Latest updates on the Economic Crime and Corporate Transparency Bill

Progress of the Bill

The Economic Crime and Corporate Transparency Bill continues on its journey through Parliament. The Bill is in the consideration of amendments phase: the last stage before Royal Assent is granted. Although there is no set time period for this stage, it is expected to receive Royal Assent later this year and will immediately become an Act. (Though note that some provisions of the Bill have specific implementation provisions and timeframes.)

Latest amendments

The latest amendments exchanged between the Commons and the Lords can be found here. The key points of contention surround the SME exemption for the offence of failure to prevent fraud, the addition of a failure to prevent money laundering offence, the extension of the identification principle for the prosecution of corporates for economic crimes and the amendments to the Proceeds of Crime Act 2002 (POCA) regarding costs orders in civil claims. We have summarised the key points.

Fraud Awareness at the South West Cyber Resilience Conference

Fraud awareness and businesses' vulnerability to fraud through cybercrime was a particular topic of discussion at South West Cyber Security Conference on 26 September.

This event emphasised the need for stakeholders to continue to be vocal and raise awareness about fraud in the context of cybercrime, as in Baroness Nicky Morgan's words "Fraud is a silent crime: it doesn't bang, bleed or shout."

Fraud which is facilitated through cyber interactions is a mass industry: Rupert Irons of C3iA Solutions reported that if cybercrime was a country it would have the worlds' 3^rd largest GDP; while the ONS estimates that in the year to March 2022, 61% of fraud incidents were cyber-related. Cybercrime is therefore a crucial link to be addressed in tackling the fraud chain.

The main themes highlighted at this conference were:

1. Businesses' vulnerability to cyber fraud (particularly through supply chain weaknesses);
2. Basic cyber security measures which can protect organisations from exposure; and
3. New and anticipated legislation which aims to combat the fraud chain: including the ECCTB, the Online Harms Bill, the Victims Bill and the Digital Markets, Competition and Consumers Bill.

One key takeaway from this session was that while previously a small or medium sized entity may have considered themselves relatively unknown (and so unlikely to be the victim of a cyber-attack,) the reality is that this is no longer the case. Ransomware and other types of attacks have grown into a mass industry, relying on high volume over specific targeting to make money. In the modern technological age, with AI developments making cyber-attacks more sophisticated and tailored, perceived obscurity is no longer a safeguard. Although large institutions may be the ones which make headlines when they fall victim to an attack, this does not mean that smaller organisations are not at risk.

The speakers emphasised the relatively simple cyber-hygiene steps that can safeguard against attacks. These include multi-factor authentication, strong password protections, limiting the access of individual users to critical systems and crucially, back-ups. Paul D'Cruz of Microsoft UK recommended that taking these basic steps could protect against 98% of all cyber-attacks.

Despite the title of Baroness Morgan's keynote speech being "Is the Government doing enough to break the fraud chain?", she and other speakers noted the actions that non-state actors can take in combatting fraud and cyber-security risks. For example, it was noted that cyber-reinsurance could be a new area of market growth as organisations require insurance assistance to recover from an attack. The conference collectively supported the idea of a national fraud awareness campaign - co-ordinated by government – but supported by banks, businesses and insurers to raise the public profile of fraud and cybercrime.

At Foot Anstey, we support these efforts to focus a spotlight on fraud, as part of the South West Fraud Forum.