Airey: ‘Fraud by silence’ also a risk
Large law firms that overbill their clients or make false environmental and diversity claims could be prosecuted under new legislation coming into force next Monday.
Simon Airey, partner at McDermott Will & Schulte, described the new ‘failure to prevent fraud’ offence in the Economic Crime and Corporate Transparency Act 2023 (ECCTA) as a “complete and utter gift” to the Serious Fraud Office, and said there was no reason why law firms would not be prosecuted.
The offence, which comes into force on 1 September, makes large organisations criminally liable if an ‘associated person’ commits fraud intended to benefit the organisation, and the organisation lacked ‘reasonable’ fraud prevention procedures.
An ‘associated person’ would include associates and trainees, agents of the firm and subsidiaries.
Large organisations are those which meet two out of three criteria: more than 250 employees, turnover exceeding £36m and a balance sheet total exceeding £18m.
Mr Airey said the new offence also applied to large foreign law firms, such as his own, with offices in London which by themselves would not qualify – McDermott is headquartered in the US.
Thomas Jenkins, of counsel at City firm RPC, said a particular risk area was billing and time recording, and law firms “should be alive to risks arising from fee-earners over-recording time”.
For example, “if a fee-earner deliberately inflates or rounds up time entries, this conduct could trigger liability for the firm, even if the matter partner is entirely unaware of it”.
Mr Airey said that as well as overbilling, misrepresenting a firm’s green credentials or diversity record to win clients could be regarded as fraud.
It could also include “fraud by silence”, for example deliberately not notifying a client about a data breach in order to stay instructed.
To protect themselves, law firms must “engage in proper risk assessments”, which “honestly and frankly” assess the risk of acting, particularly in high-risk areas like conveyancing. They must “design and tailor” policies to meet those risks.
Mr Jenkins said assessments should “identify specific vulnerabilities, such as weaknesses in billing processes or gaps in oversight”, and based on the findings, firms might need to strengthen internal controls.
“It is likely they would benefit from running training for employees on fraud risks and red flags. Firms may also look to update their existing codes of conduct, financial crime, and whistleblowing policies to ensure all fraud risks are covered.”
Both solicitors pointed out that smaller law firms could be prosecuted under ECCTA through what Mr Airey called the “senior manager regime”, a part of the Act which came into force at the end of 2023.
Under this regime criminal liability extends beyond board members to anyone who meets the statutory test of being a ‘senior manager’. Mr Airey said that in a law firm this includes heads of department and heads of functions like HR or finance.
A “tiny law firm” in the UK could be “infected” by the behaviour of one of its senior managers, just as a senior manager of a US law firm in the UK could “infect” the whole firm.
Mr Jenkins said the senior manager regime covered many of the same fraud offences as the failure to prevent fraud offence.
“Under this test, if a senior manager of a law firm commits fraud while acting within the scope of their authority, the firm can be held criminally liable.”
Mr Airey said the new legislation would result in McDermott being “pretty busy” as it helped businesses assess their fraud risk.
“This is not ordinary compliance work. It is based on difficult principles of criminal law and it is fundamentally a legal exercise. It can’t be done effectively by ordinary compliance professionals.”
Mr Airey described ECCTA as “the biggest change ever in corporate criminal liability”, giving the authorities “the ability to do things” that had previously been denied to them.
He said there was no reason why law firms should not be prosecuted, particularly if a senior manager was involved.
Rhys Novak, partner at Charles Russell Speechlys, added: “There will a sea change in many organisations from only thinking about stopping frauds from external parties aimed at damaging the organisation, to also stopping frauds by employees, agents and others that may benefit the business.
“Many people are comparing the guidance to the Bribery Act guidance released years back, but it’s hard to compare, as bribery is easier to define and understand, whereas fraud isn’t.”
He said “any suggestion” that companies can just roll out policies similar to their UK Bribery Act policies “is going to be misplaced”.