Failure to prevent fraud and corporate criminal liability in the Life Sciences Sector

Economic Crime in the Life Sciences Sector

In 2016, Transparency International[1] identified that pharmaceuticals stood out as a sub-sector that was particularly prone to corruption and noted that there were abundant examples globally that displayed how corruption in the pharmaceutical sector endangered positive health outcomes.

More broadly, in addition to bribery and corruption, the Life Sciences space is vulnerable to all kinds of economic crime, including tax evasion, money laundering, sanctions violations and perhaps most prominently, fraud.

Given that fraud is the most commonly experienced crime in the UK, accounting for over 40% of crime in England and Wales,[2] it is unsurprising that the UK Government's Counter Fraud Functional Strategy 2024-2027 sets out strategic objectives in order to, "…understand, find and stop fraud against the public sector."[3] The Government's Economic Crime Plan (2023-2026)[4] and Fraud Strategy[5] also establish actions public and private sector parties, with an ambition to measurably reduce financial crime. Notably, the government's Cross-Government Fraud Landscape Annual Report 2022 highlighted that in 2020-21, government departments and arm's length bodies reported a total of £124.6 million of detected procurement fraud.[6]

A key part in the government's fight against fraud, is the new corporate Failure to Prevent Fraud offence, as introduced by the Economic Crime and Corporate Transparency Act 2023 ("ECCTA").[7] The aim of Offence is to strengthen the existing anti-economic crime regime and hold organisations accountable for the actions of their employees and agents in a significantly broader set of circumstances.

The New Offence

Under the Offence, large corporations and partnerships will be criminally liable if they fail to prevent those associated with them from committing an economic crime for the benefit of the company. Notably, the said benefit to the company is not limited to financial benefit, but includes non-financial benefits, such as an unfair business advantage or a fraud which disadvantages a competitor. However, a company will not be liable if they themselves are the victim of fraud, something that is widespread in the Life Sciences sector.

For these purposes, an organisation is in scope if it is a 'large' UK company (or foreign organisations with a UK nexus) subject to them meeting two or more of the following: (i) a turnover of more than £36 million; (ii) a balance sheet total of more than £18 million; and/or (iii) more than 250 employees. Notably, the subsidiary of a large organisation, which itself is not a large organisation, can be prosecuted rather than the parent company, if any employee of the subsidiary commits a fraud intending to benefit the subsidiary.

For the purposes of the Offence, it does not need to be demonstrated that senior managers were complicit or had knowledge of the wrongdoing in question, it is sufficient that the fraud was committed for the benefit of the company by an associated person.

In these circumstances, associated persons include, amongst others, employees, agents, subsidiaries, and any persons performing services on behalf of the organisation. The wrongdoing in question includes specified offences under the Fraud Act 2006, Theft Act 1968, Companies Act 2006 and common law offences such as cheating the public revenue; it is a broad range of offences, beyond the common understanding of what fraud represents, and so it is essential that companies consider the full list of offences that are covered by the new offence.

If a corporate is found liable, it faces an unlimited fine, disgorgement or confiscation of the profits from the relevant contract or transaction, loss in shareholder value and reputational damage, alongside the risk of civil litigation, whether brought by shareholders or others. Individual prosecutions may also accompany the prosecution of the company. Whilst sentencing guidelines are yet to be published, it is anticipated that, similar to the precursor legislation and penalties imposed under the UK Bribery Act 2010 ("UKBA"), penalties will be very significant.[8]

Before a company can be guilty of the Offence, the underlying fraud offence must be proven to the usual criminal standard (namely, so that the Court is 'sure' of guilt). If it is proven, then a statutory defence is available to a corporate where the company can demonstrate, on the balance of probabilities, that it had reasonable prevention procedures in place to prevent the conduct from occurring.

How would the Offence play out in the Life Sciences sector?

The Life Sciences Sector is vulnerable to a number of frauds, including product substitution, misrepresentation in clinical trials or data manipulation. Whilst such frauds usually target organisations, there may be scenarios where a company benefits from the wrongdoing, and therefore becomes liable.

For example, a UK manufacturer of innovative healthcare devices, with approximately 1000 employees and a turnover of £45 million, sends its new wearable ECG monitor appliances to be tested at an overseas laboratory. During testing, it is revealed that the wearable monitors do not have a 100% accuracy rate. Knowing that the accuracy of the monitoring is paramount and therefore the appliances would not be eligible for innovation grants, the laboratory manager falsifies the testing data, aiming to fraudulently secure the grants and benefit the UK based client. In this scenario, the laboratory manager is the associated person who commits fraud by false representation, with the intention to cause an unfair gain to the organisation in the UK. As this would constitute fraud under UK law, the laboratory manager could theoretically be prosecuted in the UK, Separately, as the UK based company benefitted from the fraud, it would also be liable for failing to prevent the fraud from occurring, unless it could demonstrate that it had reasonable prevention procedures in place to stop the wrongdoing from occurring.

Organisations in the Life Sciences sector therefore should be aware of those that are carrying out services on their behalf, and how those individuals can expose them to criminal liability for failing to prevent fraud, should the organisation benefit from the wrongdoing.

What do reasonable prevention procedures look like in Life Sciences?

The Offence comes into force at least 6 months Government Guidance on the offence and reasonable prevention measures is published, which will be similar in form to that which accompanies the current failure to prevent bribery regime under the UKBA 2010 and the Criminal Finances Act ("CFA").

Whilst the Guidance was formerly due for publication next month, due to the election it is now anticipated that it will be published in Q3 or Q4 of 2024.

The Guidance is expected to follow six core principles of compliance, similar to the existing failure to prevent regime.

So what will this look like in practice?

1. Proportionality: Given that Life Sciences remains a high-risk sector for financial crime, the organisation's procedures to prevent fraud should be proportionate to the risks they face and to the nature, scale and complexity of their activities. Such processes should be clear, practical, accessible to all staff and effectively implemented and enforced.
2. Top Level Commitment and Tone from the top: The responsibility for the prevention and detection of fraud rests with those charged with the governance of the organisation.  A key element of this would be the provision of a secure and confidential whistleblowing channel so that concerns can be reported, and an independent investigations process for these concerns to be investigated. A disciplinary process should accordingly be put in place for the outcome of such investigations.
3. Risk Assessment: The Life Sciences sector must assess the nature and extent of their exposure to potential external and internal risks of fraud on its behalf by persons associated with it. The assessment should be dynamic, documented, and regularly reviewed. Drawing up a 'fraud prevention plan' and mapping procurement processes and third parties is crucial to ensure that risks are identified and remedied.
4. Due Diligence: The organisation should be able to demonstrate that it applies appropriate due diligence procedures in respect of persons who perform or will perform services for or on behalf of the organisation.
5. Communication and training: Organisations must ensure that their fraud prevention policies and procedures are embedded and understood throughout the organisation through internal and external communication, including training.
6. Monitoring and review: Organisations must regularly monitor and review their procedures designed to prevent fraud by persons associated with it. This includes learning from whistleblowing incidents and learning lessons from within the Life Sciences sector.

Most large organisations within the Life Sciences sector will have already invested a significant amount of time, effort, and resource, in developing their compliance systems, including in light of the new offences and guidance brought in with the UKBA 2010 and the CFA 2017. For those companies, the implementation of reasonable fraud prevention measures should be more an exercise in evaluating what is in place, in accordance with their fraud risk assessment, and making adjustments, rather than making wholesale change. It is clear that no company which has not at least or revisited a fraud risk assessment at all will be considered to have reasonable fraud prevention measure.

Corporate Criminal Liability

Whilst the New Fraud Offence is not yet in force, organisations in the Life Sciences sector should be aware that since 26 December 2023, ECCTA made fundamental changes to corporate criminal law, which represent the most significant change in this area for decades. Organisations can now be liable for economic crime offences through the acts of their senior managers. Historically, corporate criminal liability only arose when criminal wrongdoing was committed by someone who represented the directing mind and will of the company, which in practice was interpreted as a member of the Board or CEO. It is self-evident that the lowering of this bar to 'senior manager' will mean that the misconduct of a far greater range of individuals within an organisation will give rise to corporate criminal liability going forward. A 'senior manager' is defined in ECCTA as someone who manages or plays a significant role in the making of decisions about the whole or substantial part of the company's activities.[9]

The broadening of corporate criminal liability, alongside the impending implementation of the Failure to Prevent Fraud Offence, underlines the importance of organisations, at the very least, assessing their exposure to fraud and other economic crime, and ensuring they evaluate not only who is performing services on their behalf, but also who falls under the definition of 'senior manager' and the company's exposure.

Please contact the Fieldfisher Commercial Crime Team (quinton.newcomb@fieldfisher.com) to discuss any questions arising from this article.