The Failure to Prevent Fraud offence introduced by the Economic Crime and Corporate Transparency Act 2023 (the “Act”) is in force as of the 1 September 2025. The new offence seeks to prevent fraud at all levels of organisations and ensure that proactive steps are being taken at a senior level. Whilst many organisations may continuously monitor the risk of fraud within their business as a point of good practice, this new offence could mean that a failure to do so could prove to be a costly mistake.

To mitigate any risk of falling foul of this offence, organisations should be building robust processes early and ensuring that monitoring measures are complete and accurate. In this article, we will review the key points of the new offence and consider how you and your organisation can take a proactive commercial approach to limit the risk of committing the Failure to Prevent Fraud offence.

What is the offence?

The Failure to Prevent Fraud is an organisation’s failure to prevent an employee, agent, subsidiary or other associated person (“Associated Person”) committing a fraud offence for the intended benefit of the organisation. It is important to note that the definition of Associated Person is broad and captures an array of people, and therefore it may not be sufficient to monitor employees alone. The offence is also limited to specific fraud offences committed by the Associated Person; these are all contained with Schedule 13 of the Act (“Base Offences”).

It should be noted that, whilst the intended benefit of the Base Offence should be for the organisation, it does not need to have been either:

  • solely for the organisation; or
  • realised in reality,

meaning that should an Associated Person commit a Base Offence for both their benefit and the organisation’s benefit, but that the benefit for the organisation is never realised, the organisation may still be guilty of a failure to prevent fraud.

To whom does it apply?

The offence only applies to large organisations (including, but not limited to, limited companies and LLPs) which satisfy at least two of the following criteria:

  • it employs over 250 staff;
  • it has a turnover of £36 million or more; or
  • it possesses £18 million or more in assets.

Punishments for Failing to Prevent Fraud

In England, convictions of a Failure to Prevent Fraud may result in fines, reputational damage and potential additional scrutiny from regulatory bodies. Scotland and Northern Ireland may have slightly varying penalties, for details we would suggest discussing with local counsel.

How to Avoid Criminal Liability?

In order to defend a charge of Failure to Prevent Fraud, organisations must be able to demonstrate that they had reasonable fraud prevention measures in place. Large Organisations will be expected to create a fraud prevention framework that has been designed around the following:

  • Top Level Commitment – engagement from senior leadership and those that have been charged with the responsibility for the organisation, this includes (among other things) a firm position on fraud being communicated and engagement with the wider organisation in its prevention;
  • Risk Assessment – the organisation should develop and continuously review risk assessments for fraud within the organisation. Such risk assessments should reflect the further guidance provided;
  • Proportionate Risk-Based Prevention Procedures – building a fraud prevention procedure that is appropriate for the organisation within the sector, such procedures should be tested where necessary;
  • Due Diligence – conducting appropriate level of due diligence on Associated Persons and any equipment used by the organisation;
  • Communication (including training) – staff and Associated Persons must be adequately notified and trained in relation to the fraud prevention framework; and
  • Monitoring and Review – this process is not static; it must at all times remain under review, collectively referred to as the “Principles”.

Commercial Steps to Take

The best course of action is to take a proactive, practical and commercial approach to building a fraud prevention framework. Even if an organisation is currently below the thresholds discussed above, taking the following steps and creating a culture that is aware of the risk of fraud is the best way to futureproof the organisation from these risks.

Policies

Drafting a detailed and practical Fraud Prevention Policy is the best initial step to take. This policy should be built around the Principles in a way that will illustrate that the organisation has reasonable procedures in place should the need arise. This policy must be disseminated to all Associated People and (where necessary) training should be provided.

An additional important factor is to properly integrate an organisation’s Fraud Prevention Policy within a wider suite of policies. The interplay between some will be obvious, for example a Whistleblower Policy, however we recommend considering how the Fraud Prevention Policy may interact with the less obvious policies, such as an Acceptable Use of AI Policy or a Data Protection Policy. Organisation staff members will need to understand the risks of fraud when undertaking a wide array of activities.

Ensuring that an organisation has detailed and well communicated policies may well be the difference in outcome. In the best case scenario, these policies may prevent staff committing the Base Offences and in the worst case scenario, the organisation may be able to demonstrate that it has reasonable procedures in place in line with the Principles.

Commercial Contracts

In addition to a strong suite of internal policies, organisations should seek to identify any related party that could be construed as an Associated Person and review any commercial agreement that the organisation has with them. These parties can then be contractually bound by the internal Fraud Prevention Policy, which will align the position across the organisation’s supply chain.

Whilst the above may be the ideal position, the reality of contractual negotiations is that external Associated People may not be willing to agree to a position whereby they are bound another organisations’ internal policy. In these cases, a balanced approach must be taken to ensure that the party is contractually bound to conduct their own fraud prevention measures and provide the organisation with sufficient updates so that it may be confident of the monitoring process.

In addition to the above, other changes including specific provisions in employment contracts, alongside learning and development programmes, would assist in the prevention of fraud, but these are outside the scope of this article. However, structured policies and commercial agreements will be key in the development of a robust fraud prevention culture within an organisation.

Should you require any assistance in the development, drafting or review of any policies or commercial agreements, please feel free to contact the Ellisons Commercial Team.