Failure to Prevent Fraud: New Corporate Offence, Penalties and Compliance Requirements

Failure to Prevent Fraud: the new corporate offence

From 1 September 2025, the Economic Crime and Corporate Transparency Act 2023 introduced the new corporate offence of Failure to Prevent Fraud.

Large organisations will be found criminally liable if employees, agents, subsidiaries or other associated persons with them commits fraud for its benefit, regardless of whether the organisation actually benefits from the offence, and the organisation did not have reasonable procedures in place to prevent it.

You are considered a large organisation if you meet two or more of the following criteria:

• its turnover is more than £36 million;
• its balance sheet total is more than £18 million; and
• it has more than 250 employees

What types of fraud does this capture?  

To be guilty of an offence the associated person must commit a specified fraud. In accordance with Schedule 13 of ECCTA a specified fraud includes the following:

• fraud by false representation (section 2, Fraud Act 2006)
• fraud by failing to disclose information (section 3, Fraud Act 2006)
• fraud by abuse of position (section 4, Fraud Act 2006)
• obtaining services dishonestly (section 11, Fraud Act 2006)
• participation in a fraudulent business (section 9, Fraud Act 2006)
• false statements by company directors (Section 19, Theft Act 1968)
• false accounting (section 17, Theft Act 1968)
• fraudulent trading (section 993, Companies Act 2006)
• cheating the public revenue (common law)
• aiding any of the above

Consequences of non-compliance

• Fraud conviction can lead to reputational damage
• Organisations found liable for this new offence can be subject to unlimited fines
• Separate convictions for individuals involved in committing the offence
• Failure to comply can trigger wider regulatory scrutiny

Reasonable Fraud Prevention Procedures

• Top Level Commitment: Adopt a culture within the organisation in which fraud is never acceptable and should reject profit based on, or assisted by, fraud.
• Risk Assessment:Conduct a thorough fraud risk assessment to understand and address the potential fraud risks within the organisation.
• Proportionate risk-based prevention procedures:Organisations should prepare a fraud prevention plan. Organisations should develop and implement robust policies and procedures to mitigate the fraud risks identified in risk assessments.
• Due Diligence: Organisations should apply proportionate due diligence procedures in respect of associated persons, to mitigate the fraud risks identified in the risk assessment.
• Communication and Training: Provide regular mandatory training for employees about fraud, fraud risks, and the importance of fraud prevention.
• Monitor and Review:  Regularly monitor and review the effectiveness of the fraud prevention procedures, monitor and review performance, and make any necessary adjustments.

How can we help?

• Policy and framework support – reviewing, drafting and updating fraud prevention, reporting and policies
• Fraud risk assessment and roadmap – helping organisations identify where fraud risk arises across their business and supply chain, and developing a clear, proportionate compliance roadmap.
• Governance, training and assurance – advising boards and senior management on oversight responsibilities, supporting training and communications, and helping evidence an effective anti‑fraud culture.

If you want to discuss the topics explored in this article, reach out to Andrew Gordon.