When Firms Become Criminally Liable for Fraud

What stood out earlier this year when the ‘Failure to Prevent Fraud’ legislation was announced was the range of activities covered by this new law. It included…

  • dishonest sales and trading practices that hide information from consumers, investors and the like;
  • dishonest practices by firms in financial service markets;
  • misreporting on environmental, social and governance related matters;
  • misreporting on the effectiveness of their services.

And in this guidance, the first of the above was re-emphasised to illustrate the practices that the law was taking aim at…

“For example, a salesperson who is on a commission may engage in mis-selling to increase their own commission, but in doing so, they also increase the company’s sales. Even though this is not the fraudster’s primary motivation, the intention to benefit the company can be inferred in this case because the benefit to the salesperson is contingent on the benefit to the company. As a result, the company may be prosecuted for failure to prevent the fraud.”

So straight away, insurers can see how the commission based selling that is widespread across the sector could create exposures for them. After all, certain parts of the sector have form when it comes to mis-selling. Yet it would be wrong to restrict its interpretation of the new law just to sales and marketing. More on that in a minute though.

The Prerequisites

There are a number of prerequisites for firms to become exposed to prosecution under this new ‘failure to prevent fraud’ legislation. One is size (it applies only to large organisations), and there are triggers relating to domicile and subsidiaries. Perhaps the most interesting one though relates to the fraud itself….

“Relevant organisations can be prosecuted if the associated person’s conduct constitutes a base fraud offence, even if the associated person is prosecuted for an alternative offence or is not prosecuted at all. If the associated person has been convicted of the base fraud offence, this can be used as evidence in proceedings against the organisation for failure to prevent fraud. However, if the associated person is not prosecuted, then the prosecution must prove, to a criminal standard, that the associated person did commit the base fraud offence before the organisation can be convicted of failure to prevent fraud.”

Not being a legal person (and so none of this is legal advice), what this says to me is that before a firm can be prosecuted for failure to prevent fraud, the person committing the base fraud must either have already been prosecuted for that fraud, or else the prosecution (of the firm) must prove to a criminal standard that what that person did amounted to base fraud.

Why this dual aspect then? One reason that comes to mind is that individuals who commit fraud have a habit of not hanging around the UK afterwards, preferring instead a sunnier and more reclusive part of the world instead. Their absence is therefore not a hinderance under this new law.

The key thing to bear in mind though is that individuals prosecuted for fraud in relation to any of the practices in the four bullet points above are few and far in-between. I can’t recall any of an insurance person. So does that mean insurers can relax? Not at all.

Those working in financial services will be familiar with the age old statement about historic performance being not indicative of future performance. Just because no one has been prosecuted before doesn’t mean that no one will be prosecuted in the future. If anything, this new legislation is indicative of new expectations around tackling economic crime of any kind.

But We’re Regulated!

The cross over of regulations and legislation like this is referenced in the guidance. The message is clear: a firm’s compliance with sector regulations is not in itself a sufficient defence for this failure to prevent fraud legislation. For sure, such compliance could well help, but it could not in itself be enough.

What sector regulations do bring to any assessment of prosecution risk for insurers is data. The FCA collects a lot of data from individual firms and from across the market. And it is in that data that signals about potentially fraudulent activity are likely to be found. This means then that being regulated actually increases the risk of discovery of any fraud being perpetuated.

Misrepresentation and Dishonesty

It’s obvious that a key aspect of any risk assessment is what exactly falls within the scope of being fraud. And if you take those four bullet points at the beginning of this article, it looks like fraud by false representation makes up a big chunk of what we’re talking about here. Fraud by false representation means something like this...

“…when an individual or business deliberately lies or misrepresents the truth when conducting a transaction in order to make a financial gain for themselves and/or cause a loss to another party.”

Let’s think then of some insurance practices when the prospect of such misrepresentation might be present. Here are five trading practices that a court could well decide are dishonest…

  • commission being paid in circumstances outwith of a fair and transparent conflict of interest framework;
  • claims walking, whereby settlements of common losses are walking down in bulk until the level of complaints increase;
  • claims optimisation, whereby an individual claim is settled according to perceptions about the claimant’s ‘willingness to accept’ (more here);
  • total loss settlements in motor insurance being offered at below the value the customer was entitled to under their policy (more here);
  • selling policies to people who would be unable to claim upon them.

All of these five practices have happened within insurance, and could well still be happening. And bear in mind one key aspect of practices like these: when it comes to claims, the evidence is invariably hard wired into the digital decision systems being used.

 Assessing Ethical Risk

The guidance for the failure to prevent fraud legislation emphasises the importance of conducting a risk assessment in relation to the new obligations…

“…it will rarely be considered reasonable not to have even conducted a risk assessment. Any decision made not to implement procedures to prevent a specific risk should be documented, together with the name and position of the person who authorised that decision.”

So clearly we’re talking here about conducting a risk assessment in relation to key ethical risks: conflicts of interest, fairness, transparency are the obvious ones to begin with. Now I’m sure you have all been doing these, but I would emphasise two things to take care with. Ethical risk assessments (and particularly when it comes to conflicts of interest) can suffer at times from problems with scope and with definitions. That’s because people are either too close to the situation, or not willing to challenge baked in perceptions. This needs to be addressed first.

Dealing with Rationalisations

The guidance also emphasised the important of leadership and culture. And in doing so, they jump straight to a problem I’ve often written about, being rationalisations…

“…fraudsters often rationalise fraud by a variety of techniques:
Focus on the bigger mission (“someone needs to do this to save the business”).
Focus on responsibility (“it was a group decision”, “it’s the auditors’ job to catch this”, “everyone does it”).
Focus on the consequences of the act (“it is not material”, “I am levelling the field”).
Focus on the victim (“fraud is a victimless crime”, “it’s their duty to exercise proper due diligence”).”

When I’ve delivered training on ethical decision making, I often ask how many people have heard the rationalisation “everyone does it” at work. It’s never been less than half of the people present. And these are everyday insurance folk.

So this raises the following questions…

  • does your code of ethics emphasise the challenging of rationalisations?
  • does your firm’s leadership team feel confident challenging rationalisations? Are they confident using the language of ethics for doing so?
  • what happens as a result of a pattern of rationalisations being recognised and challenged? Is there a clear pathway for dealing with this?
  • does your firm’s training programme including the handling of tricky ethical situations, with ethical dilemmas being the most obvious. The guidance talks about this in terms of countering the normalisation of certain fraudulent behaviours.  

What does this add up to?

Look at it this way: why is this legislation needed? It is because attitudes towards mis selling have hardened. This has led to fraud being seen in two ways ; done by dishonesty consumers to firms; and done by dishonest firms to consumers.

So this legislation needs to be seen as tackling not simply fraud, but the misconduct that leads to it. This is why the guidance is surprisingly direct on culture, and on the need to tackle the ethical risks that can permeate it. Firms who undertake ethical risk assessments and training on ethical decision making will find this new legislation fairly easy to comply with. Others have a steep learning curve.

Tell me know if you'd like some independent input into your firm's response to this legislation.