Construction firms saw a significant regulatory shift on 1 September 2025 as the new corporate offence of ‘failure to prevent fraud’ came into force.

Section 199 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) holds to account large organisations that fail to implement reasonable procedures to prevent fraud committed by associated persons – such as employees, subsidiaries or subcontractors – where the organisation or its client stands to benefit.

The construction industry is highly susceptible to fraud because of its fragmented project structures, complex supply chains and frequent use of subcontractors. This lack of standardisation can hinder effective governance and increase the risk of fraudulent activity.

Rising environmental, social and governance (ESG) demands and economic pressures – such as squeezed margins and delayed project timelines – can also create incentives for individuals to commit fraud to protect profits or mask underperformance. As we’ve previously highlighted, fraud and bribery account for over 40% of all crime in the UK, costing the economy £7bn annually.

Penalties and consequences of failure to prevent fraud offence

Under the offence, organisations could be found guilty if fraud occurs and they don’t have ‘reasonable’ prevention procedures in place. As well as potentially suffering reputational damage, a loss of consumer confidence and greater regulatory scrutiny, convicted organisations could receive an unlimited fine.

Crucially, similar to the failure to prevent bribery, under Section 7 of the Bribery Act 2010, failure to prevent fraud is a strict liability offence, meaning that senior leadership and members of the Board do not need to be aware of the offence for the organisation to be held to account. The organisation’s only defence is to demonstrate it had implemented sufficient safeguards – ‘reasonable procedures’ – to prevent fraud.

What constitutes a base fraud?

To trigger liability, a specified ‘base fraud’ must be committed. Base frauds are limited to economic offences and include legislative offences, such as fraud by false representation and false accounting, and the common law offence of cheating the public revenue (there are nine of these listed in a Schedule to the Act). The corporate offence covers operations based overseas, which makes its application to multinationals even more complex.

Examples of industry-relevant base frauds in scope of the failure to prevent fraud offence include:

• A procurement manager conspiring to supply sub-grade materials for a new development, yet charging the client the cost of premium materials to increase profits.
• Senior managers of a large construction firm exaggerating or falsifying their carbon footprint where the project depends on their sustainability performance.
• An organisation intentionally reducing its projected profit margin on sites, or moving costs across sites and phases, to manipulate performance in order to meet external KPIs and internal performance incentives.
• Organisations conspiring to fix contract pricing and influence the procurement process and bid award.

These scenarios show how fraud can creep into everyday business decisions, often to give the organisation or its clients an unfair advantage. Organisations should ensure that any assessment considers all of the nine base fraud offences that could apply to its activities.

Prepare for compliance: the six principles of reasonable procedures

Businesses need to map out who they work with and consider where they themselves might count as an ‘associated person’ in the networks of other organisations. Then they should make sure they have ‘reasonable procedures’ in place in line with Government guidance. These include:

1. Fraud risk assessment: Conduct a thorough assessment to identify where fraud risks may arise across projects, supply chains and internal operations.
2. Proportionate fraud prevention procedures: Develop fraud prevention policies that are tailored to the organisation’s risk profile and operational complexity. Procedures should be clear, accessible, effectively implemented and enforced.
3. Due diligence: Apply a proportionate, risk-based approach to vetting contractors, suppliers and other associated persons.
4. Communication: Make sure fraud policies are clearly communicated and understood across the organisation, with regular training and updates.
5. Monitoring and review: Establish mechanisms to review and improve fraud prevention procedures, incorporating lessons learned from incidents and intelligence from across the industry.
6. Top-level commitment: Assign responsibility for the prevention and detection of fraud to those charged with governance of the organisation. Senior leadership must foster a culture of integrity, visibly supporting anti-fraud initiatives and empowering staff to raise concerns.

How RSM can support your construction business

Construction businesses need to act now to develop, refine and improve risk management. With the act coming into effect, the Serious Fraud Office has signalled its intent to pursue early enforcement cases, making it clear that organisations ignoring the offence will be held to account.

The RSM team understand the construction sector and help clients navigate the evolving regulatory landscape with confidence, providing policy reviews and training as well as developing risk assessments. To understand more about the new offence, discuss the likely impact on your organisation or to explore support in preparing for it, reach out to our team.

Related insights