• SP
Choose your location?
  • Global Global
  • Australian flag Australia
  • French flag France
  • German flag Germany
  • Irish flag Ireland
  • Italian flag Italy
  • Polish flag Poland
  • Qatar flag Qatar
  • Spanish flag Spain
  • UAE flag UAE
  • UK flag UK
  • SP
Choose your location?
  • Global Global
  • Australian flag Australia
  • French flag France
  • German flag Germany
  • Irish flag Ireland
  • Italian flag Italy
  • Polish flag Poland
  • Qatar flag Qatar
  • Spanish flag Spain
  • UAE flag UAE
  • UK flag UK
Back to Articles

People and culture: The first line of defence to fraud

04 December 2024

The Home Office recently published its guidance on the soon to be implemented “failure to prevent fraud offence” (FTPF Offence). The guidance confirms that the offence will come into force on 1 September 2025, in addition to providing practical tips for organisations looking to refresh their fraud risk management frameworks.

Reading in between the lines of the guidance, is the importance that people and culture play as the first line of defence in preventing and detecting fraud. Although it is signposted, the role of people and a strong corporate culture are not formally codified in the guidance, and there is an implicit reliance on both as tools in managing fraud risk.

The FTPF offence

Introduced as part of the Economic Crime and Corporate Transparency Act (ECCTA) 2023, the FTPF Offence is the third piece of legislation under which corporates can be found criminally liable, following the failure to prevent offences for bribery and facilitation of tax evasion which were introduced under the Bribery Act 2010 and Criminal Finances Act 2017 respectively.

Similarly to the offences for bribery and tax evasion, the FTPF Offence puts the onus on organisations to implement ‘reasonable procedures’ to prevent fraud. The guidance states that the fraud prevention framework to be put in place by relevant organisations should be informed by the following six principles:

  1. Top level commitment
  2. Risk assessment
  3. Proportionate risk-based prevention procedures
  4. Due diligence
  5. Communication (including training)
  6. Monitoring and review

People and culture play a critical role across all six of these principles. Organisations need to adopt a top-down, bottom-up change management approach that will nurture an open culture, a high level of psychological safety and a degree of vigilance through which fraud can be prevented. Key corporate values such as integrity, transparency and fairness will need to be integrated and consistently promoted to deliver desired behaviours and the right business outcomes. 

As such, organisations will need to create an underlying values-based people strategy that (1) engages (2) educates and (3) empowers their people to align espoused and actual behaviours with regards to fraud risk, and reinforces ethical decision-making that will embrace each of the six principles outlined above. 

(1)    Engaging your People

Firstly, organisations must actively engage their employees, spreading awareness of the requirements of the Offence so that employees know that it is their responsibility to be vigilant in identifying and managing fraud risk. Engagement can take a variety of forms, but a starting point that is recommended in the guidance is implementing clear communication and an endorsement of the organisation’s stance on preventing fraud at all levels.

This should include a commitment to rejecting fraud, articulation of the consequences for those found to be in breach of the firm’s fraud policy, and profiling key individuals within the organisation that are responsible for the development and implementation of the organisation’s fraud prevention procedures. 

Engagement is a two-way process. The ability to ask questions, seek clarification, consult with colleagues and enter in to an open and honest dialogue is key to effective engagement. It is not just a top-down approach.  We call this a ‘climate of voice.’ Further, organisations should implement a communications campaign to spread awareness and understanding of the Offence, its requirements, and the organisation’s response to it. In doing so, employees will receive regular reminders of their own responsibilities in respect of managing fraud risk that will encourage accountability and ownership, whilst organisations can point to the campaign as an example of reasonable fraud prevention procedures.

(2)    Educating your People

Secondly, employees need to be aware of the different fraud risks and the controls and procedures in place to mitigate these risks. Fraud prevention training needs to be targeted to individuals, rather than generic, with consideration given to ensure that training is proportionate to the risk faced in each area of the business. A training needs analysis which maps roles and responsibilities to fraud risks will deliver this targeted and preventative approach.

All fraud prevention training provided to employees should reflect the corporate values and the desired behaviours of the organisation to support ethical decision-making and help to prevent fraud. It should always include guidance on the organisation’s whistleblowing policy and the various reporting lines to escalate any fraud concerns based on a transparent and robust process that engenders a high level of trust and belonging.

(3)    Empowering your People

Lastly, to ensure that fraud prevention procedures are effective, organisations must seek to empower their people to have confidence and a high level of trust in their leaders and the supporting procedures. A crucial step towards empowering employees is for leaders to build and foster a culture in which employees feel safe to report their fraud concerns. By building a climate of voice, as outlined above, and giving employees the knowledge they need and fostering a high degree of psychological safety, leaders create an environment in which employees do not fear using their voice to express concerns or to act in response to any misconduct.

Further, organisations must consider how disciplinary procedures are applied in respect of fraud; examples of selective impunity or retaliation against whistleblowers will create a culture in which some employees feel that they can commit fraud without punishment. As such, organisations must stick true to their word and ensure their zero-tolerance appetite remains as such. Without such role-modelling of integrity, it will be hard to convince any employee to use their voice, without fear or a sense of futility.

The three Es approach – engage, educate and empower

The three Es together create a values-based ethical framework that acts as a tight, cultural mosaic to underpin a robust fraud risk-resilience strategy. It forms an effective first line of defence against fraud, often perceived as the weakest link. This approach optimises the ability for organisations to address the six principles of the FTPF Offence outlined above, over and beyond that of policies and procedures, through the power of knowledge, skills and the mindsets of people. 

This is the sweet spot to aim for; where the alignment of your people and desired behaviours is hardwired into your day-to-day workplace operations and the fraud risk management response. 

How DWF can help

In addition to designing, implementing and enhancing fraud governance frameworks, the DWF Sustainable Business & ESG advisory practice has extensive experience in activating and embedding strong compliance cultures throughout organisations. Our top-down, bottom-up approach to business transformation ensures that all employees understand the organisation’s expectations of them, and how they can prevent fraud.

We can provide:

  • External workplace culture audits to stress test organisational culture and the level of resilience to fraud risk as a preventative first line of defence;
  • Fraud risk assessments to identify potential fraud risk exposure and recommendations for remedial action;
  • Risk-based training needs analysis and design of a fraud-risk tailored training programme integrating corporate values and internal policies and procedures; and
  • Independent effectiveness reviews of your fraud risk policy and fraud risk management framework in light of the upcoming FTPF Offence requirements.

We would like to thank Kurun Bhandari for his contribution to this article.

Related Authors

Tracey Groves

Tracey Groves

Head of Sustainable Business & ESG

 

Related Sectors

Related Services

Further Reading

Revolutionising construction: The impact of AI and Smart Contracts
Insights
Revolutionising construction: The impact of AI and Smart Contracts 18 Dec 2024

Aine McGuinness explores how AI and Smart Contracts are transforming construction by automating tasks, enhancing efficiency, and reducing risks. She also addresses challenges like high costs, legal compliance, and the need for skilled personnel.

 
The FCA's Multi-firm review of Consumer Credit firms and Non-Bank Mortgage Lenders: a step towards enhanced prudential risk management
Insights
The FCA's Multi-firm review of Consumer Credit firms and Non-Bank Mortgage Lenders: a step towards enhanced prudential risk management 18 Dec 2024

Following the FCA's Multi-firm review, published 23-October 2024, the FCA has laid out its expectations that firms should no longer expect to rely on the regulatory minimum approach to capital and liquidity requirements, in a move that will likely lead to increased capital and liquidity requirements for some CONC and MIPRU firms.

 
DWF welcomes Warsaw team from Hogan Lovells
Press release
DWF welcomes Warsaw team from Hogan Lovells 17 Dec 2024
DWF, the global provider of integrated legal and business services, is delighted to announce the addition of three partners to its Warsaw office, effective from 1 January 2025. Beata Balas-Noszczyk, Tomasz Grygorczuk and Bartosz Romanowski, along with their team are set to join from Hogan Lovells.