New offence of failure to prevent fraud: what steps can organisations take to ensure compliance?

The Economic Crime and Corporate Transparency Act (ECCTA) heralds a new era in the fight against fraud. The Act introduces several measures designed to tackle economic crime and prevent the abuse of UK corporate structures. In this Keynote, Commercial partner Lucy Pringle and Fraud & Financial Crime partner Jonathan Chibafa explain the new offence of failure to prevent fraud, which comes into force on 1 September 2025.

Who does the new offence apply to?

The offence applies to “large organisations”, which are defined as corporates (including not-for-profit organisations and incorporated public bodies) and partnerships which meet two of the three following criteria:

• more than 250 employees;
• more than £36 million turnover; and
• more than £18 million in total assets.

Subsidiaries of “large organisations” are also within the scope of the new offence.

What is the new offence?

The offence creates strict liability for businesses that fail to prevent fraud committed by an “associated person”. This means that businesses can be held liable for the actions of their employees, contractors, subsidiaries, agents, distributors and service providers, even if the business’s directors had no knowledge of the fraud.

The biggest change that comes with this new offence is that it focuses on outward rather than inward fraud. Traditionally, fraud prevention measures have been designed to protect companies from being victims of fraud. The new offence is designed to protect the public and society at large from fraudulent conduct committed on behalf of companies by people associated with them. This represents a dynamic shift towards a much a broader outward-facing approach to fraud risk which requires an adaptation to internal controls.

The fraud offence by an associate must have been intended to benefit (directly or indirectly) the relevant body to whom the associate provides services. There must also be a “UK nexus” to the fraud offence. A business will not be guilty of this offence if it itself was, or was intended to be, the victim of the fraud offence.

As there is no single offence of fraud, there is a wide range of commercial activity and market participation that is now capable of incurring criminal liability for the failure to prevent fraud offence.

It is anticipated that the offence will bring the criminal law into areas that have historically been the subject of civil claims and rarely ever attracted the attention of criminal prosecuting authorities. Examples of these include false statements in warranties, statements to the market, and assertions made to insurers. In practice, this means revisiting risk assessments to include new risk factors from activities ranging from mergers and acquisitions to advertising and investor relations.

What are the penalties for the offence?

If an organisation is found guilty of this offence, it is punishable by an unlimited fine.

Is there a defence?

Yes, there is a defence if a business can demonstrate it had reasonable fraud prevention measures in place at the time the fraud was committed, or that it was not reasonable in the circumstances for the business to have any prevention procedures in place. Therefore, businesses should prepare for the implementation of the ECCTA by:

1. Undertaking a risk assessment: identify areas of the supply chain that are most vulnerable to fraud and take steps to strengthen these areas.
2. Applying internal controls to prevent and detect fraud: this may include segregation of duties, regular audits, and robust reporting mechanisms.
3. Conducting due diligence on suppliers before entering into contracts with them: this may include reviewing their financial statements, credit ratings and reputation.
4. Training employees to recognise and report fraud: this may include providing training on how to identify red flags.
5. Reviewing contracts with “associated persons”: contracts should now require compliance with the ECCTA in order to ensure that all parties are aware of their obligations, and contain a right to terminate if fraud is committed.
6. Producing a fraud prevention policy: ensure all your fraud prevention procedures and requirements are contained in a policy, and provide copies to all employees, agents and “associated persons”.
7. Ensuring whistleblowing procedures are in place: this is one of the most effective ways to uncover fraud and corruption.

With five months before implementation of the new offence, businesses should be starting their preparations for compliance now.

If you have questions or concerns about the offence of failure to prevent fraud or fraud generally, please contact Lucy Pringle and Jonathan Chibafa.