Speed read: The proposal to impose a mandatory duty to report fraud on financial institutions seems like a useful additional data source for law enforcement, but the measure mirrors the pre-existing duty to report money laundering closely. The latter is a well-established compulsory reporting requirement imposed on a wider range of institutions which, if applied properly, might be thought to render the new proposal unnecessary.
There is a significant trend towards public-private sector financial crime information sharing within the UK regulatory framework, such as that led by the Joint Money Laundering Intelligence Taskforce (JMLIT), an intelligence-sharing partnership between financial institutions and law enforcement. There is also information sharing situated within the criminal framework, seen most prominently in the duty to report a suspicion of money laundering on anyone operating within the regulated sector. Within this approach fraud has been specifically addressed in the Serious Crime Act 2007, which designated a small number of private corporations as specified anti-fraud organisations with data sharing responsibility.[1]
Carrying this forward the Treasury Committee report in October 2019, Economic Crime: Consumer View, proposed the following:
“the Government should require all frauds to be reported regardless of their size, and whether or not a financial institution has reimbursed a consumer.”[2]
This was proposed in light of a growing dissatisfaction with Action Fraud and a haphazard approach to reporting fraud among financial institutions. In response, the Government pledged to consider introducing the duty to report fraud. Action Fraud as the recipient of all fraud reports enables the centralised collection of data, as was explained to the Committee.[3] Many frauds are reported in an effort to affect law enforcement but it was found that financial institutions who quickly resolve an instance of fraud do not report, resulting in uneven data. Given that data collection is Action Fraud’s key purpose, this is unhelpful. The benefit of a mandatory duty to report fraud would be to augment this crime prevention effort. But a substantive analysis of the current landscape questions whether this proposal is necessary.
The inference is that the reporting requirement would operate similarly to the duty to report suspicions of money laundering within the Proceeds of Crime Act 2002 (POCA) insofar as it would be mandated by statute. Within the money laundering regime, s330 POCA imposes on those in the regulated sector a duty to make a suspicious activity report (SAR) where there is suspicion of another’s involvement in money laundering activity. The duty is strong: s330 is framed in the negative as a criminal offence and there is a particularly wide offence of being concerned in an arrangement which gives rise to a suspicion of money laundering. Crucially, the all-crimes approach to predicate offences of money laundering is the widest iteration of the offence that could be adopted. It recognises that criminal property arises from any offence and therefore renders money laundering a frequent consideration for the regulated sector. As such, fraud as criminal activity gives rise to criminal property where any money arising from or involved in it is transferred, concealed or held. It follows that suspicions of fraud would also give rise to money laundering concerns. This should precipitate, assuming a properly used system, comprehensive reports of fraud under the s330 duty.
On this view, a separate duty to report fraud would be redundant, at least for those working in the regulated sector. A SAR would effectively be lodged wherever there was a suspicion of fraud, because any activity with money suspected of originating from fraud would be money laundering. Additionally, only financial institutions were mentioned in the report for targeting with the mandatory duty, but they fall within the much wider regulated sector for the money laundering reporting duty, meaning a broader pool of fraud reports would be caught by the latter. In these circumstances it is surprising that the money laundering reporting mechanism was not mentioned in the Treasury Committee’s report or the Government’s response. This may indicate a deeper lack of cohesion in financial crime responses, which exacerbates the gap between regulatory supervision and law enforcement identified by RUSI.[4]
Interestingly, there is one instance in which the duty to report fraud could be wider than the money laundering duty: where the predicate offence for money laundering is an inchoate offence of fraud. Here it seems that, for example, an attempted defrauding of a bank account would be reported under the proposed duty whether or not money was taken. The duty to make a SAR in this case may not arise because, although inchoate offences are not a bar to money laundering implications, there may be cause for the regulated entity to not report on the basis that there is not yet laundered property. Though the proposal did not expressly consider this, its principal reason for suggesting the duty was to catch the attempted frauds which are remedied by the bank so quickly that a report to Action Fraud seems unnecessary. This is an advantage but whether it renders the proposed duty necessary is to be balanced with the money laundering overlap and practical considerations.
It could be argued that the report of fraud directly to the police, through Action Fraud, serves their investigatory efforts better than information mined from the NCA’s AML reports. The practical effectiveness of any new duty is doubtful, however, given the entrenchment in compliance practices of SARs. Conversely, the problem with the current system is too much, or worse duplicated, information. The Law Commission’s 2019 report on the SARs regime noted the unworkable volume of reports, often of low quality. The Law Commission expressly contemplated the duplication of information also submitted to Action Fraud in its assessment of factors indicating poor quality SARs, and noted that it was unlikely to be beneficial to have duplicate reports sent to Action Fraud and the NCA. [5] The criticisms of Action Fraud render any duplicate information unlikely to aid effectiveness.
On balance, the burdensome duplication of information would seem to outweigh the benefits in missed reports from attempted frauds and direct reporting to Action Fraud. The use of the private sector in law enforcement has a limit, considering particularly the financial cost of compliance. The most logical approach would be to encourage more accurate reporting within the existing framework, meaning careful thought is needed before taking this proposal any further.
[1] The Serious Crime Act 2007 (Specified Anti-fraud Organisations) Order 2014, s2
[2] Treasury Committee, Economic Crime: Consumer View, Third Report of Session 2019, 22 October 2019 [100]
[3] Ibid [98]
[4] RUSI, The Role of Financial Information-Sharing Partnerships in the Disruption of Crime, Maxwell and Artingstall, RUSI Occasional Paper, October 2017, p6
[5] Law Commission, SARs regime, para 2.14
