New fraud prevention legislation coming into force on 1st September could catch many creative agencies and tech companies off guard. Sadie Rice, Senior Associate, and Kate Develly, Solicitor at Gateley Legal, explain why businesses with over 250 employees or £36 million turnover need to act now to avoid unlimited fines and reputational damage under the Economic Crime and Corporate Transparency Act 2023.
We have been working closely with companies across the North and there’s one piece of legislation that’s flying under the radar: the new failure to prevent fraud offence, coming into force on 1st September.
It’s one of the most significant ramifications of the Economic Crime and Corporate Transparency Act 2023 (ECCTA), which was introduced following growing concerns about money laundering, fraud and other financial crimes.
From 1st September, large organisations can face criminal liability if an employee, agent (including freelancer), or subsidiary commits fraud intending to benefit the company – even if the founders or senior team had no idea it was happening. The only defence is proving you had ‘reasonable’ procedures in place to prevent fraud.
Many assume this only affects traditional corporates, but the reality is quite different.
Are you caught by these rules?
You might be surprised. You’re a ‘large organisation’ if you’re a UK company that meets at least two of these criteria:
- More than 250 employees
- Turnover exceeds £36 million
- Total assets exceed £18 million.
A number of tech companies easily hit these thresholds. If you’re part of a group structure – increasingly common given the current consolidation in the industry – the rules become even more complex.
You could be a successful creative agency with 300 members of staff across Manchester and London offices, or a SaaS company that’s grown to £40m ARR. Either way, if you meet two of the three criteria you’re absolutely within scope of the new legislation.
Real-world scenarios
Some examples of how businesses could fall foul of these new rules include:
Fraud by abuse of position
The payroll department of a tech company diverts employee pension contributions to benefit other projects within the company. This is an abuse of position – the payroll department was entrusted to make those pension payments. The company may be prosecuted for failure to prevent fraud if its procedures are unsatisfactory.
Fraud by false accounting
A media agency wants to attract investors. To do this, the head of accounts deliberately inflates the company’s profits. The aim is to make the business look more attractive to investors. The company may be prosecuted for failure to prevent fraud if its procedures are unsatisfactory.
What we are advising clients to do
The government guidance talks about ‘reasonable’ procedures, which is frustratingly vague for an industry that likes clear specifications. However, we are helping our clients prepare with sector-specific approaches:
- Risk assessment for creative businesses: We’re looking at unique risks like inflated campaign metrics and client billing practices. Tech companies face additional risks around user data, growth metrics and revenue.
- Modern policy development: Creating fraud prevention policies that actually work for fast-moving creative and tech environments – not corporate handbook templates that gather dust.
- Improved training: Implementing training programmes that speak the language of creative and tech professionals, using real scenarios they might encounter rather than generic compliance modules.
The Northern creative and tech advantage
Rather than seeing this as regulatory red tape, the smartest agencies and tech companies are viewing it as an opportunity to professionalise their operations and stand out when pitching to enterprise clients.
Major brands and corporates are increasingly scrutinising their supplier base for governance and compliance standards. Having robust fraud prevention procedures could become a competitive differentiator when pitching to FTSE 100 companies or international clients.
The government guidance is clear about penalties: organisations face unlimited fines if convicted. But more importantly for creative and tech businesses, the reputational damage could be devastating.
The offence applies even if:
- Senior management had no knowledge of the fraud
- The fraud was unsuccessful
- The primary motivation was personal gain (as long as the company also benefited).
The only defence is proving you had “reasonable” procedures in place to prevent fraud at the time the offence was committed. The burden of proof is on your organisation, on the balance of probabilities.
This isn’t about stifling innovation and creativity – the agencies and tech companies that embrace these changes will be the ones that can confidently pitch to any client, knowing their house is in order.
If you’d like to discuss how these changes might affect your creative agency, tech startup or marketing company, or if you want to explore what reasonable fraud prevention procedures might look like for your specific business, please don’t hesitate to get in touch.
