How Businesses Should React to New UK Guidance on Failure to Prevent Fraud

The UK Government’s recent publication of official guidance on the corporate criminal offence of failure to prevent fraud (the Guidance) marks a pivotal moment for businesses. With the offence coming into effect on 1 September 2025, companies must now prepare to meet their compliance obligations or face potential criminal liability if an associated person commits fraud to benefit the business. This article explores the Guidance, its key principles, and what businesses need to know to mitigate risks effectively.

Overview of the Failure to Prevent Fraud Offence

The new offence, introduced under the Economic Crime and Corporate Transparency Act 2023 (ECCTA), imposes criminal liability on large organisations if an associated person, such as an employee, agent or contractor, commits fraud for the organisation’s benefit. 

Notably:

• the offence applies to organisations meeting at least two of the following criteria: a turnover exceeding £36 million, a balance sheet total over £18 million and/or more than 250 employees; and
• liability arises regardless of whether the business benefits directly or indirectly.

The good news for businesses is that a robust defence exists: demonstrating that the organisation had reasonable procedures to prevent fraud at the time of the offence. If no procedures were in place, the organisation must prove this was reasonable under the circumstances.

Key Principles in the Guidance

The Guidance draws heavily from previous “failure to prevent” offences under the Bribery Act 2010 and the Criminal Finances Act 2017, offering six foundational principles:

1. Top-Level Commitment

Leadership must set the tone from the top by embedding an anti-fraud culture. Boards and senior managers should:

• clearly articulate the benefits of anti-fraud measures, such as enhanced reputation and stakeholder confidence;
• monitor relevant data to evaluate the effectiveness of fraud prevention programmes; and
• commit resources, including budgets for training and technology, to ensure robust implementation of anti-fraud controls.

2. Risk Assessment

A tailored risk assessment is the cornerstone of effective fraud prevention. The Guidance recommends:

• regular reviews of fraud risks based on the fraud triangle (opportunity, motive, and rationale); 
• factoring external changes, such as mergers or market expansions, into risk assessments; and
• integrating risk insights into business continuity and disaster recovery plans.

3. Proportionate Risk-Based Prevention Procedures

Procedures should align with the organisation’s specific risks and build on existing compliance frameworks. Businesses should:

• ensure fraud prevention measures address all relevant offences under the ECCTA;
• periodically test and adapt controls to remain effective against evolving threats; and
• incorporate sector-specific guidance and legal precedents into their procedures.

4. Due Diligence

Thorough due diligence on employees, agents, and third-party contractors is essential. Organisations should:

• incorporate fraud detection mechanisms into recruitment and contracting processes; and
• reassess due diligence efforts in light of broader fraud risks, including cultural factors within the organisation.

5. Communication (including Training)

Awareness and education are critical for embedding anti-fraud policies. The Guidance emphasises:

• comprehensive training programmes tailored to high-risk functions, such as finance and sales;
• clear, consistent communication from leadership to ensure policies are adhered to at all levels; and
• practical messaging that goes beyond rhetoric to demonstrate actionable commitment.

6. Monitoring and Review

Continuous monitoring ensures the effectiveness of fraud prevention measures. Organisations should:

• evaluate whistleblowing mechanisms and data analytics tools for fraud detection;
• use internal audits and external resources to refine fraud prevention strategies; and
• respond proactively to external triggers, such as regulatory changes or enforcement actions.

Addressing Legal Ambiguities

The Guidance clarifies several contentious aspects of the offence, though some uncertainties remain:

Intent to Benefit

For the offence to apply, the associated person must intend to benefit the business or its clients, either directly or indirectly. The Guidance notes that the benefit need not be the sole or dominant motivation. 

Corporate Governance Guide for SMEs in the UK

This guide will help you to understand your corporate governance responsibilities as a director, including the decision-making processes

Download Now

For instance, if a salesperson commits fraud to increase their commission, but in doing so also increases the company’s sales. Even though this was not their primary motivation, the intention to benefit the company can be inferred because the benefit to the salesperson is contingent on the benefit to the company.

Non-Financial Benefits

Interestingly, the Guidance expands the definition of benefits to include non-financial advantages, such as gaining an unfair business edge. While this broad interpretation aligns with competitive practices, it raises questions about its practical application in prosecutions.

Victim Defence

The victim defence applies if the organisation is the target of fraud intended to benefit its clients.

Extra-Territorial Scope

The offence’s extraterritorial reach extends to large UK-based and non-UK businesses if fraud involves a UK nexus. This creates additional complexities for multinationals, which must evaluate whether to implement group-wide policies or adopt a jurisdiction-specific approach.

Practical Steps for Businesses

With the offence’s commencement date approaching, businesses should focus on:

1. Conducting a Gap Analysis: Assess current anti-fraud measures against the Guidance’s six principles;
2. Enhancing Governance: Assign clear responsibilities to senior stakeholders for overseeing compliance efforts;
3. Investing in Training: Equip employees with the knowledge to identify and report fraud risks effectively;
4. Testing and Auditing Controls: Regularly evaluate the robustness of fraud prevention measures through internal audits and external reviews; and
5. Engaging Legal Experts: Seek advice to navigate complex aspects such as cross-border fraud risks and regulatory overlaps.

Key Takeaways

The new offence of failure to prevent fraud significantly raises the stakes for large organisations in fraud prevention. While the Guidance provides a solid framework, businesses must act swiftly to address compliance gaps and mitigate risks. Key takeaways include:

• the offence applies to large organisations where associated persons commit fraud with the intent to benefit the organisation or its clients;
• businesses can avoid liability by demonstrating reasonable prevention procedures aligned with the six principles;
• proactive measures, including tailored risk assessments, due diligence, and training, are crucial for compliance; and
• ambiguities, particularly around non-financial benefits and extraterritorial applications, warrant further attention from regulators and legal practitioners.

By effectively leveraging the Guidance, businesses can not only comply with the law but also build a culture of integrity that strengthens their reputation and operational resilience. As the 1 September 2025 deadline approaches, the time to act is now.

If you need help with anti-fraud compliance, our experienced corporate lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.

Frequently Asked Questions