Mitigating risk under new ‘Failure to Prevent Fraud’ Offence

The new “failure to prevent fraud” offence came into effect on 1 September, introducing fresh risks for financial institutions and other large companies. Under the legislation, organisations face criminal liability if they fail to put in place adequate procedures to prevent fraud carried out by employees or agents for the benefit of the company.

Speaking to Law360 as part of its report into HSBC becoming one of the first banks to harness AI to respond to the new offense, Spencer West Partners Karl Foster and Nabeel Osman emphasised two key areas of exposure for firms: off-channel communications and regulatory reporting.

Karl Foster highlighted the heightened dangers surrounding unrecorded communications through channels such as WhatsApp.

“Off-channel communications potentially expose the firm to the offence of ‘failure to prevent fraud,’ even if there is no fraud committed but just the intention. Firms should limit off-channel communications among other measures to reduce the risk of fraud by employees or agents to benefit the company.”

Foster also noted that the Financial Conduct Authority expects firms to take proactive steps in restricting and supervising such communications. He stressed that failure to act in this area leaves firms open to both regulatory scrutiny and increased fraud risk.

Nabeel Osman turned to the importance of how firms manage misconduct reporting under the new law. He explained that coordinated reporting to both the Financial Conduct Authority and the Serious Fraud Office is now a critical measure.

“Parallel reporting to both regulators demonstrates seriousness and reduces concerns around concealment. Dual engagement can be a pragmatic way to retain dialogue with prosecutors and some control over what might happen next.”

Osman added that while many large banks continue to focus on fraud committed against their organisations, the new law requires equal attention to fraud carried out to benefit them. This blind spot could leave institutions vulnerable if left unaddressed.

Together, the pair underline that compliance with the new offense requires more than technological tools. Strong oversight of staff behaviour and clear, coordinated engagement with regulators will be central to reducing exposure.

Read the full article via Law360 (paywall): HSBC Using AI To Fight Fraud Under ‘Failure To Prevent’ Law