Protecting the double corporate victim of fraud

February 2025  |  SPECIAL REPORT: CORPORATE FRAUD & CORRUPTION

Financier Worldwide Magazine

February 2025 Issue

With fraud representing over 40 percent of all reported crime in the UK, there is a real risk that at some stage those in the financial services sector will be the victim of financial crime.

However, for those firms authorised and regulated by the Financial Conduct Authority (FCA), or companies that fall under the new ‘failure to prevent fraud corporate offence’, there is a double whammy of an investigation into the corporate’s own anti-fraud controls.

Falling victim to corporate fraud is a terrible experience and could possibly lead to a corporate insolvency event. But to then be subject to a regulatory or, worse still, corporate criminal investigation can leave a company feeling like it has twice been the victim of fraud.

Understanding, mitigating and self-policing the financial crime risks can protect a company and its board from both the direct and indirect effects of financial crime.

Assessing financial crime

To first assess the financial crime risk, companies need to understand the types of financial crime they face. Only once a board understands its financial crime risks can it mitigate these with proportionate systems and controls, internal auditing and, importantly, training and tools for staff so they can protect themselves from the risks.

The breadth of financial crimes is significant, and includes: (i) fraud (the embezzlement of the corporate’s funds or worse still its customers’ funds, or the theft of a firm’s intellectual property and data); (ii) money laundering (where a corporate is used to wash ‘dirty money’ through the laying or integration of the proceeds of crime); (iii) market misconduct (from criminal insider dealing, through to market abuse and manipulation); (iv) bribery and corruption (making or receiving bribes to win or retain business); (v) circumvention of financial and trade sanctions (to navigate the complex web of international sanctions law); (vi) tax evasion (facilitating tax evasion for customers and counterparties); and (vii) price fixing and competition cartels (conspiring with others to fix prices and corner the market).

These risks are ever evolving as professional fraudsters and money launderers look for new ways to target the unwary. As established UK banks can field divisions of anti-financial crime specialists, investigators and advisers, the proficient fraudster and launderer looks for less well-resourced victims.

For these career criminals, this activity is their full-time job – highly remunerated and presenting a lower risk of detection and prosecution by UK law enforcement agencies. A professional money launderer and enabler is well prepared to lose money to launder money, as the dirty money to be laundered has not been earned through hard work, but through the personal misery of the victims of crime and those caught in the unforgiving cycle of drug dependency.

One of the greatest risks of fraud is the internal fraud by the disgruntled, greedy or desperate employee, manager or consultant, who steals from the company. Corporates are well versed in the warning signs and reg flags, but many overlook these to their detriment, until all of a sudden, a significant fraud is discovered.

Domino effect of a fraud

Once a fraud is discovered, many boards become immersed, if not overwhelmed, by the circumstances. The correct firefighting drill is to stop the fraud, rather than immediately investigating how it occurred, to shore up the corporate’s solvency and liquidity and work with UK law enforcement agencies.

The UK has a patchwork of law enforcement agencies and regulators engaged in combatting corporate financial crime. At the tip of the spear are agencies such as the Serious Fraud Office (SFO), the National Crime Agency (NCA) and City of London Police, to the blade edges, the FCA, and the Office for Financial Sanctions Implementation, as well as intelligence gathering and filtering agencies like Action Fraud. Each has its own powers, remits and agendas.

Many agencies are completely overrun with reports of fraud and misconduct and must therefore triage these. A well-considered report of fraud, explaining in lay terms how the firm operates, will greatly assist officers. While many officers are experts in finance and insurance, the nuances of a company – its funding, structure and products – may be unique to officers’ experience. A company should also explain how it thinks the fraud or act of corruption has occurred, and who is involved.

Although such information is incredibly helpful to law enforcement agencies, there is a risk with a corporate conducting an internal investigation of ‘trampling on the crime scene’, a term used by both the SFO and FCA, or even prejudicing a criminal investigation, which in some circumstances is a criminal offence.

While there is an inherent tension between the stated wishes of law enforcement agencies that companies do not contaminate the potential crime scene of a fraud with their own investigation, companies can take measured steps to stop fraud, including administrative and disciplinary action against employees and contractors, recovery steps for the loss of revenue and, importantly, to salvage the corporate’s public reputation and customer relations. Boards also need to report the fraud to their external auditors, bankers and insurers.

External auditors face their own regulatory scrutiny if their audit client is the victim of a fraud. Consequently, in the last few years, external auditors have refused to sign off an audit or impose qualifications unless the firm that has been the victim of fraud can satisfy its own auditors that the board has adequately investigated the fraud or misconduct.

Such a situation can delay the finalisation of an audit, which, in turn, can place significant pressure on a board’s relationship with its bankers and funders, jeopardise pending merger and acquisition activity and expansion plans, as well as affect the renewal of the corporate’s insurance policies – such as fidelity commercial insurance and, for the board members, directors’ and officers’ insurance.

Setting out the steps the corporate intends to take to investigate the fraud will never be fully endorsed by law enforcement, but it does give the relevant agencies reasonable opportunity to request that data be secured and stored in a particular format, and may accelerate how law enforcement approach their own timings to an investigation.

If a corporate does commence an internal investigation, perhaps using external legal advisers, a potential tension occurs over the legal status of any report prepared by external lawyers, as the report may well be subject to legal professional privilege, which would be waived by disclosure of the report and its findings to law enforcement agencies.

Double whammy

Mitigating the risk of a regulatory or even criminal investigation into a company’s anti-fraud systems and controls requires pre-planning and evidence that the firm has assessed its fraud risk, and then designed and implemented such policies and procedures to counter that risk in a proportionate manner.

Even if the company then fell victim to fraud, it would have evidence that it had taken reasonable steps or procedures to counter the risks. This would go a significant way in persuading law enforcement not to take corporate criminal action, or – in the case of the FCA – hard-edged enforcement action.

As UK law enforcement faces ever-increasing demands for its resources and personnel, companies can assist by taking proactive steps to limit their own exposure to fraud, as well as protecting themselves from unnecessary regulatory scrutiny.

 

Richard Burger is a partner at WilmerHale. He can be contacted on +44 (0)7545 100 510 or by email: richard.burger@wilmerhale.com.

© Financier Worldwide

BY

Richard Burger

WilmerHale

©2001-2025 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.