New ‘failure to prevent fraud’ offence
7th November, 2025
Large companies need to draft and implement a package of preventative measures to comply with new requirements in force since September.
Large companies need to draft and implement a package of preventative measures to comply with new requirements in force since September. A new criminal offence of ‘failure to prevent fraud’ is now in force, introduced by the Economic Crime and Corporate Transparency Act 2023 (ECCT) which became law on 1 September 2025.
The Act mirrors many existing regulatory requirements in the way it imposes requirements on companies and creates corporate liability. Businesses will already be familiar with the idea of “self-regulation”, the need to undertake a risk assessment (in this case fraud) and to implement its findings by way of a due diligence procedure of reasonable precautions to prevent fraud.
In requiring corporate bodies to eliminate or reduce the likelihood of fraud, ECCT aims to encourage a proactive corporate-cultural shift around fraud prevention and to prompt organisations to build an anti-fraud culture by identifying gaps and positive measures to combat the risks of fraud by enforcing a programme of preventative steps.
What is the failure to prevent fraud offence?
The offence will hold large organisations to account if they do not do enough to iron out fraud in their business, whether or not they in fact profit from it. Companies and other businesses or organisations can be held criminally liable where an employee, agent, subsidiary or other associated person commits a fraud intending to benefit the organisation unless it had a reasonable fraud prevention programme in place. In certain circumstances, the company can also be held liable where the fraud offence is committed with the intention of benefiting a client of the organisation. As with most regulatory offences of this type a prosecutor would not need to prove that directors or senior managers played any part in or actually knew about the fraud.
The offence covers a number of specific fraud offences listed within Schedule 13 of the ECCT. They include (but are expressly not limited to) fraud by false representation, failing to disclose information, abuse of position, false accounting and participation in a fraudulent business. Any aiding, abetting, counselling or procuring the commission of the listed offences by an associated person would also constitute a corporate offence and criminalise the organisation for a fraud offence.
Who does the offence apply to?
The offence only applies to what the Act refers to as ‘large organisations’, which are those with at least two of three criteria: 250 employees or more, Turnover of £36 Million or more and/ or £18 million or more in total assets. The test looks at previous accounting year before the commission of the offence began. A failure to adopt a reasonable system of precautions is likely to be deemed a continuing offence until identified and remedied, preferably before an incident of actual harm is committed.
Impact of the offence
This new offence will make it much easier to for a corporate body to be held criminally liable because there is no requirement for one single person who can be equated as the embodiment of the organisation (or its “controlling mind”) to be involved in the wrongdoing. To have a defence to any prosecution after a fraud event, a business would have the burden of proving that although fraud took place, it did all it could to avoid it and had a good enough system of reasonable measures in place to prevent the fraud.
Directors and senior managers are warned to take care of their own involvement in these corporate decisions. In the event of any investigation of the company the conduct of its senior individuals will come under scrutiny from the regulatory investigators. That enquiry process is already adopted in similar regulatory offences and frequently reveals personal failings which to prosecutions of the individuals, often alongside a case against the organisation.
Defence of reasonable fraud prevention procedures
The organisations caught by the new provisions will have a defence if they can prove a system of reasonable procedures to prevent fraud unless they show that it is not reasonable in all circumstances to expect the organisation to have any prevention procedures in place. In practice therefore, organisations near to or over the threshold test where the ECCTA requirements apply will need to review and ensure they have anti-fraud procedures in place.
Specific guidance has been released by the government which provides key considerations for organisations when developing their fraud prevention procedures. The guidance suggests that when considering fraud prevention procedures that they should be designed with the organisations structure and the territoriality of the offence being considered.
For more information, please see link to government guidance here. If you have any questions or would like to discuss any of this further, please get in touch with Chris Green.
Please note that this briefing is designed to be informative, not advisory and represents our understanding of English law and practice as at the date indicated. We would always recommend that you should seek specific guidance on any particular legal issue.
This page may contain links that direct you to third party websites. We have no control over and are not responsible for the content, use by you or availability of those third party websites, for any products or services you buy through those sites or for the treatment of any personal information you provide to the third party.
