- Mike Miller, Economic Crime Manager, ICAEW
- Alun Milford, Partner, Kingsley Napley
- Alice Bessell, Finance Director, Brown & Bright
Philippa Lamb: Hello and welcome. This is the Insights In Focus podcast. I’m Philippa Lamb. Today we’re discussing the new Economic Crime and Corporate Transparency Act. Now after a challenging route through Parliament, the Act finally received Royal Assent in late October. It promises sweeping changes to Companies House and reporting requirements for SMEs. Crucially, it also covers where accountability will now lie for economic crime. Many of the details are yet to be ironed out. What we do know, however, is that accountants will take on much of the responsibility for delivering these changes. So what do accountants need to know? And just how effective will the Act be in discouraging and punishing illegal behaviour?
To answer those questions, I’m joined in the studio by Mike Miller, ICAEW Economic Crime Manager, and Alun Milford, now a partner at Kingsley Napley and formerly General Counsel of the Serious Fraud Office. And joining us remotely to bring her commercial perspective, Alice Bessell is Finance Director at shellfish suppliers Brown & Bright in Paignton, in Devon. Hello, everyone.
Now just to set the scene. As I mentioned – the road to this point, it’s not been easy. It took a few revisions for the House of Commons and the Lords to agree on the legislation. Mike, what were the sticking points?
Mike Miller: I think there have been a few sticking points. And I guess it’s worth providing some legislative context. There’s been a huge amount of legislation that has gone through in, by Parliamentary standards, a very short amount of time, spurred on by the Russian invasion of Ukraine in 2022. So we’ve had two Economic Crime Acts that have gone through. The second one was largely to address a lot of the holes that were left by the passage of the first Economic Crime Act. The second one really struggled around debates between the proposed introduction of a Failure to Prevent Economic Crime offence, which later morphed into a Failure to Prevent Fraud offence, and was later essentially cut down to only cover the government’s current definition of large organisations.
PL: Alun, can you just tell us what the definition would be there?
Alun Milford: The definition would be, over the course of an accounting year, you have an average of 250 employees over the accounting year, your income or your turnover is £36 million pounds, your assets are £18 million pounds, and you need two of those three in order to qualify as a large organisation.
PL: So Mike, that was a sticking point?
MM: That was one of the sticking points. I mean, Parliamentary ping-pong has played its role in this. There was definitely some resistance, particularly with the House of Lords, but the government did not change its initial compromise position. It didn’t actually propose to introduce any of these offences initially. The fraud offence was a compromise with the cross-party back benches to essentially get this legislation through in that session of Parliament. And it was put in place in such a way that it was designed to have minimal burdens on business, at least according to the government, and hence the non-inclusion of SMEs within it.
PL: Now much of the Act… it’s going to need secondary legislation, isn’t it, to fill in the details? Are we going to see more dispute about this in Parliament?
MM: The secondary legislation shouldn’t be overly challenging, I don’t think, in terms of what is actually being proposed around verification and company filing. There are obviously some complications around government promises for reviews of effectiveness and thresholds and various things that we may see debated, especially in such a fraught political year coming up to an election. But we’re hoping that the secondary legislation gets introduced in a timely manner, because until we see the exact wording of the detail, our members’ general businesses are not really in a position to put the measures in place that would satisfy the law.
PL: Yes, absolutely. Alun, based on your Serious Fraud Office experience, what’s your analysis of the broader intentions here, the government’s intentions on countering fraud?
AM: Specifically with regards to the amendments to the way in which companies are fixed with liability as well as the introduction of the Failure to Prevent Fraud offence, I think is part of a broader understanding that with the rights and responsibilities that companies have in the civil law, they also come with responsibilities in the criminal law as well. And so far as the verification requirements are concerned, I think it’s part of a related but perhaps separate trend to understanding that capitalism works better with transparency, that if you understand with whom it is you are doing business, that’s probably a better business environment.
PL: Would it be fair to say it’s also like shifting the burden of cost to the private sector?
AM: That’s about the manner in which the transparency comes in, but the concept of transparency within business is essentially cost neutral, it’s just how that transparency is interjected into the system, and who does the verification work. That’s the question.
PL: Well, we’ll talk about that. But let’s look at the provisions of the Act. There’s a lot in it. We’re going to focus on the most significant changes today. I’d like to start actually with the reforms to Companies House, because they are major, aren’t they? A lot of things are going to be different at Companies House. Mike, can you just talk us through the headlines there?
MM: Yeah. So I think the major ones that are going to affect the business system more generally are the changes to verification, and the need to reach that higher level of verification that hasn’t really existed within Companies House for quite a long time. The register is notoriously exploited by nefarious actors, whether it be criminal gangs or other actors engaging in economic crime. And so the verification, I think, is really a good intention to try to improve the level of transparency there.
There are also some changes around filing requirements for small and medium-sized enterprises. There’s the introduction of the Register of Overseas Entities, which is currently in force – that came into force earlier this year. There has been some reporting that a lot of companies that were required to register have, in fact, done so. But we haven’t really seen feedback on the level of quality of the information that has been provided, and it remains to be seen actually what effect this is having so far. I’m hoping that there will be some analysis done on this in the future. And there are different areas around trust requirements and other specific accounting terms.
PL: Just looping back to the small companies, that’s a requirement to file both profit and loss accounts and director’s reports, that’s new?
MM: That’s correct, yes.
PL: So these changes, they are going to dramatically increase the responsibilities of Companies House, aren’t they, as a government agency? It’s going to be expensive, isn’t it?
MM: I guess there’s a couple of ways of looking at it. In order to get the level of resource in place, it’s going to require a significant uptick. But that takes time, it takes upskilling, it takes investment, and it’s not currently clear where that investment is going to come from. Slightly increasing the cost of registering a company is unlikely to generate the level of revenue that would be needed to make this a cost-neutral exercise for government. They’re going to have to put some more resource into it.
PL: Do you have any sense of how much, because presumably, as you say, it’s a huge change management programme? It’s going to take years. IT, I imagine, is going to be an enormous investment?
MM: I think the back-end IT system has been worked on for a while, so that’s currently something that is going through. The real question will come in the division between how much is done in-house in Companies House and how much is actually done by what are called Authorised Corporate Service Providers (ACSPs), of which many accounting firms can potentially take on that service, although we advise some risk management features around that, for the verification legality perspective.
And just to touch on… when this first came into Parliament, I got the impression that there was an expectation that government was going to really take the lead in providing this service as the in-house company verification. And to me, there seems to have been a little bit of a realisation of the resource implications for actually doing this, and particularly retrospectively looking at the companies that are already on the register, of which there are many, many, many false ones.
MM: So going through that, and actually getting everything up to the standard… I think going forward. and providing these verification services for new companies is one thing; going back and making sure the register is actually consistent and reaches the same standard is going to be something else. And it’s going to really depend on this balance between how much they try to do in-house and how much they try to outsource.
PL: Yes. Alun, this provision of verification services, that’s looking like a vexed point, isn’t it? Because there’s a real legal liability there for service providers?
AM: Well, quite. And that also has plainly a chilling effect on their willingness to step into the market and undertake that work. Businesses are able to subsist without undertaking that work. I think they’ll probably continue and the verification activity will have to be done in-house.
PL: So there won’t be enough service providers, you don’t think – external service providers?
AM: I think that’s a real risk. Professionals aren’t wildly keen about taking on additional work at risk of criminal liability. It’s not a very attractive proposition.
PL: What are accountants saying to you, Mike?
MM: This is a bit of a continuation of the theme that we saw with the Register of Overseas Entities. The verification around that is slightly more complicated because they’re overseas jurisdictions, so you would need more expertise, language capabilities, local cultural knowledge, etc. But we saw very few, particularly of our larger firms, willing to take on that particular service. And if they did register with Companies House in order to provide the service, that was generally to provide it for an existing client with whom they had a relationship. And so the level of potential risk was not the same as taking on a new client, certainly to verify their identity. And I think this is something that… we are seeing our larger firms register as ACSPs and there are certainly people with interest in doing so, but the challenges remain. It may well be the case that new clients are more difficult to acquire this service, because while they will offer it for their current clients with whom they have trust in an established relationship, taking it on with the level of legal liability is certainly a question mark.
And I think, something I’ve mentioned previously, and that we’re going through in ICAEW is this need for AML supervision, so anti-money-laundering supervision for an ACSP. Now, this has the risk of providing some sort of false assurance, because to be an ACSP you essentially have to register for AML supervision, and also guarantee that you will provide the verification services to the same standard as Companies House. We will see what that standard is through secondary legislation. But AML supervision does not reach the same threshold as verification. So to say, okay, I’m supervised by the ICAEW, does not guarantee that your verification work is to the standard that would be required for Companies House. So that is a potential hole in the system.
PL: Alice, I’m interested to know what you think about this. Obviously, it’s all new. How confident are you, based on what you’ve heard so far, that you’re going to be able to navigate this new system?
Alice Bessell: I think for businesses that are genuine, the ID verification, for example, should be fairly straightforward, which is good. But the thing that I am most concerned about, I guess, is the rollout of the order that Companies House is going to put these changes in, because as everyone has alluded to, I think there will be quite a resource gap in the beginning. So are they going to start by going backwards over all of the old companies? Or are we going to just start from new companies and go forward? Because as a small business, I don’t even know when I’m going to be hit with these changes. Obviously they come into force immediately, and whenever Companies House ask me to verify my identity, I would be happy to do so. And any legitimate company would have had to do something very similar for the anti-money-laundering regulations. So I don’t envisage that being so much of an issue.
PL: Alun, the Act also introduces a Failure to Prevent Fraud offence. Now this makes the business criminally liable if an employee or a third party acting on its behalf commits external fraud. How significant is this?
AB: I think that’s actually a very significant addition to the suite of corporate offences. By way of background, the model of Failure to Prevent first came into the English legal system 12 years ago, 13 years ago, with the passing of the Bribery Act, which certainly in legal circles attracted a blaze of publicity and resulted in quite a lot of compliance work being done. The key point being that whilst criminal liability attaches for a Failure to Prevent, there is a defence under bribery for a company which has adequate procedures and in respect of the fraud offence for a company which has reasonable procedures or such procedures as are reasonable to have if it’s reasonable to have any procedures at all. So it’s a more nuanced point. But both offences carry with them an active incentive to look at your anti-bribery, anti-fraud measures. And it seems to me an attempt to drive a compliance culture around the prevention of financial crime within corporates.
PL: So this is all about demonstrating that you’ve done everything possible?
AM: It’s about putting in place reasonable procedures. In respect of the Failure to Prevent model, every time that has been introduced into the system, the legal system, there has been a duty on the government to give guidance about how the adequate or reasonable procedures should be cast. Simply guidance is not a dictate. It’s not like money-laundering regulations, but it’s guidance. And each time the guidance is very clear that the procedures have to be proportionate. And that is… pound to a penny that will feature large in the guidance which is going to be given in respect of the Failure to Prevent Fraud offence.
PL: So just to be clear, is this an issue for large companies, or is it going to catch SMEs as well?
AB: Well, plainly, at the minute it’s simply going to be large organisations. So I say organisations because it’ll cover partnerships too, but let’s understand, caveating it and then continuing with the word companies, you’re looking at the larger organisations defined at the beginning of our conversation, and you’re looking at companies who in and of themselves meet that definition. And you’re looking at groups, so parent company with subsidiaries, and the whole of the economic structure of the parent company and the subsidiaries taken as a whole.
PL: What about supply chain?
AB: In terms of supply chain, it’s going to be a question of the way in which they feature in the large company’s anti-fraud prevention procedures. It’s not an obligation on… there is no immediate legal risk to a small company on Failure to Prevent Fraud because it doesn’t meet the definition of large companies.
PL: But might large companies impose that on their supply chain?
AB: There is plainly a possibility of that. It depends on how the guidance is framed. And it depends on the general risk assessment which the company will run in respect of its business as a whole. Supply chain due diligence is quite a thing in respect of modern slavery, for example. So to the extent that big organisations step back and look at doing compliance in a cohesive way, then possibly.
PL: Alice, can you see your company getting caught in that loop?
AB: Not at the moment. It’s hard to say without having the reasonable procedures detailed, because I haven’t dealt with any of the other Failure to Prevent and I don’t know what the timeline is on how soon they’re going to even release those procedures. Hopefully that will be quite quickly, so then it will filter down. Once you see what the reasonable procedures are, even as a small business you could have a little look over them and see what potentially could affect you. But without having those reasonable procedures in place, I feel like it would almost be guesswork at this stage.
PL: Yes, quite understandably. There is a lot to understand here, a lot of change. Clearly this is going to affect a lot of ICAEW members, isn’t it, and their businesses, Mike? What’s the advice for them?
MM: We’ve always advised that companies large and small have adequate anti-fraud policies and procedures in place. And to Alun’s point, I hope that this produces some sort of cultural shift to actually upskill and make sure that there’s training and procedures are in place to try to reduce fraud, because fraud is really a plague on the UK business environment at the minute. Particularly on the measures, I think as Alice says, we are waiting to see the proportionality set out within the guidance. We’re hopeful that the guidance is going to come into some sort of draft form fairly soon. What’s not clear is what potential implementation period might be associated with that before it actually comes into law. As Alun said, it is very likely to follow a similar pattern to the Failure to Prevent Bribery and Tax Evasion guidance systems.
There’s a bit of concern amongst ICAEW members that the Failure to Prevent Bribery guidance is very high level, so it doesn’t really touch on real-world case studies or potential scenarios. So certainly, we’ve been running quite a few working groups and sessions to get feedback from members on what they would like to see from the guidance, how they think their business can be put in the best position to either support others with putting measures in place and they themselves with their internal controls.
And because there are so many different potential scenarios that this could affect when you look at supply chain, so you look at subsidiaries or you look at the fairly loose definition of some of these relationships, there is a real push from ICAEW members and from business in general, I think, to get some real-life examples within this guidance so that that can actually give them something to say, within their organisations, this is what we should be doing in this ideal scenario.
PL: Yes. As you say, if firms only need to take a proportional approach, presumably based on their size or their exposure to risk? I mean, what does that mean?
MM: Yes, the definition of proportional… It is very clear that a small company should not need to put in the same level of complexity of controls as a Big Four accountancy firm, of course. But even by this definition of a large company, it covers a very, very wide range of what could be considered a large company. This covers something that you may not necessarily identify as a behemoth company all the way up to large banks and large technology companies with multi-billion dollar turnovers. This idea of proportionality is certainly something that’s going to have to be clarified a bit.
Just to very quickly touch on the supply chain issue… we have seen in, particularly other industries when even though there’s no legal requirement for businesses further down the supply chain to necessarily comply to the letter of the law with what affects either a prime contractor or a larger company, often for the ease of subcontracting these are essentially forced, or at least to a certain degree forced, upon the smaller companies for the larger company’s own assurance.
PL: What’s your feeling about that, Alice?
AB: It’s tricky because some of my small businesses already have good procedures in place and systems like that, because they are genuinely very good, well run companies. And I think if you have those links to those bigger companies, you’re very likely to have those procedures in place already, which is excellent. I think it’s going to affect the businesses that aren’t so well run a lot more – the ones that don’t have bigger links with large companies, or the ones that aren’t part of a group and don’t have that larger corporate structure to follow. I think that it’s quite good that the Act doesn’t immediately bring them in, because it gives ICAEW a chance to set out some proper guidance that perhaps small and medium standalone entities will be able to follow to put those improved systems and controls in place.
PL: Alun, just looping back to that thing we mentioned earlier about this is a shift in messaging from government, from culture to enforcement. What I’m wondering is how has the bribery legislation played out? Have we seen convictions there? Has that achieved that purpose?
AM: We have seen convictions, we’ve seen guilty pleas, and we’ve seen a conviction after a trial. But the way in which the legislation has been used most often has been in connection with deferred prosecution agreements. And without turning this into a podcast about legal history, the Bribery Act was accompanied into the statute book with a piece of law which created deferred prosecution agreements, ways in which corporates could reach – or a prosecutor could reach – a settlement.
PL: So that was a clear intention?
AM: Yes, absolutely, it was. And it was quite transparent at the time that the legislation came in, the two pieces of legislation coming in at the same time, as part of a movement to look at how companies were dealt with within our criminal justice system. So yeah, absolutely overtly linked in policy terms.
PL: Would you say it’s achieved its objective? Has it shifted the culture around bribery, even though we haven’t seen that many prosecutions, have we?
AM: No, we haven’t. But yes, I would say that it had an effect, a real effect. Because the sight of companies going before a court, having their activities exposed, was obviously not palatable to other companies. It has an impact on the way in which they view risk. And it drove the creation of a compliance industry around anti-bribery and corruption. And the analogy which you may draw is the introduction of drink-drive legislation in the 1970s, which was not uniformly enforced but over time has radically changed the culture and understanding of what is and what is not socially appropriate. This is part of a movement, I think, to look at the role of corporates and the extent to which, when doing business, they are going to be held accountable within the criminal justice system as much as they are for breach of contract in the civil system.
PL: Okay. Now, the last major provision of the Act we’re going to explore, today at least, is the extraction of corporate liability for all economic crimes perpetrated by senior executives. So, Mike, what does that mean? And how is it different from Failure to Prevent Fraud?
MM: Well, it covers a much wider base than Failure to Prevent Fraud, although Failure to Prevent Fraud would be covered by the change of the identification doctrine. So perhaps Alun can best explain.
PL: And what is a senior manager?
AM: Well, actually, if I could just give it a context, which is that the ordinary rule in English law is that a company is a person and a person can commit a crime. The question is how it is that a company is found to commit a crime. And there’s a rule of attribution: you attribute to the company the actions of a human being. And over the course of the last 100 years, we’ve seen the court sort of calibrate the dial on exactly who is caught by that. And what has happened this year is that Parliament has stepped into the arena and said that we are now going to define who is caught by that. So, the rule as from Christmas this year, will be that a company has attributed to it the actions of a senior manager.
PL: And what is a senior manager?
AM: A senior manager is a person who plays a substantial part in the organisation or management of the company or in taking decisions about the organisation and management of the company. So we are looking at people, indeed not necessarily board directors… and it’s a definite shift away from the rule made by judges, which is that actually what you need to do is look at the constitution of the company and understand within the company who it is within the company is authorised as a matter of corporate governance authoritatively to speak and act on behalf of the company.
PL: Quite complex.
AM: It is quite complex. And that’s, I think, one of the reasons why… I know that’s one of the reasons why Parliament stepped in and said, right, now we’re going to just look at people who act within the scope of their actual or apparent authority – that’s the expression in the statute. They are people who take decisions about how a substantial part of the business operates. And that’s going to be a question of fact, and I can see that there’ll be lots of scope for arguments when it comes to court. But I think we all agree in the legal profession that this will be a broader pool of people operating within a company who can bind it.
PL: Yes. That’s worth recognising.
AM: It is worth recognising. And what it means is that at the same time as we have this offence of Failure to Prevent Fraud which we’ve discussed – that’s one form of liability – at the same time, if you have a senior manager themselves committing an offence of fraud, then the company can be held directly criminally liable for that fraud. So it’s a separate additional offence. So when Mike mentioned the additional list of offences of economic crimes which can be committed in this way, well, yes, absolutely. It just means that in respect of all those offences committed by senior managers, companies can now be held criminally responsible for them.
PL: So that might be… I’m sorry, Alice, to say this, but that might be someone like Alice, presumably? Not for a moment suggesting that you might perpetrate anything inappropriate, Alice. Just as a senior executive.
AB: Yes, and as an accountant, looking at it from an accounting legislation perspective, for example FRS 102, I wondered if you thought the definition would be similar to that of key management personnel, which is a phrase I much more understand as an accountant, which is very similar? It’s ‘those persons having authority and responsibility for planning, directing and controlling the activities of the entity, directly or indirectly’. It says, it doesn’t necessarily mean the board of directors. I feel like it’s a very similar definition, but I don’t know what your thoughts are on that – if that phrase, which as an accountant, for me is recognisable?
AM: The answer will be, that definition doesn’t count. For the purposes of attribution, you have to go to the Act, and you have to look at the definition of senior manager. So you’re looking at whether they’re acting the scope of their actual or sensible authority, and you’re looking at whether they are responsible for the organisation and management of the whole or a substantial part of the business, or in taking decisions about the organisation and management of the whole or a substantial part of the business. That’s all we know, at the minute. And we’ll see what the courts say.
PL: Is that helpful, Alice?
PL: You can listen to it again on the podcast as many times as you need to, Alice, to understand what what he said to you.
AB: I think, in either definition, I think I would fall under that, yes.
AM: I think there’ll be an area of overlap. But the point is, you’re always going to have to look at what the statute actually says, this statute says. But the reality is that for many people in SMEs, the law was actually probably able to catch them in any event, because SMEs being smaller, more compact organisations, the people who sit at the top of the organisation generally get involved in the company’s operations. And historically, it’s been easier to fix SMEs with corporate criminal liability. It was the larger companies who it was harder to find a route through to corporate criminal liability for, and who really were impacted by the introduction of the Failure to Prevent model.
PL: Mike, shall we just reprise the likely impact of the Act in its broadest sense? What does ICAEW make of the Act as a whole?
MM: Broadly, we welcome the Act. I think a lot of these measures and provisions – in both of the acts, actually, transparency enforcement and corporate transparency – over the last couple of years have been a long time coming. It’s a bit of a shame that it required a war in Europe to provoke the inclusion of some of these within legislation and get it up that sort of parliamentary timetable to actually come into practice.
The proof is always in the pudding with legislation. A lot of the intention around these measures is very good, particularly Companies House, which in real life, beyond political talking points and making headlines in terms of the actual financial ecosystem, then Companies House changes, if they are implemented in the way that the intention is, should make a big difference. It will put more requirements and liabilities on companies, particularly around some of our members in accountancy, and accountants by definition tend to see quite a lot of the business, so there is always this scope for better cooperation, I would say, between public and private sector to actually work together to deliver this, because we’ve talked around Failure to Prevent Fraud and calculated so many different types of offences and different severity and different damages that we’re actually in a very good position to actually be able to identify some of these and work together with law enforcement and other authorities to put the measures in place.
Everything is welcome in terms of making the ecosystem more robust and being able to identify some of these nefarious transactions and economic crime that are taking place, but it is very much going to be dependent on the willingness to follow through, to deliver good secondary legislation, to put resource in place and to hopefully get this cultural shift where there are… not necessarily the stick approach, but we should have these procedures in place for things around fraud, for example, to actually reduce the attractiveness of the UK.
PL: Thanks, all. Fascinating discussion. There is clearly more to come on this. We’ll revisit the subject as the blanks are filled in.
You can read more about the Act and keep up to date on developments in economic crime by visiting the Economic Crime hub on the ICAEW website. You’ll find the link to that in the show notes to this episode.
Looking ahead, the next two episodes of the Insights podcast will be coming to you directly from the COP28 Climate Summit in Dubai. Join ICAEW Sustainability Director Richard Spencer and a panel of expert guests as they discuss the key developments from the conference and their impact on the accountancy profession.
Thanks for being with us today. And if you’re finding these podcasts useful, please do subscribe to the series. And that way you’ll never miss an episode.
Can’t make this out. It’s at 27:47