Businesses to face new failure to prevent fraud offence

23 May 2025 | posted in Corporate and business law

This insight is part of our Legal Business News | Spring 2025 series. Explore the full series at the end of this piece.

From 1 September 2025, an organisation can be held liable for a failure to prevent fraud if a specified fraud offence is committed by an employee, agent or associated person for the organisation’s benefit. Benefitting the organisation does not need to be the sole or primary motivation for the fraudulent activity. For example, fraudulent activity that benefits an organisation’s clients will also be caught.

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) introduces a significant new corporate criminal offence: the failure to prevent fraud. These new rules come into force on 1 September 2025. Understanding the implications of this new offence is crucial for businesses to ensure compliance and protect their reputation.

What does the ‘failure to prevent fraud’ offence cover?

ECCTA provides a list of different fraud offences covered by the new offence. These include false accounting, fraud by false representation and obtaining services dishonestly. The fraud itself does not need to have a financial element. Such activities as making misleading environmental, social and governance (ESG) claims to obtain investments or to boost sales, or falsifying checks on employees’ ability to work in the UK could also constitute offences.

Organisations cannot evade responsibility by claiming ignorance, as it will not be necessary to prove that senior management ordered or was aware of the fraudulent activity. If an organisation can show that it had reasonable fraud prevention procedures, it will count as a defence. Organisations found guilty of any ‘failure to prevent fraud’ offence will receive an unlimited fine.

The corporate offence will only take place if the person commits a fraud offence while acting in the capacity of an associated person (for example, an employee providing services in their capacity as an employee). Fraud that takes place outside this capacity, for example in the person’s private life, does not give rise to corporate liability.

Who will this affect?

The offence applies to all large organisations and partnerships that meet two of the three criteria below in the year before the date of the fraud:

more than 250 employees;
more than £36 million turnover; and
more than £18 million in total assets.

If a corporate group collectively meets the above thresholds, the parent company will be considered a large organisation, regardless of where the organisation is headquartered or where its subsidiaries are located.

Impact on overseas headquartered entities

Although the legislation requires a ‘UK nexus’, meaning the fraud takes place in the UK, or the gain or loss occurs in the UK, overseas businesses need to be aware of the implications. After 1 September 2025, overseas headquartered organisations can also be prosecuted for this offence.

For example, where a UK-based employee of an overseas entity commits a fraud, the employing entity could be prosecuted, regardless of where that employer is based. Similarly, if an overseas employee or associated person of an overseas organisation commits fraud in the UK, or targets victims in the UK, the organisation could be prosecuted.

Subsidiaries of overseas-headquartered entities that are large organisations also need to be aware of the offence. If a subsidiary operating in the UK commits a fraud offence for the benefit of its overseas parent company, the subsidiary or the parent company could potentially face prosecution under the ECCTA, even if the subsidiary itself is not a large organisation.

Failure to prevent fraud guidance

Overseas entities that qualify as large organisations and conduct business in the UK or have UK subsidiaries or UK-based employees should ensure that their fraud prevention measures are robust and compliant with the ECCTA. Additionally, all relevant persons must be given appropriate training before 1 September 2025. By taking these steps, overseas-headquartered entities mitigate the risk of liability and demonstrate their commitment to ethical business practices.

The UK government has published guidance to help organisations ensure that they have reasonable fraud prevention procedures. The six principles behind the ‘reasonable procedures’ that will give an organisation a defence to prosecution are:

1. Top-level commitment;
2. Risk assessment;
3. Proportionate risk-based fraud prevention procedures;
4. Due diligence;
5. Communication (including training); and
6. Monitoring and review.

What should organisations do?

To mitigate the risk of liability under the ECCTA, organisations must take steps to establish and maintain robust fraud prevention measures, such as:

1. Conduct a risk assessment

Identify areas within your organisation that are vulnerable to potential fraud. This includes evaluating internal controls, employee roles and external interactions.

2. Implement comprehensive policies

Develop and enforce clear anti-fraud policies and procedures. Ensure the policies and procedures are communicated effectively to all employees and associated persons.

3. Training and awareness

Regularly train employees on fraud prevention, detection and reporting. Foster a culture where ethical behaviour is valued and encouraged.

4. Monitoring and reporting

Establish mechanisms for ongoing monitoring of fraud risks and ensure there are clear channels for reporting suspicious activities.

5. Review and improve

Continuously review and update your risk assessment and fraud prevention measures to address emerging risks and regulatory changes.

6. Top-level commitment

Ensure that senior management takes a role in fraud prevention, endorsing your organisation’s stance on preventing fraud, leading by example and fostering an open culture where staff feel empowered to speak up.

Help from the experts

The failure to prevent fraud offence represents a significant shift in the regulatory landscape for large organisations. By taking proactive steps to implement effective fraud prevention measures, businesses can safeguard themselves against liability and contribute to a more transparent and trustworthy corporate environment. As always, our team is here to support you in navigating these changes and ensuring your organisation remains compliant and resilient. Contact us for further guidance on the new failure to prevent fraud offence for businesses.

This article is provided for information purposes only. It does not constitute legal advice and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances.