Are your staff trained and ready?
The Failure to Prevent Fraud offence places explicit legal responsibilities on organisations to proactively deter fraudulent activities committed by employees or agents. The law requires all staff to understand the failure to prevent fraud offence and their responsibilities.
What Is the “Failure to Prevent Fraud” Offence?
Introduced through The Economic Crime and Corporate Transparency Act 2023 (ECCTA) 2023, the “failure to prevent fraud” is a new corporate criminal offence (section 199). The law requires big businesses to take responsibility for fraud offenses when their associated personnel, including employees and agents, and subsidiaries commit specified fraud offenses with the goal of benefiting the organisation, unless the organisation demonstrates it had proper fraud prevention measures in place at the time of the offense. The new law follows the same organisational pattern as previous corporate liability statutes, including the Bribery Act 2010 (“failure to prevent bribery”) and the Criminal Finances Act 2017 (“failure to prevent the facilitation of tax evasion”), but expands responsibility to include a wider range of fraud-related offenses.
Coming Into Force – When and Why
The Failure to Prevent Fraud offence is set to become enforceable on 1 September 2025. Organisations are already being urged to finalise their preparations. For example, the Crown Prosecution Service (CPS) and Serious Fraud Office (SFO) recently issued updated guidance to prosecutors preparing for the new legislation, and various firms and legal advisors are stressing the urgency of aligning internal systems accordingly.
Who Is Affected?
The law applies to large organisations, defined as those meeting at least two of the following thresholds:
- Over 250 employees
- Turnover of more than £36 million
- Total assets over £18 million
The legislation provides protection to overseas subsidiaries that belong to corporate groups. Smaller entities may still be drawn in indirectly, for example, if they act as associated persons to a larger organisation, they may need to comply with contractual obligations to help the larger entity demonstrate “reasonable procedures”.
Which Offences Are Covered?
“Base fraud offences” (set out in Schedule 13 of the ECCTA) include a wide range of suspected wrongdoings:
- Cheating public revenue (common law)
- Fraud by abuse of position
- False accounting
- False statements by directors
- Fraud by failing to disclose information
- Fraudulent trading
- Fraud by false representation
- Obtaining services dishonestly
- Participation in a fraudulent business
Defences: Reasonable Procedures
The only way to avoid criminal liability is to demonstrate reasonable fraud prevention procedures. Organisations should create measures based on key principles:
- Top-level commitment
- Fraud risk assessment
- Proportionate, risk-based procedures
- Due diligence for associated persons
- Communication and training
- Monitoring and review
Organisations should adapt these measures according to their size, sector, and risk profile through a risk-based approach, which includes fraud risk assessments, internal controls, targeted training and ongoing monitoring. Documenting these efforts is vital.
Potential Consequences of Non-Compliance
The violation of this offense leads to:
- Unlimited fines
- Severe reputational damage
- Regulatory sanctions
- Possible civil litigation from harmed parties
The Serious Fraud Office (SFO) predicts Deferred Prosecution Agreements (DPAs) will become more common because companies must face these new liabilities. These agreements enable companies to reduce litigation through their cooperation and payment of fines and compliance obligations.
Wider Legal Context & Future Expansion
The new offence represents a part of a wider trend in UK corporate criminal accountability. Economic Crime and Corporate Transparency Act (ECCTA) also introduced the senior manager regime, making companies liable for economic crimes committed by senior managers. Additionally, the Crime and Policing Bill 2025 proposes extending senior manager liability to all criminal offences, not just economic ones, substantially increasing corporate exposure in the future.
Guidance and Resources
Summary
From 1st September 2025 the UK will enforce strict criminal penalties against large organisations when fraud occurs through associated persons, unless they demonstrate proper procedures. The transformation of corporate culture toward proactive fraud prevention requires organisations to implement governance reform and conduct risk assessments. Whilst also having clear policies, providing staff training, and monitoring and maintaining proper documentation.
Author: Carolyn Lewis
22nd August 2025
