ISSUE 53 Expert Witness Journal - Journal - Page 46
It is likely that the government’s guidance will follow
the “six principles” recommended by existing statutory guidance for failing to prevent bribery or the
facilitation of tax evasion.
Project plan: a project plan should be developed
which will determine the scope of the review – for example, whether group wide or limited to specific subsidiaries or divisions, geographies, or key projects – ,
as well as the timeline, and budget for the project. It
would be reasonable for businesses to start by conducting an overarching group level review before conducting deeper dives at a business unit or country
level.
The six principles are:
l top-level commitment;
l risk assessment, documented;
l proportionate procedures;
l due diligence;
l communication and training;
l monitoring and review.
Stage 2: the risk assessment – planning, execution
and review
Having a documented risk assessment is likely to be a
key pillar of the reasonable procedures defence. The
focus of the risk assessment is the risk of associated
persons of the organisation engaging in the prescribed
economic crimes to benefit the organisation, the
group, or its customers, rather than the risk of internal fraud against the organisation.
Why is this significant?
The failure to prevent offence may come into force on
publication of the guidance or shortly thereafter.
The six principles are well known but need to be
adapted in their application to this new wide-ranging
offence.
Planning and execution: the risk assessment needs to
identify where the risks might exist – the inherent risk
– and what existing controls are in place. The existing
controls should operate to manage and reduce the
level of inherent risk, enabling the business to identify
the residual risk. This will allow a decision to be taken
on whether enhanced controls are required to reduce
the residual risk further.
Responding to the failure to prevent economic
crimes offence
There are no compliance duties under the failure to
prevent economic crimes offence, but many organisations will wish to be in position to avail themselves of
the reasonable procedures defence. This will lead to
contractually imposed warranties down supply chains
requiring organisations to have in place reasonable
fraud and economic crime prevention procedures.
Existing risk assessments and reviews: a starting point
for a risk assessment is to consider what other relevant
risk assessments are already in place for the failure to
prevent the anti-facilitation of tax evasion, failure to
prevent bribery offences, money laundering and
modern slavery. These risk assessments are likely to
contain useful content for informing a broader economic crime risk assessment. Businesses may also have
reports and data on other reviews relating to tendering, contracting, and the effectiveness of financial
controls which are likely to be informative.
It is therefore recommended that organisations have
a reasonable procedures project plan. There are three
stages to such a plan.
Stage 1: initial planning phase
Top level commitment: 'top level commitment' will
likely be a key principle of the reasonable procedures
defence. The instigation of a project to develop reasonable procedures should have board or relevant
committee/senior manager support with appropriate
resources allocated to the exercise and any risk assessment and recommendations being reviewed and
approved at a high level within the organisation. Meeting minutes should be kept, recording the board/committee approval and support of the project.
Internal audit reports/past compliance review:
internal audit reports and previous compliance reviews
are often a useful source of information to collate and
review when considering the effectiveness of the control
environment. A point to check is whether findings and
recommendations were followed through.
Forming a project team: depending on the size and
structure of the business, to manage the project effectively, establishing an internal project delivery team
will be helpful. For larger businesses, the team may
comprise compliance, financial crime, and legal representatives. External legal or professional support is
recommended to bring expertise and outside perspective to the exercise. Organisations may also wish to
consider the application of legal privilege to the risk assessment exercise to protect sensitive findings from
disclosure – this would require the taking of legal
advice before commencing the review work.
Whistleblowing/speak up reports/disciplinary investigations: reviewing any past reports of suspected or alleged fraud, theft or other economic crimes would also
be helpful. This information will be found in past disciplinary investigations and whistleblowing management information.
Workshops: workshops with relevant personnel to
identify how economic crimes to benefit the business,
the group or its customers could materialise is recommended. Relevant personnel are likely to include:
Training for the project team: understanding the
underlying offences to which the new laws apply will be
informative to the review work. The project delivery
team should receive training on the corporate criminal
attribution reforms and the new failure to prevent economic crimes offence and the predicate, underlying,
offences prior to commencing the review work.
EXPERT WITNESS JOURNAL
l executive directors and business division leaders –
what is their assessment of the business culture? What
risk areas/activities do they consider would benefit
from being reviewed? Are there any profit enhancement strategies that should be reviewed? What can
they point to by way of top-level commitment to the
prevention of economic crimes to benefit the business?
44
F E B R UA RY 2 0 2 4