The HS2 tribunal case exposes the legal risk of sidelining whistleblowers under new fraud rules
From September, large UK businesses can be prosecuted for failing to prevent fraud committed by their employees or contractors, unless they can show they had “reasonable procedures” in place to stop it.
But what happens when someone tries to raise a red flag and is pushed out instead?
That’s exactly what happened at HS2 – the UK’s beleaguered high speed rail project. In a case that should alarm compliance teams, a whistleblower who warned about misleading cost forecasts was dismissed just one week after escalating his concerns to senior leadership. An employment tribunal has now ruled that High Speed Two Ltd unfairly terminated his contract and failed to protect him as a whistleblower, ordering over £300,000 in compensation.
This case didn’t result in a fraud prosecution. But under the new offence coming into force 1 September 2025, similar internal failures could lead to criminal liability. If your organisation penalises whistleblowers, or simply doesn’t have effective protection in place, you may not have a defence under the failure to prevent fraud law.
The whistleblowing case: HS2 vs Cresswell
High Speed Two Ltd (HS2) was ordered to pay £319,070 to Stephen Cresswell, a risk management consultant, after terminating his contract shortly after he raised concerns about cost forecasting practices. He warned in internal communications that ignoring a £557 million risk was “not defendable” and could constitute a misrepresentation of the project’s financial position to secure ongoing funding.
HS2 admitted it failed to give Cresswell whistleblower protection and acknowledged he was treated unfairly after raising concerns. The tribunal ruled that HS2 failed in its duty not only by ending his contract but also by excluding him from consideration for other roles.
What this case means for “failure to prevent fraud”
Under the Economic Crime and Corporate Transparency Act 2023, organisations will be criminally liable if an associated person commits fraud and the business didn’t take reasonable steps to prevent it.
Cresswell’s allegations exposed a worrying situation in the contractor that highlights some very troubling perspectives for failure to prevent fraud.
- Alleged misrepresentation of financial data for funding benefit
- Concerns raised internally
- Contract terminated shortly after
- Employer admits whistleblower wasn’t protected
Had fraud occurred in this instance, this exact fact pattern could trigger the new offence.
The guidance on failure to prevent fraud stresses whistleblowing as a core element of a reasonable procedures defence. If an organisation silences or penalises internal reporters, it undermines any claim that fraud prevention is embedded in the culture.
Lessons for compliance teams
Whistleblowing protections must be demonstrably robust
The HS2 case shows how quickly a failure in whistleblower protection can undermine corporate integrity. Under the new law, it could also help prosecutors prove a failure to prevent.
Compliance teams must:
- Ensure confidential, independent reporting lines are in place
- Protect all associated persons, including contractors and consultants
- Prove that retaliation leads to consequences for the retaliator, not the whistleblower
Internal reporting should trigger review, not reprisal
When an employee raises fraud-adjacent concerns, particularly about financial forecasting, reporting, or public funding, those concerns must be escalated, logged, and investigated.
This should be standard procedure, and part of any organisation’s “reasonable procedures” documentation.
Contractors count
Failure to prevent offences cover associated persons, including consultants like Cresswell. This extends the compliance obligation to include:
- Third-party onboarding procedures
- Clear whistleblowing protections for non-employees
- Contract clauses ensuring fraud-related concerns are encouraged and protected
Leadership accountability is critical
The guidance on fraud prevention is clear: tone from the top matters. A culture that penalises transparency invites legal risk.
In the HS2 case, the whistleblower escalated concerns to the CFO. His termination one week later sends a message, whether intentional or not, that whistleblowing isn’t welcome.
This is precisely the kind of organisational failure prosecutors will use to argue a lack of reasonable procedures.
Failure to prevent fraud: What reasonable procedures look like
The government’s six principles for reasonable fraud prevention include:
Fraud Risk Assessment – Understand where fraud might arise.
Top-Level Commitment – Senior leaders must champion anti-fraud culture.
Practical Policies and Controls – Implement controls that prevent and detect fraud.
Training and Communication – Educate all levels of staff and contractors.
Whistleblowing Channels – Enable safe, confidential fraud reporting.
Monitoring and Review – Regularly test and improve procedures.
Each of these must be actively demonstrated, especially whistleblowing.
Need help implementing whistleblowing channels and training your staff on the new offence?
Explore VinciWorks’ Failure to Prevent Fraud training and whistleblowing software solutions.
