New corporate offence: failure to prevent fraud

29 September 2025

On 1 September 2025, a new corporate criminal offence of failing to prevent fraud came into force under the Economic Crime and Corporate Transparency Act 2023 (“ECCTA”).

Employers will be liable to this offence if any of their “associated persons” commits a fraud intending to benefit either the employer or anyone else to whom they are providing services on the employer’s behalf, such as a subsidiary or a client. A person will be deemed to be “associated” with an employer in a broad range of circumstances, including where they are an employee, agent or subsidiary of the employer, and also where they are an independent contractor providing services on the employer’s behalf.

Only “large organisations” are liable to this offence. A large organisation is one which, in the financial year before the offence was committed, fulfilled any two (or more) of the following conditions:

  1. Turnover of more than £36 million

  2. Balance sheet total of more than £18 million

  3. More than 250 employees

It should be noted that in respect of parent companies, the above criteria apply on an aggregated basis. This means that a parent company that does not meet the criteria for a large organisation on its own could, nevertheless, come into scope of the ECCTA if the sums of the turnover, balance sheet and employee figures respectively for each member of its group (that is, it and its subsidiary undertakings) satisfy the above criteria. In other words, a parent company may be liable to the criminal offence even if, taken individually, neither it nor any of its subsidiaries meet any two of the conditions above. Companies, LLPs, partnerships, and various other types of corporate body can all be held liable.

Criminal liability will only arise where there is a base fraud offence in UK law, and the crime has a “UK nexus”, which means that either the fraud was committed in the UK, or the relevant gain or loss occurred in the UK. This criterion still leaves open a very broad potential exposure, especially for multinational businesses. For example, a UK-based organisation could be liable to fraud committed by an overseas agent of an overseas subsidiary, if some benefit arose to the UK parent company.

The offence of failure to prevent fraud is punishable by an unlimited fine. There are currently no sentencing guidelines for this offence. The Serious Fraud Office (SFO) has published guidance stating that, if an organisation promptly self-reports suspected failure to prevent fraud (or other corporate criminal offence) to the SFO and co-operates fully, it will be invited to negotiate a deferred prosecution agreement (DPA) rather than facing prosecution, unless exceptional circumstances apply.

An organisation will have a defence to the offence if it can prove that it had in place such prevention procedures as it was reasonable in all the circumstances to expect.

The law does not specify what will constitute “reasonable prevention procedures”. Generally, an organisation-wide audit is the only way of establishing this. However, the Government has published statutory guidance incorporating six principles which a court will be required to take into account in determining whether the offence has been committed.

This six principles of the guidance are (in summary):

  1. A board-level (or equivalent) anti-fraud commitment, with board-level accountability for all aspects of anti-fraud governance

  2. Ongoing, organisation-wide risk assessment

  3. Proportionate, risk-based fraud prevention procedures

  4. Proportionate, risk-based due diligence

  5. Communicating and embedding anti-fraud measures throughout the organisation via training

  6. Monitoring and reviewing fraud detection and prevention procedures

As a result of the above, employers should consider taking the following steps:

  • Implement an organisation-wide anti-fraud policy

  • Nominate a senior officer/employee to take overall responsibility for fraud prevention, reporting directly to the board (or equivalent)

  • Create and communicate an organisation-wide fraud reporting mechanism

  • Incorporate anti-fraud clauses into directors service agreements and employment/contractor agreements for exposed personnel

  • Carry out a risk assessment identifying possible exposure (including opportunities, motives and rationalisations); identify short-term actions (such as training exposed personnel or mitigating areas of high risk) and use results to direct policy, planning, training, etc.

  • Revise disciplinary and whistleblowing policies as appropriate to refer to fraud

  • Audit due diligence measures on supply chain arrangements and client contract

  • Incorporate the above steps into an internal “fraud prevention plan”

How we can help

We can provide you with employment-related advice on complying with the new requirements of the ECCTA.

For more information, please contact the team at Synchrony Law.

This article is for general information only and does not constitute legal or professional advice. Please note that the law may have changed since this article was published.

Chris Tutton