As of 1 September 2025, the UK’s Economic Crime and Corporate Transparency Act 2023’s new corporate “failure to prevent fraud” offence will be in effect. Under the rules of this Act, large organisations – including educational institutions – that fail to demonstrate reasonable fraud prevention procedures could face criminal prosecution, unlimited fines and reputational damage. The time for preparation is over and now the focus shifts to implementation, monitoring and continuous improvement.

What is the failure to prevent fraud offence?

The Act means that relevant organisations will be held criminally liable if a specified fraud offence is committed by a person associated with the organisation (such as an employee, subsidiary or agent) with the intention of benefiting the organisation or someone on whose behalf it provides services. Key to the offence is the intent to benefit, which distinguishes it from other types of fraud risk. Distinct from considerations on how fraud could harm the organisation or its students, this legislation focuses on situations where the organisation might gain, directly or indirectly, from fraudulent conduct. It is also a strict liability offence, so there’s no requirement to prove that the organisation or its senior managers had any prior knowledge of the fraud for the offence to apply.

Who does the new offence apply to?

The new offence applies to relevant organisations, which are incorporated bodies or partnerships that meet at least two of the following criteria:

• Annual turnover exceeding £36m.
• Balance sheet total over £18m.
• More than 250 employees.

This means many universities, multi-academy trusts (MATs) and large colleges are directly in scope. Smaller institutions may also be affected if they act as associated persons to larger organisations, and legislation is clear that institutions should take documented, proactive action to prevent fraud by associated persons. Associated persons could be staff, agency workers, some types of franchise partners, recruiters, outsourced service providers, student unions, research collaborators or social media influencers. What matters is whether the person or entity is performing services for or on behalf of the institution at the time.

6 ways higher education providers can stay compliant

To avoid liability under the new offence, institutions must be able to show that reasonable fraud prevention procedures were in place at the time that any fraud occurred. The government has outlined six principles to guide the implementation of ‘reasonable procedures’:

Top-level commitment

Senior leaders and governors must actively promote a culture of integrity and transparency. This means setting the tone from the top, visibly supporting anti-fraud initiatives and ensuring that fraud prevention is embedded into the institution’s values, policies and decision-making processes.

Risk assessment

Institutions need to regularly assess fraud risks specific to their operations. This includes identifying vulnerabilities in areas such as grant funding, student finance, procurement and partnerships. These risk assessments should be documented, reviewed periodically and used to inform prevention strategies.

Proportionate, risk-based prevention procedures

Fraud prevention measures must be proportionate to the institution’s size, complexity and risk profile. A large, research-intensive university will require more sophisticated systems than a smaller sixth-form college. Controls should be tailored to the specific risks identified through the institution’s risk assessment.

Due diligence

Organisations must carry out appropriate due diligence on suppliers, contractors, partners and other associated persons to ensure that third parties are operating ethically and don’t expose the institution to fraud risk. Due diligence should be risk-based and consistently applied.

Communication (including training)

Anti-fraud policies and procedures must be clearly communicated across the institution. Staff at all levels should receive regular training to help them recognise, prevent and report fraud, and training should be tailored to roles and responsibilities.

Monitoring and review

Fraud prevention procedures need to be regularly monitored and reviewed to make sure they’re effective. Institutions should evaluate the performance of controls, respond to emerging risks and make improvements where necessary. Internal audit and governance teams should play a key role in this process.

Ultimately, compliance with the new legislation is not a one-off exercise. Education institutions must embed fraud prevention into their culture, governance and daily operations, going beyond policies and procedures to create an environment where integrity is expected and supported at every level.

Leadership has an important role to play when embedding this culture. Boards of governors, vice-chancellors and senior executives should champion anti-fraud initiatives, allocate appropriate resources to support fraud prevention efforts, hold departments accountable and regularly review fraud risk reports. Where issues are identified, they must take timely corrective action.

Looking ahead: implications for higher education providers

The introduction of the failure to prevent fraud offence marks a significant shift in how fraud risk is managed across the education sector. Whereas the focus of managing fraud is usually to protect the institution from being a victim of fraud, this offence requires measures to ensure it is not held liable for fraud committed by someone to potentially benefit the institution. Institutions must now treat fraud prevention as a continuous, organisation-wide responsibility, particularly where they could receive the intended benefit of that illegal activity.

Those that take a proactive and transparent approach will not only meet their legal obligations but also strengthen trust with stakeholders and safeguard public funds.

As the new academic year gets underway, the question is no longer “Are we ready?” but “Are we doing enough?”

To discuss any further about failure to prevent fraud in the education sector, please contact Erin Sims or your usual RSM representative.

Related insights