Understanding who qualifies as an associated person is fundamental to compliance, yet many organisations struggle with applying this broad definition in practice.
How to identify Associated Persons within your organisation's ecosystem
Under Section 199 of the Act, an organisation commits an offence if an associated person commits a fraud offence intending to benefit the organisation, or any person to whom the associated person provides services on the organisation's behalf. The only defence is demonstrating that the organisation had reasonable procedures in place to prevent such fraud.
An associated person is any individual who performs services for or on behalf of the organisation, regardless of formal employment status or contractual relationship. The test focuses on functional reality rather than legal characterisation. The question is not what the relationship is called, but what the individual or a third party does in practice.
Key categories of Associated Persons
Employees and Workers
All employees, including permanent, temporary, and agency workers, are associated persons.
Directors and Officers
Both executive and non-executive directors, company secretaries, and other officers fall within the definition. Their fiduciary position and decision-making authority make them particularly significant from a risk perspective.
Agents and Intermediaries
Individuals acting as agents on behalf of the organisation present particular challenges. Sales agents, commission-based representatives, introducers, and other intermediaries who generate business or facilitate transactions for the organisation are associated persons when performing those functions.
The key consideration is whether the individual is genuinely acting on behalf of the organisation in their dealings with third parties, rather than as an independent counterparty.
Contractors and Consultants
Independent contractors and consultants performing services for the organisation are associated persons during the period of engagement. This includes IT contractors, professional advisors acting in an implementation capacity and specialist consultants embedded within business operations.
The distinction between purchasing services from an independent professional (such as external legal advice) and engaging someone to perform services as part of your operations is crucial. The former may not create an associated person relationship, while the latter typically does.
Subsidiary and Group Personnel
Employees of subsidiaries are associated persons when performing services for or on behalf of the parent organisation.
Joint Venture Partners and Consortium Members
Individuals within joint venture vehicles or consortium arrangements may be associated persons depending on the structure and their role. Where a joint venture operates as a separate legal entity providing services on behalf of a parent organisation, personnel within that entity should be assessed as potential associated persons.
Third-Party Service Providers
This category requires particularly careful analysis. Suppliers providing discrete services in an arm's-length commercial relationship are generally not associated persons. However, third parties who are integrated into the organisation's service delivery model or who represent the organisation to customers may cross the threshold.
Consider a technology company that white-labels a partner's software to its own customers. The partner's employees involved in delivering that service to the technology company's customers are likely associated persons, as they perform services on behalf of the technology company to those end clients.
Practical considerations in identification of Associated Persons
The "Services Test"
The central question is whether the individual or the service provider "performs services" for or on behalf of the organisation. This is assessed broadly and includes any activity undertaken in connection with the organisation's business, not merely core business activities. Services can include support functions, administrative tasks, business development and operational activities. The more integrated the individual or the service provider is into the organisation's operations or decision-making, the more likely they are to be associated persons.
Intention and Control
While not determinative, the degree of control the organisation exercises over how services are performed is relevant. Greater control suggests a stronger associated person relationship, though the absence of direct control does not necessarily exclude the relationship. The individual's understanding of whether they are acting on behalf of the organisation is also relevant, though not conclusive. Marketing materials, communications with third parties and operational practices that suggest the individual represents the organisation all support classification as an associated person.
Conduct Comprehensive Mapping
Systematically map all individuals who might perform services for or on behalf of your organisation, including direct and indirect relationships.
Assess Borderline Cases
For ambiguous relationships, consider the nature of services provided, integration into operations, representation to third parties and commercial purpose. When in doubt, the prudent approach is to treat the individual as an associated person and apply appropriate preventive procedures.
Document Your Assessment
Record the rationale for classification decisions, particularly for non-obvious cases. This demonstrates systematic compliance and supports regulatory scrutiny.
Implement Dynamic Reviews
The population of associated persons is not static. New relationships form, existing relationships evolve and business models change. Organisations need processes to identify new associated persons as they emerge, reassess existing relationships when their nature changes and remove individuals from the associated persons population when relationships end.
Key trigger points for review include onboarding new suppliers or partners, structural changes such as acquisitions or joint ventures, modifications to service delivery models and significant changes to individual roles or responsibilities.
The failure to prevent fraud offence represents a fundamental shift in corporate criminal liability. The broad definition of associated persons means organisations face exposure from a wide range of relationships. Accurately identifying who falls within this definition is the essential first step in building an effective compliance framework.
Organisations should approach this as a systematic, documented and dynamic process integrated into broader risk management. The preventive procedures required will vary based on the role, responsibilities and fraud risk associated with different categories of associated persons.
The stakes are significant. Organisations found liable face unlimited fines, reputational damage and potential debarment from public contracts. Investing in a robust process for identifying associated persons is essential to operating responsibly in the modern regulatory environment.
Get in touch with our compliance specialists
Identifying Associated Persons is a critical first step in responding to the Failure to Prevent Fraud offence. Our specialists can support organisations in mapping associated persons across complex operating models and designing proportionate fraud prevention procedures.
Disclaimer
This article is provided for general information purposes only and does not constitute legal or professional advice. The content reflects the position as at the date of publication and may not reflect subsequent developments in law or practice. The failure to prevent fraud offence and its application to specific circumstances involves complex legal and factual considerations that require professional advice tailored to your organisation's particular situation.
Readers should not act or refrain from acting on the basis of this article without seeking appropriate professional advice specific to their circumstances. No responsibility is accepted for any loss occasioned to any person acting or refraining from action as a result of material contained in this article.
