Failure to prevent fraud guidance published, what your organisation needs to do now

The UK government has released its long-awaited guidance on the “failure to prevent fraud” offence, introduced under the Economic Crime and Corporate Transparency Act 2023. This new offence, effective from 1 September 2025, holds businesses accountable when individuals associated with their organisation commit fraud to benefit the company, whether directly or indirectly. While a defence exists if businesses can demonstrate “reasonable procedures” to prevent fraud, the guidance emphasises the significant steps companies must take to prepare for this landmark legislation.

What is failure to prevent?

Under UK law, a corporation can face a criminal prosecution if it fails to prevent certain actions being undertaken by their employees, associates or even contractors. Failure to prevent encompasses a wide array of compliance failures, from not having the right policies in place, to a lack of procedures to even training courses that aren’t effective in delivering the right information to employees.

UK law recognises three corporate criminal offences under the ‘failure to prevent’ principle. These are failure to prevent the facilitation of tax evasion, the failure to prevent bribery, and the failure to prevent fraud. A corporate “failure to prevent” offence was first introduced under section 7 of the UK Bribery Act 2010. This same concept was then mirrored in sections 45 and 46 of the Criminal Finances Act 2017 in relation to the facilitation of tax evasion. This has now been introduced for fraud. In these cases, a business can avoid prosecution if it has reasonable procedures in place in the case of tax evasion, or adequate procedures in place in the case of bribery, to prevent it. Reasonable and adequate procedures essentially mean the same thing in practice, the only difference is deciding to have no procedures can be considered reasonable to prevent the facilitation of tax evasion, but having no procedures could not be considered adequate to prevent bribery.

For organisations who have experience in developing anti-bribery and anti-tax evasion procedures, the same process can be applied to preventing fraud.

Who does failure to prevent fraud apply to?

The offence applies to all large corporations, subsidiaries, partnerships, and even large non-profits and public bodies. While the Economic Crime and Corporate Transparency Act has received royal assent, the law will enter into force once the government has published guidance acceptable fraud prevention measures. The offence list initially targets specific fraud and false accounting offences deemed most relevant to corporations, with potential future expansion within the realm of economic crime.

A cultural shift in tackling fraud

The legislation aims to foster a proactive culture of fraud prevention across organisations. Businesses are expected to implement measures that not only deter fraud but also signal a top-down commitment to ethical practices. However, compliance with the new rules is not a tick-box exercise. Each organisation’s response will need to be tailored, proportionate to its size, complexity, and the specific risks it faces.

The guidance identifies six core principles to help businesses develop and maintain fraud prevention procedures. These principles outline what constitutes “reasonable procedures” and set the stage for how courts will evaluate an organisation’s efforts to prevent fraud.

Leadership and risk awareness

Fraud prevention starts at the top. Senior leaders, including directors and partners, are expected to champion anti-fraud initiatives, ensuring that governance structures, training programs, and reporting systems are robust. Their visible commitment to preventing fraud can inspire a company-wide culture where employees feel confident to raise concerns.

Understanding fraud risks is another cornerstone. The guidance introduces the “fraud triangle” to help businesses assess risks: opportunity, motive, and rationalisation. Does the organisation have gaps in oversight or internal controls that create opportunities for fraud? Are financial targets or workplace pressures encouraging risky behaviour? And does the corporate culture subtly enable fraud, either through indifference or an inability to address ethical dilemmas? These questions are central to building an effective risk management strategy.

Fraud prevention measures: a balancing act

Fraud prevention measures must align with an organisation’s specific risks and operations. Larger, more complex organisations will naturally face higher expectations. The guidance suggests actions such as conducting thorough pre-employment checks, providing targeted anti-fraud training for high-risk roles, and monitoring sensitive information. For example, reward systems that inadvertently encourage cutting corners may need to be redesigned to reduce fraud incentives.

Companies must also weigh the practicality of implementing certain measures. For instance, while it may not always be reasonable to introduce a particular control, this decision should be carefully documented and reviewed regularly as circumstances change.

Integrating fraud prevention across functions

The new offence intersects with existing regulations, such as the UK Bribery Act and tax evasion laws, but compliance with these laws does not automatically mean a company has met its obligations under the new legislation. Organisations should critically evaluate whether their existing policies address the specific fraud risks outlined in the new guidance.

For associated persons, including employees and third parties, due diligence should be tailored to the level of risk. This might involve enhanced background checks, contract clauses mandating compliance, or regular monitoring to identify potential conflicts of interest. In mergers and acquisitions, thorough assessments of the target company’s fraud controls and risk exposure are crucial.

Communication and training: embedding prevention

Clear communication is vital for embedding fraud prevention policies across an organisation. Employees at all levels should understand the company’s stance on fraud and know how to report concerns. Training programs should be updated regularly, especially as staff move roles or as fraud risks evolve.

Whistleblowing, identified as a key tool in uncovering fraud, deserves special attention. Organisations should establish independent reporting channels, foster a culture where employees feel safe speaking up, and ensure that whistleblowing processes are clearly understood.

Staying vigilant through monitoring and evaluation

Fraud prevention is not a one-time effort. Businesses must continuously monitor and review their procedures, adapting to changes in their operations or evolving fraud methods. Regular audits and risk assessments will help identify vulnerabilities and ensure prevention measures remain effective. Flexibility is essential, as businesses may need to act swiftly in response to emerging threats or incidents.

What to prepare for now

With less than a year until the offence comes into force, businesses have limited time to align with the new requirements. While the guidance provides a framework, it is not a comprehensive checklist. Prosecutors will assess “reasonable procedures” on a case-by-case basis, considering the unique circumstances of each organisation. Companies with higher fraud risks will face greater scrutiny.

Uncertainty remains about how the law will be enforced, especially given the lack of prosecutions under similar offences, such as the failure to prevent tax evasion. Nevertheless, organisations should not delay. The Serious Fraud Office (SFO) has expressed eagerness to bring charges under this legislation, underscoring the urgency for companies to act.

By prioritising leadership commitment, comprehensive risk assessment, and robust prevention measures, businesses can navigate this new legal landscape and protect themselves against the significant reputational and financial risks posed by fraud. If you have questions or need support in implementing these changes, consulting with legal and compliance experts can provide valuable clarity and direction.

Practical Next Steps for Businesses

To prepare for the offence:

Conduct comprehensive risk assessments: Identify and address vulnerabilities unique to your organisation.
Develop and implement fraud prevention policies: Use the six principles as a guide, but tailor measures to your operations.
Engage leadership: Ensure senior management actively supports fraud prevention initiatives.
Enhance training and awareness: Roll out anti-fraud training that ensures all staff understand their role in preventing fraud
Establish robust whistleblowing channels: Encourage reporting of potential fraud without fear of retaliation.
Review and update procedures: Continuously monitor and adapt measures to meet evolving risks and regulatory expectations.

Try our failure to prevent fraud training course now.

Try course now

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

CLOSE