UK Law and Practice Contributed by: Ben Morgan, Ali Sallaway, Matthew Bruce and Emily Knight, Freshfields
telecommunications networks and services. It is intended to be used as a reference in informa- tion gathering and the monitoring of network and service resilience when engaging with commu- nications providers and the wider industry, and as a starting point for illustrating compliance as part of any enforcement activities. An issue arising from crisis management that is likely to become progressively relevant is man- aging misconduct risk during a crisis, or a crisis arising from misconduct. Two pivotal reforms under the Economic Crime and Transparency Act 2023 (the Act) have driven this issue to the top of the lists of potential risks. As a result, busi- nesses are overhauling their systems and con- trols to manage misconduct risk. • First, the announcement of a new Failure to Prevent Fraud (FTPF) offence that will come into force on 1 September 2025. To address the threat of fraud enabled by or on behalf of businesses, the FTPF offence will hold “large organisations” to account where associated persons commit a fraud offence intending to benefit (whether directly or indirectly) the organisation, any subsidiary and/or the organ- isation’s client. It is a strict liability offence but there is a defence to show that there were reasonable prevention procedures in place to prevent fraud, or that it was not reasonable in the circumstances to have such procedures. Given the importance of prevention proce- dures to provide a defence, including in an emergency, organisations are now updating their fraud prevention strategies to ensure adequate safeguards exist to tackle fraud. • Secondly, the Act has extended the attribu- tion doctrine to allow corporations to be held liable for the conduct of senior managers in a wider range of circumstances. Consequently, corporations are more closely examining the
corporate crime risks posed by the actions of senior management, especially during a crisis. The publication of further guidance, the work of the government units and the responses to recent reform proposals will likely bring the issue of crisis management to the forefront of the agendas of public and private bodies. The prac- tical experience gained in the forthcoming years is expected to provide greater clarity on the likely direction of travel of the legal landscape govern- ing crisis management – is it proving fit for pur- pose, or will the government favour more robust regulation? 1.2 Key Sectors Impacted by Crises The government annually reviews serious risks facing the UK, to develop its National Risk Register report. The most recent reviews have concluded there are nine overarching areas of risk, which include cyber, natural and environ- mental hazards, and societal risks. These areas are expected to be at the heart of anticipated proposals to address crisis management in the future, and there will be prescriptive require- ments for addressing crisis management in key sectors providing essential public services. Several disruptive IT incidents in the financial sector have led to a raft of requirements aimed at improving technological and operational resilience within the sector. The Financial Con- duct Authority (FCA) and Prudential Regulation Authority (PRA) have developed requirements on how financial services firms can improve operational resilience and protect the wider sec- tor from disruption. Under the rules, firms are required to: • carry out regular mapping and testing; • identify important business services;
131 CHAMBERS.COM
Powered by FlippingBook