What firms need to know about the UK’s new ‘Failure to Prevent Fraud’ offence

By Lesah Munyakazi, Compliance Consulting Analyst

The UK Government has introduced a new corporate criminal offence, the ‘Failure to Prevent Fraud’ offence, as part of its broader reform agenda to combat economic crime.

The new offence, introduced through the Economic Crime and Corporate Transparency Act (ECCTA) 2023, places a statutory obligation on large organisations to prevent fraud committed by associated persons. In this article, we summarise the key features of the new offence, the accompanying government guidance, and what firms should be doing to prepare ahead of implementation later this year.

Overview of the new offence

The Failure to Prevent Fraud offence applies to large corporations and partnerships, making them criminally liable if an employee or other associated person commits a fraud offence that benefits the organisation, and the organisation has failed to take reasonable steps to prevent it.

It’s important to note that in all cases the associated person must commit the fraud with direct or indirect intention to benefit the firm, a subsidiary of the firm, or a client of the firm. The intention to benefit the firm (or its subsidiaries or clients) does not need to be the sole or dominant factor behind the fraud, meaning it can be secondary to the intent to benefit the fraudster themselves.

To be in scope, an organisation must meet at least two of the following criteria:

• More than 250 employees
• More than £36 million turnover
• More than £18 million in total assets

The offence will come into force on 1 September 2025 and will sit alongside existing ‘failure to prevent’ offences such as those relating to bribery and tax evasion.

The government’s objective is to improve corporate accountability and enhance fraud prevention, without overly burdening small businesses.

Smaller businesses may still be impacted where they could be deemed an associated person to an organisation that is caught by the rules, with those organisations potentially requiring them to have in place reasonable procedures to prevent fraud.

Associated persons

Associated persons are defined in the ECCTA as one of the following:

• Employees, agents or subsidiaries of the firm
• Employees of a subsidiary of the firm
• A person who otherwise provides services for on behalf of the firm (which is to be judged by all relevant circumstances, not just the nature of the relationship between firm and individual)

Territorial scope

The new duty will apply to offences that at least partly take place in the UK or have a UK victim (such as an investor). This means that non-UK companies may come into scope where they do business in the UK, have UK investors, or use UK service providers.

The effect of this is that the territorial scope is not certain for non-UK firms and will depend on the circumstances in each case.

Government guidance: what ‘reasonable procedures’ look like

In April 2024, the UK Ministry of Justice published draft guidance to help organisations understand what counts as ‘reasonable procedures’ for preventing fraud. The guidance adopts a principles-based approach, modelled on the Bribery Act 2010, which outlines six key principles:

1. Proportionality of procedures – Procedures should be proportionate to the organisation’s size, sector and risk profile
2. Top level commitment – Senior management must implement a culture of integrity and actively support fraud prevention measures
3. Risk assessment – Firms must assess their exposure to internal and external fraud risks and review these assessments regularly
4. Due diligence – Appropriate checks on personnel, business partners and third parties are critical
5. Communication and training – Anti-fraud policies and procedures must be clearly communicated and embedded via staff training
6. Monitoring and review – Firms are expected to evaluate and update their fraud controls regularly to maintain effectiveness

The guidance is non-prescriptive, allowing organisations flexibility to tailor their procedures to suit their specific operations and risk exposures.

What firms should be doing now

Although the offence is not yet in force, organisations within scope should begin taking proactive steps to prepare. These include:

• Conducting a fraud risk assessment, or updating the existing risk assessment to ensure it covers outward fraud
• Reviewing and updating internal policies and controls
• Enhancing due diligence on associated persons
• Establishing or strengthening training programmes
• Engaging senior leadership
• Ensuring that controls are appropriately documented

Firms should view this period as a window of opportunity to strengthen their anti-fraud framework. This is not only to comply with the new law but also to reinforce stakeholder confidence and reduce fraud risk.

Next steps

The secondary legislation to bring the offence into force is scheduled for 1 September 2025. In the interim, the Ministry of Justice is expected to finalise its guidance following stakeholder feedback. Once the offence is live, the Serious Fraud Office and Crown Prosecution Service will be responsible for enforcement and firms that cannot demonstrate reasonable procedures will face criminal liability.

How IQ-EQ can help

To discuss what the failure to prevent fraud offence may mean for your organisation or to find out more about the support available from IQ-EQ’s expert regulatory compliance consulting team, please contact us today.