The offence of “Failure to prevent fraud”

Management

James Evison and Miranda Joseph at Stevens & Bolton explore a legal and strategic requirement for senior leadership

The introduction of the “failure to prevent fraud” offence under the Economic Crime and Corporate Transparency Act 2023 (“ECCTA”) represents a significant step in the UK’s corporate criminal liability framework. The new offence, which came into force on 1 September 2025, places substantial responsibility on boards, C-suite executives, and senior management. The legislation demands not only awareness but demonstrable leadership in embedding anti-fraud measures across the organisation.

To ensure compliance with the new regime, businesses must take time to understand the obligations it imposes, remain alert to common compliance pitfalls, and equip senior leaders with practical steps to mitigate risk.

ECCTA: what is it?

The penalty for the new corporate criminal offence of “failure to prevent fraud” is an unlimited fine, but individuals within a business will not be held individually liable for failure to prevent fraud. There are however already a range of offences for which individuals may be prosecuted, such as committing, encouraging, or assisting fraud.

Under the new legislation, large organisations are held accountable for fraudulent activities committed by their employees, agents, subsidiaries, or other "associated persons" intended to benefit the organisation. The offence covers a range of specific fraud offences, referred to as "base fraud" offences, which are detailed in Schedule 13 of ECCTA (e.g. embezzlement, false accounting, false statements by company directors, and obtaining services dishonestly).

An organisation can defend itself by proving (on the balance of probabilities) that it had reasonable procedures in place to prevent fraud, or that it was unreasonable to expect it to have such procedures in place.

Preparing for the failure to prevent fraud duty

The Home Office guidance to organisations on the failure to prevent fraud suggests that the fraud prevention framework put in place by relevant organisations should be informed by the following six principles (see Chapter 3).

Top level commitment
Risk assessment
Proportionate risk-based prevention procedures
Due diligence
Communication (including training)
Monitoring and review

Notably, “top level commitment” is first on the list and is likely to be a particularly significant factor when considering the prevention measures a company has established. It is therefore a good place for business leaders to start when considering implementing internal improvements.

Common pitfalls

Organisations risk non-compliance due to some common misplaced assumptions. Some may assume that their existing controls will be sufficient. While many firms, particularly in regulated sectors, have fraud prevention measures in place, these may not be broad enough or tailored to the specific risks contemplated by ECCTA. A generic compliance framework will not necessarily suffice.

Another potential area for error is the failure to consider the full scope of “associated persons”. This term includes not only employees but also contractors, subsidiaries, and potentially even third-party service providers where they are providing service for or on behalf of the organisation. Organisations must assess fraud risks across their entire operational footprint, including outsourced functions.

Documentation is another area of weakness. It is not enough to have procedures in place, they must be properly recorded, regularly reviewed, accessible to staff and demonstrably enforced.

Finally, some boards may delegate fraud prevention entirely to compliance teams, without maintaining proper oversight. This undermines the principle of top-level commitment and may expose the organisation to liability if procedures are found to be inadequate or inconsistently applied.

Practical steps to take

In line with the legislative guidance, there are several important steps which a company should prioritise to ensure they are well-prepared for the failure to prevent fraud offence.

Importantly, companies must harness the influence of senior leadership to drive compliance and ensure that senior management demonstrates a clear commitment to preventing fraud. This includes setting a tone at the top that fraud is unacceptable. Specific responsibilities for fraud prevention should be assigned to senior leaders, and sufficient resources allocated, including budget and personnel, to implement and maintain fraud prevention measures.

Companies must identify risks and develop procedures for tackling these. They should conduct a thorough risk assessment to identify potential fraud risks within the organisation and assess the effectiveness of existing controls and identify areas for improvement.

Companies should develop and implement fraud prevention procedures that are proportionate to the identified risks. To ensure these remain effective, companies should: regularly review and update them in response to new and emerging risks. Due diligence should be conducted on third parties, including suppliers and partners, to ensure they have robust fraud prevention measures in place, and thorough vetting processes should also be implemented for new hires to mitigate the risk of internal fraud.

In practice, these procedures should be supported by systems to monitor continuously for signs of fraud. Businesses can use metrics and key performance indicators (KPIs) to monitor compliance performance and conduct regular internal audits to ensure compliance with fraud prevention procedures. Again, it will be required to assess regularly the effectiveness of these compliance measures and make necessary adjustments.

Underpinning this work at all levels, it is essential to foster an open culture where staff feel comfortable reporting suspicious activities. Developing and delivering regular training programmes to educate employees about fraud risks and prevention measures will reinforce this, as will communicating clear anti-fraud policies and procedures to all employees and associated persons.

Leading by example

For boards and senior executives, leadership in fraud prevention is no longer optional. It is a statutory duty, and one that must be taken seriously.

Crucially, the failure to prevent fraud offence should not be viewed merely as a legal obligation, but an opportunity for organisations to strengthen their governance and build resilience against economic crime.

James Evison, Partner, and Miranda Joseph, Senior Knowledge Lawyer, Stevens & Bolton

Main image courtesy of iStockPhoto.com and designer491