It’s the Final Countdown – new offence of failure to prevent fraud coming in for large organisations

Overview

A new corporate criminal offence of ‘failure to prevent fraud’ comes into force on 1 September 2025. In broad terms, a large organisation can be guilty of the offence if an ‘associated person’ commits a fraud offence intending to benefit that organisation or its clients.  The term ‘associated person’ includes employees and anyone who performs services for or on behalf of the organisation.  Where a relevant fraud has been committed, an organisation will have a complete defence if it had in place ‘reasonable procedures’ to prevent fraud.

With just a few weeks left for organisations to get ready for its implementation, we explore the new offence below and outline some of the reasonable procedures to prevent fraud that organisations can consider.

What is the new offence?

The ‘failure to prevent fraud’ offence is part of the Economic Crime and Corporate Transparency Act 2023, which became law in the UK on 26 October 2023.  Under the offence, an organisation can be held liable if they fail to prevent an ‘associated person’ from committing a set of specified fraud offences – this can include employees and those providing services to the organisation. 

The new offence extends an organisation’s scope of liability further by also including ‘aiding, abetting, counselling or procuring the commission of a listed offence’ and offences include acts such as cheating the public revenue, false accounting, fraudulent trading, and obtaining services dishonestly.  

Which organisations will the new offence apply to?

This new offence will apply to a corporate or partnership (‘relevant body’) which is a large organisation.  A large organisation will satisfy two or more of the following conditions:

• Turnover of more than £36 million. 
• Total assets over £18 million
• More than 250 employees.

In some circumstances, members of corporate groups which satisfy two or more of the above conditions (in aggregate) can also commit the failure to prevent fraud offence. 

The role of risk assessments

Most organisations will have spent the past few months conducting thorough risk assessments of fraud issues that the organisation has or could encounter, with input from different functions within the organisation  These risk assessments will most likely have focused on risk areas such as supply chains, geographies, procurement functions, investor relations and fund-raising, and sales and marketing functions.

Once a risk assessment has been completed, organisations should move on to reviewing anti-fraud policies, systems and controls to manage any risk areas that have been identified from the assessment.

What should organisations do with a few weeks to go?

In November 2024 the government published guidance (Guidance to organisations on the offence of failure to prevent fraud) on what organisations should be considering in order to be (and stay) compliant with the new offence.  Taking a steer from that guidance, with a few weeks to go before the offence comes into force, these six core recommendations are helpful areas for organisations to focus on:

1. Risk Assessment. Whilst it is never possible to anticipate all potential fraud risks, organisations considering the three elements of the fraud triangle - opportunity, motive and rationalization - could be a good place to start.  The key point is for organisations to identify the risk. 
2. Identify and train senior managers.  The Economic Crime and Corporate Transparency Act 2023 requires senior managers to have an awareness of the offence.  As such, organisations should identify those senior managers and review internal arrangements for training to raise awareness on the changing landscape on economic crime.  Additionally, regulated entities will need to consider the designation of functions under the Senior Managers and Certification Regime. 
3. Producing statements on the organisation’s stance on preventing fraud. This can be an effective way to show a top-level commitment to the new offence, and also ensure that there is clear governance within the organisation’s fraud prevention framework.  Statements can be posted clearly on the organisation’s websites and within its supply chain documentation. 
4. Review existing policies, procedures and systems: implement new, proportionate risk-based fraud prevention policies, procedures and systems. Organisations should consider whether existing compliance mechanisms, financial reporting controls and fraud protection measures sufficiently prevent the fraud risks (and where there are gaps in coverage, take steps to deal with those). 
5. Due Diligence. If there are greater fraud risk areas (for example, in certain supply chains), organisations may want to consider whether any due diligence procedures need updating. 
6. Keep monitoring and revising existing detection and prevention procedures. This includes learning from investigations and whistleblowing incidents. 

Where can I find out more?

For more information on the offence, our overview can be found here: Burges Salmon - Corporate Crime & Investigations - New Approach to Corporate Criminal Liability & New Offence of Failure to Prevent Fraud.

If you would like to discuss how the new offence might impact your organisation, please contact Carlene Nicol.