Failure to prevent fraud – countdown to 1 September 2025

14 March 2025

On 6 November 2024, the government issued guidance on the new corporate offence of failure to prevent fraud (under s199 of the Economic Crime and Corporate Transparency Act). 

Relevant organisations must implement fraud prevention procedures prior to the offence coming into force on 1 September 2025 or risk facing an unlimited fine.

Which organisations does the offence apply to?

The offence applies to “large organisations”, defined in the legislation as those meeting at least two of the following conditions:

  • A turnover of more than £36m.
  • More than £18m in total assets.
  • More than 250 employees. 

It also applies to their subsidiaries, regardless of where the organisation is headquartered or where subsidiaries are located. 

However, smaller organisations should be aware that they may fall under the definition of an “associated person” (a person or entity whose actions, in effect, may lead to the prosecution of a large organisation) while providing services for or on behalf of large organisations. In these circumstances, small organisations may be subject to contractual or other requirements imposed by large organisations in respect of the failure to prevent fraud offence.

Recap on the failure to prevent fraud offence

A relevant organisation will be criminally liable if a specified fraud offence is committed by a person associated with the organisation (such as an employee or agent) with the intention of benefiting the organisation or its clients. If the organisation is a victim of the offence, it is not criminally liable. 

It is a strict liability offence, meaning there is no requirement to prove that the organisation or its senior managers had any prior knowledge of the fraud for the offence to apply.

The definition of a “specified fraud offence” (or “base fraud”) includes the fraud and false accounting offences most relevant to large organisations, such as fraud by false representation, false accounting, false statements by company directors and cheating the public revenue. 

How does a large organisation provide a defence against prosecution?

The only defence is that the organisation had reasonable fraud prevention procedures in place at the time of the offence. Failure to implement a robust, proportionate fraud prevention framework may lead to dire consequences for a large organisation – the maximum penalty for a conviction under the offence is an unlimited fine.

Organisations need to act now

The focus on fraud committed for the intended benefit of the organisation is significant and may mean that existing fraud risk assessments and associated procedures are no longer sufficient to meet the requirements of the new legislation. Up until now, organisations have generally concentrated their attention and resources on fraud that could harm their business. The new legislation means that organisations should review their existing fraud prevention frameworks to ensure they are fit for purpose and could protect them from potential prosecution.

The government guidance outlines six principles that organisations must implement to prevent a specified fraud offence from being committed and to protect themselves from potential prosecution for failure to prevent it. The principles are consistent with the prevention procedures already found in the other corporate “failure to prevent” offences (bribery and the facilitation of tax evasion): 

  • Top-level commitment.
  • Risk assessment.
  • Proportionate, risk-based prevention procedures.
  • Due diligence.
  • Communication (including training).
  • Monitoring and review.

Organisations must act now to ensure they have sufficient time to undertake the fraud risk assessment and make the appropriate changes to rely on the defence by 1 September 2025.

While some organisations may already have fraud investigation procedures in place, these will likely need to be extended to cover frauds that are intended to benefit the organisation.

Questions to consider:

  • Could your organisation be in scope of this offence?
  • Do you have a steering committee set up to drive this agenda?
  • Have you commenced a risk assessment to consider fraud risks that could benefit your organisation?
  • Is your organisation clear on the identity of its “associated persons”?
  • Have you updated policies, communicated the approach, and revised controls?

To ensure your organisation is ready to meet the new requirements, please contact Erin Sims, Nick Gilbey or Laura Schmuttermeier.

Nick Gilbey
Nick Gilbey
Director - Forensic, Investigations and Disputes
Contact Nick Gilbey +44 (0)0203 201 8681
Laura Schmuttermeier
Laura Schmuttermeier
Partner, Risk and Governance
Contact Laura Schmuttermeier +44 (0)20 3201 8441
Erin Sims
Director
Contact Erin Sims +44 (0)7800 617 456
Nick Gilbey
Nick Gilbey
Director - Forensic, Investigations and Disputes
Contact Nick Gilbey +44 (0)0203 201 8681
Laura Schmuttermeier
Laura Schmuttermeier
Partner, Risk and Governance
Contact Laura Schmuttermeier +44 (0)20 3201 8441
Erin Sims
Director
Contact Erin Sims +44 (0)7800 617 456
Services

Related insights

M&A activity in the recruitment sector: 2024 year in review

Jonathan Wade
12 Mar 2025

How should we react to the government’s promise to close the tax gap?

Flora Barnes
07 Mar 2025

HMRC reconsiders salary members guidance after BlueCrest case

Mark Waddilove
07 Mar 2025

Real estate tax guide

Irfan Butt, Rebecca Lord
07 Mar 2025

Quarterly prudential risk radar - March 2025

Gavin Sharpe, James Roberts
05 Mar 2025

Gender diversity falling behind in financial services

Erin Sims
05 Mar 2025