while the CPS has prosecuted one case and implemented one DPA under this legislation. Overall, therefore, the Home Office does not expect a high number of criminal proceedings relating to failure to prevent fraud.

Question 11

J.          Trade Impact

Accepted Answer

173. No impact on trade. This measure will apply to UK registered corporates and will apply equally to UK residents and non-UK residents who own UK companies. Foreign domiciled corporates would only be impacted to the extent that they operate a UK branch or operate a UK subsidiary, or if they, or their associated persons commit a fraud that causes a loss to victims in the UK. The measure does not discriminate between country of domiciliation. This measure is consistent with the UK’s international trade obligations.

174. It is highly unlikely FTPF will deter foreign-domiciled companies opening a UK branch as a result of this legislation.

Question 12

K.         Monitoring and evaluation plan

Accepted Answer

175. The Home Office is required to carry out a post implementation review of the measure within five years after implementation.

176. As this measure is expected to have a significant impact on businesses, the Home Office will take a high evidence approach to evaluating this legislation. The RPC guidance and both the Green Book and Magenta Book^{[footnote 97]} sets out best practice and what a high evidence approach requires. This includes:

A clear statement as to whether the measure has met the obligation.
A thorough approach to consultation and research, normally including formal and wide-ranging consultation of the affected agents and analysis of published data sources, and commissioning of bespoke research if necessary. A comprehensive survey with high response rates to capture outcomes for business should be employed, as should an empirical impact evaluation with well-designed counterfactual.
A thorough explanation for the recommendation to renew, revise, remove or replace.
A rigorous scrutiny of all key assumptions underpinning the original assessment and a detailed analysis of the counterfactual, aimed at identifying methodological errors which might have influenced original impact estimates.
Detailed considerations of the scope for the amending legislation, especially if the original measure was costly to business, and a discussion of the feasibility and purpose of the proposed amendments.
Conclusions with reference to evidence from a wide range of stakeholders, including industry groups, civil society organisations and independent experts.
Evidence from a wide variety of data sources, for example, survey/desk research/academic literature/studies etc.
Considerations and discussion of unintended consequences and the wider effects of the policy.
A discussion of the limitations and uncertainties related to analysis identified in the original IA.
A discussion of the level of compliance with regulations under review.
A consideration of lessons for future IAs and, if considered necessary, a re-calculation of the estimates of benefits to business.

177. The Home Office propose that the post-implementation review is led by the Home Office, with input from DBT, MoJ, Devolved Administrations, CPS, SFO and devolved prosecutors and, potentially, the Law Commission.

178. The post implementation review will be informed by the methods used in the post implementation review of the Bribery Act 2010^{[footnote 98]}. The Home Office will engage with businesses. The exact approach will be defined closer to the time of the PIR, but a survey with businesses is suggested as an appropriate mechanism: consideration will need to be given as to whether this could form part of any existing surveys with businesses. This could cover:

Awareness of the offence^{[footnote 99]}
Costs of developing and implementing fraud prevention measures.
Perceived benefits.
Unintended consequences for businesses.
Seek feedback from law enforcement on the impact from the legislative change on fraud investigations, prosecutions, and deferred prosecution agreements.
Seek feedback from other stakeholders, such as corporate investigators, providers of anti- fraud training and other specialists or professional bodies who may be consulted by companies when putting in place their fraud prevention procedures^{[footnote 100]}.

179. In addition to this suggested survey, the Home Office proposes to use a mix of primary and secondary data sources to assess the impact of the measure on businesses. Potential sources of data include, but are not limited to:

a) The Economic Crime Survey;

b) Uptake of counter-fraud training programmes by eligible businesses;

c) Estimated costs associated with developing fraud prevention plans;

d) Any sector-specific reviews and surveys.

180. The post implementation review will specifically consider evaluation questions regarding the assumptions used in the analysis and assess whether these were accurate and identify any impact of errors in these assumptions to the overall cost of this legislation. Some of the assumptions and estimates that will be reviewed will include but not be limited to:

The overall cost of the legislation.
The cost to public sector bodies.
The number of organisations in scope of the legislation who introduced new anti-fraud procedures.
The training cost assumptions for both set-up and on-going costs
The assumptions around the number of staff and time needed to conduct the familiarisation, risk assessment and communications.
Any impacts or costs on the CJS.

181. A significant challenge was that guidance had not yet been published when the IA was written. This meant that the assumptions could not be tested with stakeholders, or it be known if the guidance would differ from the existing guidance for failure to prevent bribery and tax evasion offences that the assumptions in this IA were drawn from. The post implementation review will specifically look at the continued validity of the assumptions and the estimation of overall cost following the publishing of the guidance.

182. The post implementation review will also consider evaluation questions considering the progress of the policy against its objectives – which are to reduce fraud, and to improve the ability for prosecutors to hold to account, and appropriately deal with, organisations whose employees, agents, or other associated persons perpetuate fraud. The review will specifically consider an evaluation of if the exclusion of SMBs has undermined the ability to of the policy to meet its objectives.

183. The post implementation review will make recommendations, based on the available data or will recommend seeking additional information before determining whether any amendments should be made to the legislation or its implementation.

184. The government does not intend to monitor in relation to Public Sector Equality Duty specifically.

185. Sections 201(6) to (7) of the ECCT 2023 allow the Home Secretary to amend the criteria for an organisation to be in scope of the offence. The post implementation review will also assess the extent to which smaller businesses have voluntarily adopted the fraud prevention measures suggested in the guidance.

Question 13

L.         Annexes

Accepted Answer

Annex 1: Detailed methodology for estimating organisations in scope of failure to prevent fraud Approach, Entity-based definition

1. To estimate the number of companies in scope, including subsidiaries of other companies, the number of active UK companies that were above the VAT threshold was estimated in the following categories:

Large entities and largest entities that meet two or three of the following criteria^{[footnote 101]}:

a) more than 250 employees.

b) more than £36 million turnover.

c) more than £18 million in total assets.

2. For the purposes of the costing, the large entity count was equally split between large and largest categories. A breakdown of all companies by employment in FAME^{[footnote 102]} indicated that the number of companies with global employees in the 250 to 499 employee size and was broadly similar to the number with more than 500 global employees.

3. In total, there are around 2.2 million companies above the VAT threshold, with a size breakdown given in Table A.3.

Table A.1: Number of companies and LLPs by size, entity based definition

Corporate Body Size	Company & LLPs Size
Large	11,008
Largest	11,008

Source: FAME download, accessed 2 August 2022

Total number of companies in scope

4. Under Option 2, the total number of large companies in scope using an entity-based definition is 22,340, employing 10.6 million people.

Partnerships

5. The BPE was used to estimate the number of partnerships in scope and their total employment as it is the one source that provides entity numbers and UK employment data. The same number of partnerships has been used for both group and entity definitions. This means that the number of partnerships in scope is less than 50 partnerships, employing 34,000 people.

Table A.2: Number of UK partnerships

Corporate Body Size	Size Employees	Partnership Size
Large	250 to 499	30
Largest	500 or more	10

Source: Business Population Estimates, Table 3, 2021^{[footnote 103]}

Table A.3: Employment by partnership size

Corporate Body Size	Size Employees	Partnership Size
Large	250 to 499	34
Largest	500 or more	24

Source: Business Population Estimates, Table 3, 2021 (see footnote 13).

Note some size categories had to be estimated as some published figures were suppressed to avoid disclosure.

Other commercial organisations and UK activities of overseas incorporated companies Other commercial organisations

6. There are several other types of commercial entities that would be defined as organisations. These include:

Unlimited companies, that is incorporated companies where shareholders have unlimited liability for any losses.
Companies established by Royal Charter.
Companies incorporated by statute.
Industrial and Provident Companies and Registered Societies.
Partnerships formed under the Limited Liability Partnerships Act 2000
Companies incorporated abroad.

7. The offence applies to partnerships which are not bodies corporate (including Scottish partnerships and Limited Partnerships formed under the Limited Partnerships Act 1907).

8. These should already be included in the group-based definition, and employment estimates, sourced from the BPE provided the corporate is above the VAT threshold. For the entity-based definition, it is estimated that around 14,500 entities fall within these categories. The sizing data is sparse so in the absence of more specific data it is assumed that the size distribution of these companies follows that of the wider company population with employees.

UK activities of overseas incorporated companies

9. Foreign entities can carry out business in the UK either via the creation of a UK company; or it can establish a branch^{[footnote 104]}. In terms of how they affect the estimates:

Any foreign owned but UK domiciled companies will be included in the company number estimates, provided the company is trading above the VAT threshold.
There are, according to Companies House statistics^{[footnote 105]}, around 13,600 overseas companies in the UK which are branches of foreign domiciled companies with a physical presence in the UK.
If these branches exceed the VAT threshold, then they will be included in the Inter- Departmental Business Register (IDBR) (a comprehensive list of UK businesses used by government for statistical purposes) counts upon which the BPE estimates are derived that is they should be included in the group-based estimate for numbers of companies and total employment.
However, they are not included in the count of companies in the entity-based estimate for numbers of companies. This means that overseas companies are excluded from the company count.

10. There is no size data for UK branches of foreign domiciled companies. In the absence of more specific data, it is assumed that the size distribution of these organisations follows that of the wider UK company population which employs staff. As the employment estimate derived from the BPE was used, employment in UK branches of foreign registered companies should be caught (provided the branch is above the VAT threshold).

Non-commercial organisations

11. The failure to prevent fraud measure will cover all large, incorporated bodies whether they are commercial or not. The estimates in the previous sections only included commercial incorporated bodies. This section costs the impacts of non-commercial incorporated bodies. Only costs to entities that are covered by the Better Regulation framework^{[footnote 106]} and are described under section 27 (5) of the Small Business, Enterprise and Employment Act 2015^{[footnote 107]} are considered. Annex 2 of this IA sets out the range of entities covered by the measure and of those which are covered by the framework.

12. The FAME sizing data was sparse for the entity count so, the same approach was applied to size other organisations, that is to assume it follows the distribution of companies with staff. This is a reasonable assumption as data from the National Council for Voluntary Organisations (NCVO) shows that the size distribution of general charities is skewed in a similar way to companies^{[footnote 108]}.

This means that using an entity-based definition are, the number of large non-commercial bodies in scope is 2,550, employing 1.3 million people.
The total number of organisations in-scope was estimated by summing the number of large companies, partnerships and non-commercial bodies estimated above. These yields:
- Under the entity-based definition: 24,888.

Annex 2: Methodology used to Calculate Costs from proportion of firms who will have to implement new anti-fraud measures in Scenarios and in Sensitivity Analysis

13. The calculation of the low, best/central and high scenarios follows an identical methodology to the sensitivity analysis. The scenarios use specific proportions of firms having to implement new anti- fraud measures as a result of this legislation. Whilst the sensitivity analysis estimates the cost at intervals of 10 per cent for the proportions of firms having to implement new anti-fraud measures as a result of this legislation.

14. Familiarisation and risk assessment set up costs are assumed to apply across all companies who have to familiarise themselves with the regulation and conduct a risk assessment to assess whether current procedures are sufficient.

15. Training and communication set-up costs alongside all on-going costs are then assumed only to be incurred when a company decides that current anti-fraud procedures are not sufficient. Such costs are calculated at intervals of 10 per cent of the total number organisations in scope. From 0 per cent - whereby no organisations in scope need to implement any further procedures, to 100 per cent - where all organisations in scope need to implement new procedures. This is the policy’s high estimate.

16. The familiarisation and risk assessment costs which are uniform for each interval were then added to the training, communication and on-going costs for each interval to produce a total cost estimates for each interval for the proportion of organisations that need to implement procedures to prevent employees committing fraud.

Annex 3: Organisations covered by failure to prevent fraud offence and whether in scope of better regulation framework (BRF)

Table A.4, Organisations covered by FTPF and whether in scope of BRF, 2022.

Entity	Incorporated and therefore within scope of FTP Fraud?	In scope BRF
Companies limited by shares, LLPs, ordinary partnerships	Yes, CA 2006 or other	Yes
Companies limited by guarantee (CLG)	Yes, CA 2006	Yes
Community Interest Companies (CIC)	Yes, CICs are companies for community causes and are incorporated as other companies^{[footnote 109]}	Yes
Registered Societies	Yes^{[footnote 110]}	Yes
Industrial and Provident Societies	Yes^{[footnote 111]}	Yes
Charitable Incorporated Organisation, including Scottish Charitable Incorporated Organisation	Yes, but non-CA 2006.	Yes
Local Authorities	Yes	No
Trade Unions	No, unincorporated associations of individuals^{[footnote 112]}.	Yes
NHS Trusts	Yes	No
Police forces	No	No
Government departments	No
Schools – Local Authority maintained	Yes	No
Unincorporated business, for example, sole traders	No	Yes

Specific Impact Test Checklist

Mandatory specific impact test Statutory Equalities Duties

Statutory Equalities Duties

These measures create an offence for failure to prevent fraud to create a culture change to increase fraud prevention and detection.

Any burden is placed on the corporate entity and not directly on individuals. Individuals may be impacted indirectly in a professional capacity due to their role in the company and may be prosecuted separately to the measures.

The failure to prevent fraud offence is intended to create a cultural change within organisations and increase preventative measures against fraud. This is likely to have a positive impact on individuals who may have been vulnerable to fraud and will implement measures to decrease the risk of fraud.

Safeguards exist in relation to the prosecution of a company that governs the use of both measures for all business-types. Prosecutors must act in accordance with the Code for Crown Prosecutors – prosecutors can only start prosecutions if satisfied that the case meets both stages of the two-code test:

1. The prosecutor is satisfied that there is sufficient evidence to provide a realistic prospect of conviction. Factors that could be considered include identifying the correct corporate from the outset that is accurately named; the employer/employee relationship is outlined; the directing mind must be clearly identified, and their status and functions established.

2. The prosecutor is satisfied that the prosecution is required in the public interest. Factors that could be considered include: a history of similar conduct by the corporation; the alleged conduct is part of the practices of the company; failing to report the conduct; or, against prosecution: a positive approach to remedial action; the existence of a proactive and effective compliance programme; the offending represents the isolated actions by one individual.

SaMBA Impact Summary

There will be no direct impact on small, medium, and micro-businesses as the offence will apply to large organisations only. Small, medium, and micro-businesses will be exempt and are out of scope of this policy. This is to reduce the compliance burden on smaller organisations, who will have fewer resources to enable them to understand and implement reasonable fraud prevention procedures. Small and medium businesses may benefit from the expected reduction in fraud committed by large corporates.

The SRO has agreed these summary findings from the Equality Impact Assessment.

Complete: Yes

Per the Crime Survey for England and Wales, Appendix ,Table 3, fraud constitutes 40 per cent of estimated crime against individuals. https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/datasets/crimeinenglandandwalesappendixtables ↩
“Corporate Criminal Liability: an options paper”, Law Commission, June 2022: https://lawcom.gov.uk/project/corporate- criminal-liability/ and Corporate Criminal Liability Options Paper: https://s3-eu-west-2.amazonaws.com/cloud-platform- e218f50a4812967ba1215eaecede923f/uploads/sites/30/2022/06/Corporate-Criminal-Liability-Options-Paper_LC.pdf ↩
By “base fraud offences”, we mean the offences that are covered by the offence of failure to prevent fraud, as set out in Schedule 13 of ECCT 2023. ↩
https://www.lawcom.gov.uk/project/corporate-criminal-liability/ page 1 - Ministry of Justice, Criminal Justice system statistics quarterly, September 2020, Table Q5.1. The need for cautioned arises because, according to the Ministry of Justice, ambiguity in the status of small business owners can lead to individual defendants being recorded as corporations, and, by implication, vice versa (for instance, some corporations were recorded as having received sentences only available to natural persons, such as community or custodial sentences. Figures up to September 2020, as opposed to more recent figures, have been used because of the disruption caused to prosecutions due to COVID-19. ↩
ECCT 2023, Schedule 13: https://www.legislation.gov.uk/ukpga/2023/56/schedule/13 ↩
If the entity were a victim of fraud, consideration of fault would not arise. ↩
Where large is defined as following the Companies Act 2006 definition - that is they meet two out of three of the following criteria: more than 250 employees, more than £36 million turnover and more than £18 million in total assets. ↩
https://www.lawcom.gov.uk/law-commission-seek-views-on-corporate-criminal-liability/ ↩
Other failure to prevent offences, not directly relevant to this IA, were examined. These include failure to prevent human rights abuses, failure to prevent ill-treatment or neglect and failure to prevent computer misuse. ↩
The Law Commission paper notes that this is the general approach taken in Italy. ↩
The proposals were that this reporting requirement would be based on either the reporting requirements in the Companies Act 2006 section 414CB (the non-financial and sustainability information statement) or the requirement in section 54 of the Modern Slavery Act 2015. ↩
“Corporate Criminal Liability: an options paper”, Law Commission, June 2022: https://lawcom.gov.uk/project/corporate- criminal-liability/ and Corporate Criminal Liability Options Paper: https://s3-eu-west-2.amazonaws.com/cloud-platform- e218f50a4812967ba1215eaecede923f/uploads/sites/30/2022/06/Corporate-Criminal-Liability-Options-Paper_LC.pdf ↩
See sections 11.110 and 11.111 of the Law Commission’s Corporate Criminal Liability: an options paper: https://s3-eu-west-2.amazonaws.com/cloud-platform-e218f50a4812967ba1215eaecede923f/uploads/sites/30/2022/06/Corporate-Criminal-Liability- Options-Paper_LC.pdf#page=194 ↩
Government Action on Fraud in COVID-19 Support Schemes - GOV.UK (www.gov.uk) updated May 2024: https://www.gov.uk/government/publications/government-action-on-fraud-in-covid-support-schemes/government-action-on- fraud-in-covid-support-schemes ↩
The Economic Crime Survey 2020 (www.gov.uk):https://www.gov.uk/government/publications/economic-crime-survey-2020 ↩
For example, the US Department of Justice lists 30 ongoing federal fraud cases against corporations: https://www.justice.gov/corporate-crime/corporate-crime-case-database?f%5B0%5D=cases_index_list_component%3A4271 ↩
Economic Crime and Corporate Transparency Act 2023, sections 196 to 198: https://www.legislation.gov.uk/ukpga/2023/56/part/5/crossheading/attributing-criminal-liability-for-economic-crimes-to-certain- bodies ↩
“The Bribery Act 2010: post-legislative scrutiny” House of Lords Select Committee, published March 2019: https://publications.parliament.uk/pa/ld201719/ldselect/ldbribact/303/303.pdf ↩
Business population estimates for the UK and regions 2023: statistical release, published 5 October 2023:https://www.gov.uk/government/statistics/business-population-estimates-2023/business-population-estimates-for-the-uk-and- regions-2023-statistical-release ↩
For example, the Serious Fraud Office (SFO) website lists 29 serious fraud cases, some completed, some ongoing. The perpetrators or alleged perpetrators range from individuals to small companies to international consortia: https://www.sfo.gov.uk/our-cases/ ↩
Section 3.69 to 3.72: “Corporate Criminal Liability: an options paper”, Law Commission 2022. ↩
The Law Commission report states “Even with a modest expansion of the identification principle this discrepancy would be likely to persist. If, for instance, the doctrine were expanded to allow identification on the basis of the culpability of a single senior manager , there will inevitably continue to be cases in which a small company would be convicted, but not a large company, because it would be inherently more likely that in the small firm senior managers would be closer to the level at which misconduct took place and therefore more likely to have the knowledge needed to fix the company with liability.” Note that this is exactly the amendment that was included in the Economic Crime and Corporate Transparency Act 2023 (sections 196 to 198). ↩
Note that some charities are incorporated and would therefore be in scope if they meet the criteria to be considered a “large organisation” as described in the legislation. ↩
The definition is in the Economic Crime and Corporate Transparency Act 2023, section 201. Note that this is the same as the definition in the Companies Act 2006, but that definition will be updated, while the one in the ECCT 2023 will remain. ↩
Economic Crime and Corporate Transparency Act 2023, section 201 to 202: https://www.legislation.gov.uk/ukpga/2023/56/section/202/2023-12-26 ↩
https://www.gov.uk/government/calls-for-evidence/smarter-regulation-non-financial-reporting-review-call-for-evidence/smarter- regulation-non-financial-reporting-review-call-for-evidence#fn:4 ↩
https://www.gov.uk/government/publications/better-regulation-framework/medium-sized-business-regulatory-exemption- assessment-supplementary-guidance–2 ↩
Criminal Finances Act 2017, Part 3: https://www.legislation.gov.uk/ukpga/2017/22/part/3 ↩
See the guidance, “ Corporate offences for failing to prevent criminal facilitation of tax evasion”: https://www.gov.uk/government/publications/corporate-offences-for-failing-to-prevent-criminal-facilitation-of-tax- evasionCorporate offences for failing to prevent criminal facilitation of tax evasion - GOV.UK (www.gov.uk) ↩
See footnote no. 28 ↩
The figures were from BPE 2021. Business population estimates for the UK and regions 2021: statistical release (HTML) - GOV.UK: https://www.gov.uk/government/statistics/business-population-estimates-2021 ↩
Fame - Digital Marketplace – Fame is a source of company information in the UK and Ireland: https://www.digitalmarketplace.service.gov.uk/g-cloud/services/279752966611539 ↩
The offence of failure to prevent fraud applies across the UK, ↩
Note that if government had used the definitions of small and medium business in the “Medium sized business regulatory exemption assessment: supplementary guidance”, as mentioned in paragraphs 53 to 54 only companies with more than 500 employees would be in scope of the offence. ↩
Economic Crime Survey 2020 - GOV.UK (www.gov.uk): https://www.gov.uk/government/publications/economic-crime-survey- 2020/economic-crime-survey-2020#section5 ↩
Economic Crime Survey 2020 - GOV.UK (www.gov.uk): https://www.gov.uk/government/publications/economic-crime-survey- 2020/economic-crime-survey-2020#section5 ↩
Better regulation framework: interim guidance - GOV.UK: https://www.gov.uk/government/publications/better-regulation- framework ↩
The Green Book (publishing.service.gov.uk): https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1063330/Green_Book_2022. pdf ↩
Free Speed Reading Test: How fast do you read? (readingsoft.com): https://readingsoft.com/ ↩
Sensitivity analysis has been undertaken to consider the impact on costs if this assumption does not hold and there are already companies which have sufficient anti-fraud measures in place and therefore do not have to change behaviour as a result of this regulation. ↩
There is no way of disentangling the level of training/communication in place. ↩
Economic Crime Survey 2020 - GOV.UK (www.gov.uk): https://www.gov.uk/government/publications/economic-crime-survey- 2020/economic-crime-survey-2020#section5 ↩
Business population estimates for the UK and regions 2021: statistical release (HTML) - GOV.UK:https://www.gov.uk/government/statistics/business-population-estimates-2021 ↩
Median Earnings and hours worked, occupation by four-digit SOC: ASHE Table 14 - Office for National Statistics (ons.gov.uk) ↩
See here: Corporate criminal offences of failure to prevent the facilitation of tax evasion (pinsentmasons.com): https://www.pinsentmasons.com/out-law/guides/corporate-criminal-offences-of-failing-to-prevent-the-facilitation-of-tax-evasion- #:~:text=A%20defence%20of%20reasonable%20prevention,to%20be%20procedures%20in%20place. ↩
The Bribery Act 2010 was introduced before the better regulation requirements were introduced under the Small Business, Enterprise and Employment Act 2015 (SBEE 2015); the failure to prevent tax evasion offence was introduced after SBEE 2015 but was introduced as a tax measure. ↩
Insight into awareness and impact of the Bribery Act 2010 Among small and medium sized enterprises (SMEs): https://assets.publishing.service.gov.uk/media/5a809f87e5274a2e8ab5134c/insight-into-awareness-and-impact-of-the-bribery- act-2010.pdf (publishing.service.gov.uk) ↩
Bribery Act 2010 guidance: https://www.justice.gov.uk/downloads/legislation/bribery-act-2010-guidance.pdf ↩
Corporate offences for failing to prevent criminal facilitation of tax evasion - GOV.UK (www.gov.uk): https://www.gov.uk/government/publications/corporate-offences-for-failing-to-prevent-criminal-facilitation-of-tax-evasion ↩
It is assumed the refresh costs will be 10 per cent of the cost of the original assessment. Source: DBT ↩
Insight into awareness and impact of the Bribery Act 2010 Among small and medium sized enterprises (SMEs) (publishing.service.gov.uk), page 29: https://assets.publishing.service.gov.uk/media/5a809f87e5274a2e8ab5134c/insight-into- awareness-and-impact-of-the-bribery-act-2010.pdf#page=32 ↩
ASHE 2023 Figures uplifted by GDP Deflator to 2024 Calendar Year Prices:https://www.gov.uk/government/statistics/gdp-deflators-at-market-prices-and-money-gdp-september-2023-quarterly-national- accounts ↩
Employee earnings in the UK - Office for National Statistics: https://www.ons.gov.uk/employmentandlabourmarket/peopleinwork/earningsandworkinghours/bulletins/annualsurveyofhoursand earnings/2021#related-links ↩
Median hourly pay rates from ASHE for all employees in SOC 242: Business, Research and Administrative Professionals. ↩
Median hourly pay rates from ASHE for all employees in SOC 113: Functional managers and directors. ↩
https://assets.publishing.service.gov.uk/media/5a82aaa0e5274a2e8ab58b82/Tackling-tax-evasion-corporate- offences.pdf#page=25 ↩
Based on a reading speed of 300 wpm at 80 per cent comprehension. This is an average reading speed for an adult. ↩
https://assets.publishing.service.gov.uk/media/5a82aaa0e5274a2e8ab58b82/Tackling-tax-evasion-corporate- offences.pdf#page=24 ↩
For example, companies like Shell have a web page dedicated to the steps it takes against bribery; even lower risk companies such as Tesco PLC have similar pages. See: Group Anti-Bribery policy (tescoplc.com): and Transparency and Anti-Corruption, Shell Global: https://www.shell.com/sustainability/transparency-and-sustainability-reporting/transparency-and-anti-corruption.html ↩
Business population estimates 2021 - GOV.UK: https://www.gov.uk/government/statistics/business-population-estimates- 2021 ↩
It is assumed that companies with less than 10 employees receive no discount, but the discount is as high as 40 per cent for the largest companies. This is consistent with fee schedules on websites offering anti-bribery training, see: https://www.virtual- college.co.uk/courses/compliance/the-bribery-act-2010 ↩
Opportunity cost is defined as the wage rate multiplied by 1.22 to account for non-wage labour costs. ↩
See: https://www.virtual-college.co.uk/courses/compliance/the-bribery-act-2010 ↩
Insight into awareness and impact of the Bribery Act 2010 Among small and medium sized enterprises (SMEs) (publishing.service.gov.uk): https://assets.publishing.service.gov.uk/media/5a809f87e5274a2e8ab5134c/insight-into-awareness- and-impact-of-the-bribery-act-2010.pdf ↩
OECD Data Explorer. Employment by job tenure intervals - average job tenure: https://data- explorer.oecd.org/vis?df[ds]=DisseminateFinalDMZ&df[id]=DSD_TENURE%40DF_TENURE_AVE&df[ag]=OECD.ELS.SAE&dq =.TENURE_EMP.._T._T..A&pd=2015%2C&to[TIME_PERIOD]=false ↩
According to the Business Population estimates companies with more than 500 employees account for 10.6 million employments out of 27 million employed in all UK employer companies, BPE 2021, table 3. ↩
Insight into awareness and impact of the Bribery Act 2010 Among small and medium sized enterprises (SMEs)(publishing.service.gov.uk): https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/440661/insight-into- awareness-and-impact-of-the-bribery-act-2010.pdf - page 5 ↩
As the Bribery Act 2010 did not commence until the middle of 2011 and the survey took place in January 2014, the costs incurred before the interview are likely to relate to the setup of systems. ↩
The procedures included all the relevant cost elements included in the IA calculations. Home Office use mean cost estimates instead of median. This is because all the guidance reviewed suggested that requirements were likely to vary significantly between organisations. For example, the research showed that some companies did not occur any costs whilst some reported annual cost spend in excess of £5,000. PY not mentioned for costs in research but assumed to be 2014/15. ↩
Employment by job tenure intervals - average job tenure OECD: https://stats.oecd.org/Index.aspx?DataSetCode=TENURE_AVE# ↩
https://www.sfo.gov.uk/foi-request/2020-040-bribery-act-2010/ ↩
https://www.sfo.gov.uk/2021/10/04/serious-fraud-office-secures-third-set-of-petrofac-bribery-convictions/ ↩
https://www.sfo.gov.uk/2016/02/19/sweett-group-plc-sentenced-and-ordered-to-pay-2-3-million-after-bribery-act-conviction/ ↩
https://www.sfo.gov.uk/2022/11/03/glencore-energy-uk-ltd-will-pay-280965092-95-million-over-400-million-usd-after-an-sfo- investigation-revealed-it-paid-us-29-million-in-bribes-to-gain-preferential-access-to-oil-in-africa/ ↩
https://www.cps.gov.uk/cps/news/fraudsters-sentenced-million-pound-bribery-and-corruption-coca-cola-enterprises-uk-ltd ↩
Deferred Prosecution Agreements - Serious Fraud Office (sfo.gov.uk): https://www.sfo.gov.uk/publications/guidance-policy- and-protocols/guidance-for-corporates/deferred-prosecution-agreements/ ↩
https://www.sfo.gov.uk/cases/r-v-bluu-solutions-limited-and-tetris-projects-limited/ ↩
https://www.cps.gov.uk/cps/news/first-ever-cps-deferred-prosecution-agreement-ps615-million ↩
First ever CPS deferred prosecution agreement for £615 million, The Crown Prosecution Service: https://www.cps.gov.uk/cps/news/first-ever-cps-deferred-prosecution-agreement-ps615-million ↩
In this context, the Home Office means all organisations that do not meet the criteria to be considered a “large organisation” in the Economic Crime and Corporate Transparency Act 2023 sections 201 to 202: https://www.legislation.gov.uk/ukpga/2023/56/section/202/2023-12-26 ↩
https://lordslibrary.parliament.uk/bribery-act-2010-post-legislative-scrutiny/ : In its assessment of the act, the committee noted that not one witness had “major criticisms” of the legislation. Similarly, the committee stated that overall: “The structure of the act, the offences it created, its deterrent effect, and its interaction with deferred prosecution agreements, are only some of the aspects which have been almost universally praised.” The committee did express a concern at the “slow pace” of bribery investigations, with a number of witnesses criticising the time it had taken for bribery charges to be brought and cases to reach trial. ↩
The Economic Crime and Corporate Transparency Act 2023 explicitly limits the offence of failure to prevent fraud to “large” organisations, that is, organisations that meet two or three of the criteria set out in sections 201 to 202 of the Act. These definitions are not linked to the Companies Act 2006. ↩
Per the Crime Survey for England and Wales, Appendix ,Table 3, fraud constitutes 40 per cent of estimated crime against individuals: https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/datasets/crimeinenglandandwalesappendixtables ↩
The 2024 report on occupational fraud by the Association of Certified Fraud Examiners estimated that median loss to businesses from a fraud case at $145,000: https://www.acfe.com/-/media/files/acfe/pdfs/rttn/2024/2024-report-to-the-nations.pdf ↩
The Economic and Social Cost of Crime 2018 estimates the cost of fraud to individuals at £1,290: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/732110/the-economic-and- social-costs-of-crime-horr99.pdf ↩
Fraud Strategy: Stopping Scams and Protecting the Public, May 2023: https://assets.publishing.service.gov.uk/media/64539087faf4aa0012e132cb/Fraud_Strategy_2023.pdf ↩
Crowe’s Financial Cost of Fraud 2021 estimates that the cost of fraud against UK maybe as high £137 billion: https://www.crowe.com/uk/insights/financial-cost-fraud-data-2021 ↩
It is assumed that companies with less than 10 employees receive no discount, but the discount is as high as 40 per cent for the largest companies. This is consistent with fee schedules on websites offering anti-bribery training, see: https://www.virtual- college.co.uk/courses/compliance/the-bribery-act-2010 ↩
For example, the Serious Fraud Office (SFO) website lists 29 serious fraud cases, some completed, some ongoing. The perpetrators or alleged perpetrators range from individuals, to small companies to international consortia. ↩
For example, in a small or medium company, fewer people are likely to have access to financial information and there are fewer contractors who could, potentially, commit a fraud in scope of this offence. ↩
This means the existing identification principle, prior to the amendments in the Economic Crime and Corporate Transparency Act 2023 (sections 196 to 198) at: https://www.legislation.gov.uk/ukpga/2023/56/part/5/crossheading/attributing-criminal-liability- for-economic-crimes-to-certain-bodies Prior to this amendment, a corporate could only be held responsible for an economic crime if the crime was committed by the “directing mind and will” of the company – something that was difficult to establish, particularly in large corporations with complex structures. ↩
Section 3.69 to 3.72: “Corporate Criminal Liability: an options paper”, Law Commission 2022: https://s3-eu-west-2.amazonaws.com/cloud-platform-e218f50a4812967ba1215eaecede923f/uploads/sites/30/2022/06/Corporate-Criminal-Liability- Options-Paper_LC.pdf#page=55 ↩
The Law Commission report states “Even with a modest expansion of the identification principle this discrepancy would be likely to persist. If, for instance, the doctrine were expanded to allow identification on the basis of the culpability of a single senior manager , there will inevitably continue to be cases in which a small company would be convicted, but not a large company, because it would be inherently more likely that in the small firm senior managers would be closer to the level at which misconduct took place and therefore more likely to have the knowledge needed to fix the company with liability.” Note that this is exactly the amendment that was included in the Economic Crime and Corporate transparency Act 2023 (sections 196 to 198). ↩
RPC proportionality in regulatory submissions – Guidance: https://www.gov.uk/government/publications/proportionality-in-regulatory- submissions-guidance ↩
Fame - Digital Marketplace – Fame is a source of company information in the UK and Ireland: https://www.digitalmarketplace.service.gov.uk/g-cloud/services/279752966611539 ↩
Better Regulation Framework: interim guidance: https://www.gov.uk/government/publications/better-regulation-framework ↩
The Magenta Book (publishing.service.gov.uk): https://www.gov.uk/government/publications/the-magenta-book ↩
“The Bribery Act 2010: post-legislative scrutiny”, House of Lords Select Committee, Report of Session 2017 to 2019, 14 March 2019:https://publications.parliament.uk/pa/ld201719/ldselect/ldbribact/303/303.pdf ↩
For the post-implementation review of the Bribery Act, MoJ conducted a review into awareness of the Act among small and medium enterprises (“Insight into awareness and impact of the Bribery Act 2010 Among small and medium sized enterprises (SMEs) “), published 2015: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/440661/insight-into- awareness-and-impact-of-the-bribery-act-2010.pdf. The offence of failure to prevent fraud only applies to large organisations but assessment of the awareness of the offence and the guidance is important. ↩
A similar approach was adopted in the review above, which asked SMEs whether they had sought professional advice. ↩
Economic Crime and Corporate Transparency Act 2023 (legislation.gov.uk): https://www.legislation.gov.uk/ukpga/2023/56/section/202/2023-12-26 ↩
Fame - Digital Marketplace – Fame is a source of company information in the UK and Ireland:https://www.digitalmarketplace.service.gov.uk/g-cloud/services/279752966611539 ↩
https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1019905/BPE 2021_deta iled_tables.ods ↩
The difference between the two is that in the case of the former the foreign entity benefits from limited liability for any losses incurred by its UK subsidiary. If the foreign entity establishes a branch then any losses related to the branch are the responsibility of the foreign entity. ↩
Companies register activities: 2021 to 2022 spreadsheet, table C1: https://www.gov.uk/government/statistics/companies-register-activities-statistical-release-2021-to-2022 ↩
Better Regulation Framework: interim: https://www.gov.uk/government/publications/better-regulation-framework ↩
Small Business, Enterprise and Employment Act 2015: https://www.legislation.gov.uk/ukpga/2015/26/section/27 ↩
https://www.ncvo.org.uk/news-and-insights/news-index/uk-civil-society-almanac-2021/profile/voluntary-sector-definition/#/. For example, only 0.04 per cent of general charities had income exceeding £100 million and over 44 per cent had an income of less than £10,000. Voluntary organisation size categories in the NCVO data did not map readily to Companies Act 2006 thresholds hence the need for assumption was important. ↩
https://www.informdirect.co.uk/company-formation/community-interest-company-cic-advantages-disadvantanges/ ↩
https://www.mrassociates.org/knowledge-base/specified-accommodation/cat-1-exempt-accommodation/tell-me-more-about- registered-societies ↩
https://www.accountancywales.com/social-clubs/faqs/constitutional/registered-societies-formally-industrial-and-provident- societies/ ↩
https://www.inbrief.co.uk/employees/trade-unions/ ↩

Title:	Introducing a Failure to Prevent Fraud offence covering all large organisations
IA No:	HO 0479 RPC Reference No: RPC-HO- 5197(2)
Other departments or agencies:	Department for Business and Trade, Ministry of Justice, HM Revenue and Customs, HM Treasury, Serious Fraud Office, Crown Prosecution Service and Attorney General’s Office.
Date:	03/10/2024
Stage:	ENACTMENT
Intervention:	Domestic
Measure:	Primary Legislation
Enquiries:	public.enquiries@homeoffice.gov.uk
RPC Opinion:	Green
Business Impact Target:	Qualifying Regulatory Provision

Cookies on GOV.UK

Cost of Preferred (or more likely) Option (in 2019 prices, 2020 PV)

What is the problem under consideration? Why is government intervention necessary?

What is the strategic objective? What are the main policy objectives and intended effects?

What policy options have been considered, including any alternatives to regulation? Please justify preferred option (further details in Evidence Base)

Main assumptions/sensitivities and economic/analytical risks

Summary: Analysis & Evidence, Option 2

Full economic assessment

Estimate of Net Present Social Value NPSV (£m)

Estimate of BNPV (£m)

Costs (£m)

Description and scale of key monetised costs by ‘main affected groups’

Other key non-monetised costs by ‘main affected groups’

Benefits (£m)

Description and scale of key monetised benefits by ‘main affected groups’

Other key non-monetised benefits by ‘main affected groups’

Business assessment (Preferred option)

Score for Business Impact Target (qualifying provisions only) £m:

People and specific impacts assessment (Preferred option)

A. Strategic objective and overview

A.1 Strategic objective

A.2 Background

Failure to Prevent Fraud

A.3 Groups affected

A.4 Consultation

Targeted consultation

B. Rationale for intervention

Evidence that fraud committed by businesses is a problem in the UK

Rationale for the introduction of the failure to prevent fraud offence

Discussion of the choice to restrict the offence to large organisations

Discussion on the choice to include entities that are not companies

C. Policy objective

D. Options considered and implementation

Preferred option and implementation date

E. Appraisal

Entities in scope

General assumptions and data

Costs

Set-up costs

Table 1, Project Team Sizes for Non-training Tasks and team costs [footnote 52].

Table 2, Total Hours by Stage of Non-training Phase, 2022.

Set-up time by stage

Familiarisation costs

Table 3, Total Familiarisation Costs (2024 prices)

Risk assessment

Table 4, Risk Assessment Set-up Costs (2024 prices)

Communications

Table 5, Communications Set-up Costs (2024 prices)

Training

Table 6, Training Set-up Costs, £ million (2024 prices)

Total Set-up Costs

Table 7, All FTPF Set-up Costs, £ million (2024 prices)

Ongoing costs

Risk assessment

Table 8, Ongoing Risk Assessment Costs (PV 2024 prices), Years 2 to 10

Communications

Table 9, Ongoing Communications Costs (PV 2024 prices), Years 2 to 10

Training

Table 10, Ongoing Training Costs, £ million (PV 2024 prices), Years 2 to 10

Total ongoing costs

Table 11, Per Year Ongoing Costs, £ million (Constant 2024 prices), Years 2 to 10

Total costs

Table 12, Total Costs, £ million (PV 2024 prices)

Non- Monetised Costs

Benefits

Non-monetised benefits

Table 13, Summary of Monetised Costs and Benefits, £ million (PV 2024 prices), over 10 years 2023.

Summary of non-monetised benefits

Value for Money (VfM)

Place based analysis

Sensitivity Analysis

Number of Entities which have Sufficient Measures in Place Already

Table 14, Sensitivity analysis of total costs, £ million (PV 2024) as a result of changing the number of businesses that already have measures in place and do not have to implement any changes.

Training Costs

Changes to the Discount Rate for Training

Table 15, Sensitivity analysis of total costs, £ million (PV 2024) as a result of changing the training discount rate

Percentage of Staff That Need to Undergo Training

Table 16, Impact on overall NPSV from Changing the Percentage of Staff who require training

Changes to the Core Team size

Table 17, Changes to the Core Team size reviewing the Legislation (Largest and Large firms)

Table 1, Project Team Sizes for Non-training Tasks and team costs ^{[footnote 52]}.