This note is directed at non-executive board members and invites them to consider whether their role as governance guardians is keeping pace with contemporary challenges to the lawful, ethical and ultimately successful management of organisations.
In our recent post about the Economic Crime and Corporate Transparency Act 2023, we described its overall purpose as including deterring criminals seeking to further or hide their illicit activities through the concealment or manipulation of company ownership, and the falsification of associated data and reporting.
Section 199 ECCTA 2023 creates a new offence where a public or private sector organisation fails to prevent fraud committed by its employees or ‘associates’ (agents) which is intended to benefit the organisation. Relevant frauds could include over-valuing the company when it is being considered for sale, over-stating green credentials to enhance product sales, mis-representing product performance data, or improperly diverting or delaying pension payments to support other company activities.
The new crime is a strict liability offence unless the corporate body can demonstrate that it had taken reasonable steps to prevent fraud, and Section 204 requires the Government to produce guidance about what constitutes a fraud prevention process. Amongst proposals included in draft guidance is the effective use of internal whistleblowing (aka ‘speaking up’) that enables employees and workers to raise relevant failings.
So, ECCTA 2023 is about criminalising fraud within an organisation intended to benefit that organisation. In contrast, another contemporary governance challenge – insider threat management – involves reckless, careless or deliberate action by an employee or worker which harms an organisation, for example through theft or loss of data, or disruption of operational activity. Again, an properly implemented whistleblowing policy, procedure and process can play an important role in detecting insider threats.
Whether countering fraud intended to benefit the organisation, or insider threats, it is often important that whistleblowing arrangements include an independent element. Although there is an extensive range of ‘prescribed persons’ outside organisations to whom whistleblowers can make a disclosure, whistleblowing law is structured with the expectation that internal options should be tried first, except where there is reasonable belief that those responsible for internal arrangements are compromised through complicity in the wrongdoing or failings, or have ignored, or will ignore the disclosure.
If ever incentive was needed for active and appropriately challenging governance by board members, the advent of ECCTA 2023 and the challenges of insider risk are it. There is an especially important role here for non-executive directors and senior independent directors in providing that informed and independent governance contribution that can help protect organisations from the new ECCTA 2023 offence of failing to prevent fraud, and insider risks. The challenge is whether the notionally independent members of boards are sufficiently independent to be effective, and are inducted, trained and have the experience to ask the right questions, acquire reliable information, and assure organisational responses. Recent scandals and tragedies suggest that there are grounds for reflection by those in such positions. Whilst non-execs will draw on a retinue of tools and tactics, internal whistleblowing is a good place to start as it takes non-execs to the very heart of corporate culture – often the battleground of potentially good and bad outcomes but where transparency is needed most.