Failure to Prevent Fraud: What the New Legislation Means for Your Organisation banner

Insights

Home / Insights / News / Failure to Prevent Fraud: What the New Legislation Means for Your Organisation

Failure to Prevent Fraud: What the New Legislation Means for Your Organisation

  • Posted on

The UK’s corporate crime landscape is about to undergo a significant shift. From 1 September 2025, a new criminal offence will come into force under the Economic Crime and Corporate Transparency Act 2023 (ECCTA), making it far easier to prosecute organisations where fraud occurs within their operations.

Otherwise known as the ‘Failure to Prevent Fraud’ offence, this legislation imposes a new duty on large companies to ensure adequate fraud prevention measures. If they don’t, and fraud is committed by someone acting on their behalf, they can be held criminally liable, even if senior management did not know of the wrongdoing.

With just a few months remaining until the offence comes into place, organisations should take action to assess their risks and implement appropriate procedures as soon as possible. In this blog, our expert compliance solicitors will outline what the offence is, who it applies to, and the practical steps businesses should take before the September deadline.

What Does the Offence Mean?

The new Failure to Prevent Fraud offence is built on the same legal model used for corporate failure to prevent bribery and tax evasion. Under this model, a corporate body can be convicted if someone associated with it commits fraud for the organisation’s benefit and the organisation does not have reasonable procedures in place to prevent it.

What makes this offence particularly striking is that it removes the need for the company’s leadership to show complicity or even awareness. The fact that the fraud occurred and that safeguards were inadequate is enough to trigger criminal liability, given the implication of the hierarchy’s knowledge of wrongdoing.

For the first time, corporate structures that have previously shielded senior management from fraud prosecutions may now come under direct scrutiny, meaning it’s even more important to put the correct protective measures in place to ensure your interests are protected.

Which Businesses Need to Take Action?

This is not a blanket requirement for all businesses. The offence only applies to what the legislation defines as ‘large organisations’, meaning those that meet at least two of the following thresholds:

  • More than 250 employees
  • A turnover of over £36 million
  • Assets exceeding £18 million

Nevertheless, the principles laid out in the government’s official guidance offer a useful benchmark for organisations of all sizes. Whether you fall within scope or not, putting effective anti-fraud measures in place is now seen as a key element of good governance that regulators, investors and clients increasingly expect.

The offence also applies across jurisdictions, meaning that it’s not only UK companies that need to prepare. Foreign companies carrying out business in the UK could also be within the reach of this law, so it’s important to instruct expert compliance solicitors, whatever your manner of business.

What Kind of Fraud Is Covered?

The offence is broad in its application. It covers a wide range of crimes under existing fraud and financial misconduct legislation, including false representation, failure to disclose information, abuse of position, false accounting, and offences under the Companies Act 2006.

Crucially, the fraud must have been committed by a person associated with the organisation, including an employee, agent, subsidiary, or even a contractor who can be proved to have the intent to benefit the organisation itself or someone it is providing services to.

Even if no actual benefit was obtained in the end, the intent alone can be enough to trigger liability. Your organisation must conduct due diligence to prevent any offence being committed.

How Can You Defend Against It?

The only defence available to a company facing prosecution under this offence is to demonstrate that it had “reasonable procedures” in place to prevent fraud. These procedures do not have to be perfect or foolproof, but they must be proportionate, properly implemented, and regularly reviewed.

The government’s guidance outlines six key principles that should underpin any fraud prevention programme:

  • Clear commitment from senior leadership
  • A robust fraud risk assessment
  • Tailored and proportionate policies
  • Due diligence on third parties
  • Effective communication and training
  • An ongoing system for monitoring and improvement

What this means in practice is that businesses must take a structured, proactive approach to fraud risk. A policy sitting in a drawer or a tick-box training session delivered once a year will not be enough.

What Should You Be Doing Before September 2025?

With the offence coming into effect on 1 September 2025, organisations need to begin their preparations now. The earlier you assess your current position and begin implementing reforms, the more likely you are to meet the standard required.

Here’s the process we recommend:

  1. Carry out a thorough fraud risk assessment across your business. Identify your associated persons, where the potential for fraud exists, and what controls are currently in place. This will provide a foundation for developing more tailored prevention procedures that reflect your organisation accurately.
  2. Engage your senior leadership. This isn’t something that can be delegated solely to compliance or legal teams. A full buy-in at board level is essential to creating a culture in which fraud prevention is taken seriously.
  3. Review your existing policies and training. Are your anti-fraud procedures up to date? Do they address the specific risks in your business model or sector? Do your staff know how to report concerns, and do they understand their obligations?
  4. Ensure there is a plan in place for ongoing monitoring. This should include both an internal audit-style review and a clear process for responding to fraud incidents if they arise.

What Happens If You Don't Prepare?

Failure to prepare could expose your organisation to criminal prosecution, potentially unlimited fines, and reputational damage and disruption. The offence is designed to make corporate prosecutions more straightforward, and enforcement agencies are likely to act where they find examples of serious internal failure.

Moreover, even businesses that are not yet under investigation may be scrutinised by regulators, stakeholders, or the media if their fraud prevention framework is seen to be lacking.

Embracing the New Legislation with Confidence

This new offence represents a significant shift in regulating and enforcing fraud risk. For businesses, it presents both a challenge and an opportunity: a challenge to meet new standards of corporate responsibility, and an opportunity to build more resilient, trustworthy organisations.

At Carson Kaye, our expert fraud solicitors can advise organisations across the commercial landscape on how to meet their legal obligations while maintaining clarity, confidence and control. If you need support with risk assessments, policy reviews or leadership training ahead of the September deadline, our team can provide tailored advice and practical solutions.

Contact Carson Kaye’s Compliance Solicitors Today

For strategic guidance on the Failure to Prevent Fraud offence and how it applies to your organisation, speak to our specialist business crime and compliance solicitors today. You can either call us on 020 8075 4147 or send an email to info@carsonkaye.co.uk. Let us help you navigate this legislative shift with the utmost confidence.