The new failure to prevent fraud offence under the Economic Crime and Corporate Transparency Act 2023 (ECCTA) represents a major shift in corporate liability. Large organisations can now be prosecuted if a person acting on their behalf commits fraud to benefit the business, and the organisation did not have reasonable prevention measures in place.
Much like the corporate offences under the UK Bribery Act 2010 and the Criminal Finances Act 2017, the legislation makes businesses responsible for preventing wrongdoing in their operations and networks.
With enforcement starting in September 2025, organisations need to act now to understand the requirements and implement robust fraud-prevention procedures.
What is the failure to prevent fraud offence?
The ‘fraud offence’, set out in Section 199 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA), makes large organisations criminally liable if a person associated with them commits certain fraud offences for the organisation’s benefit, and the organisation did not have reasonable procedures in place to prevent it.
The offence is designed to drive a proactive approach to fraud risk management by encouraging businesses to identify, assess, and reduce fraud risks before wrongdoing occurs.
Who does the fraud offence apply to?
The failure to prevent fraud offence applies only to large organisations operating in or doing business in the UK. To fall within scope, an organisation must meet at least two of the following criteria in the financial year prior to the offence:
- £36 million or more in turnover
- £18 million or more in total assets
- 250 or more employees
This includes companies, partnerships, and subsidiaries, regardless of whether they are UK-based or foreign-owned, as long as they carry out some part of their business in the UK.
The offence centres on the actions of an associated person (someone who performs services for or on behalf of the organisation). This could include:
- Employees
- Agents
- Subsidiaries
- Contractors or other service providers.
If an associated person commits certain types of fraud to benefit the organisation, and the organisation did not have reasonable procedures in place to prevent it, the organisation can be held criminally liable, even if senior leadership was unaware of the conduct.
Does the fraud offence apply to companies incorporated abroad?
The prevent fraud offence applies to any large organisation that carries on business in the UK, even if it is incorporated overseas. If a non-UK company has a UK presence and an associated person commits a relevant fraud offence that benefits the organisation, it could still be held liable.
When does the fraud offence come into force?
The fraud offence was introduced as part of the Economic Crime and Corporate Transparency Act 2023, which received Royal Assent in October 2023.
However, the offence is not immediately enforceable. It will come into force on 1 September 2025, following a transitional period intended to give organisations time to understand the requirements and implement reasonable fraud-prevention procedures.
What types of fraud are covered?
The fraud offence is triggered when an associated person commits certain specified fraud offences intending to benefit the organisation (or another person to whom they provide services on the organisation’s behalf).
Importantly, the offence does not apply to fraud committed against the organisation (inward fraud), but only to outward fraud where the business stands to gain. This is a breakdown of the fraud offences covered under the ECCTA:
Fraud by false representation
This occurs when a person makes a dishonest representation that they know or believe is false, with the intent to gain a benefit or cause a loss.
Example: an employee falsely inflates company revenue figures to win new business or secure investment, which benefits the organisation.
Fraud by failing to disclose information
Where a person dishonestly fails to disclose information when they are under a legal duty to do so, intending to make a gain or cause a loss.
Example: an agent fails to reveal a conflict of interest in a tender process, helping the company win a contract.
Fraud by abuse of position
This involves a person abusing a position of trust or responsibility to benefit themselves or the organisation.
Example: a finance manager uses insider knowledge to manipulate reports or pricing to benefit the company fraudulently.
False accounting
Occurs when accounting records are intentionally altered, omitted, or presented misleadingly to gain a benefit.
Example: creating fictitious transactions or misreporting profits to meet performance targets that benefit the organisation.
Cheating the public revenue
A broad common law offence involving dishonest conduct intended to deprive HMRC of tax revenue.
Example: underreporting income or inflating expenses in company tax returns to reduce liability and retain more funds in the business.
Fraudulent trading
Engaging in business with intent to defraud creditors or for any fraudulent purpose.
Example: a company continues trading while knowingly insolvent and taking deposits from customers without any intention to deliver goods or services.
Statements to mislead auditors or directors
Knowingly or recklessly making false or misleading statements to auditors or directors, often to cover up poor performance or financial risk.
Example: suppressing key information about liabilities or exposure when preparing accounts for board sign-off or audit.
What is the defence?
The only defence available to an organisation charged under the failure to prevent fraud offence is to show that it had reasonable procedures in place to prevent associated persons from committing fraud on its behalf (or that it was not reasonable to expect such procedures in the circumstances).
To help organisations meet this requirement, the Home Office has set out six guiding principles to underpin an anti-fraud framework:
1. Top-level commitment
Senior leaders must actively promote a culture of integrity and transparency. The board or equivalent governing body should visibly support and resource fraud prevention efforts, making it clear that fraud will not be tolerated.
2. Fraud risk assessment
Organisations must assess the specific risks of outward fraud within their operations, supply chains, and markets. This includes areas such as ESG reporting, client acquisition, contract negotiations, and financial reporting (where the temptation or opportunity to commit fraud may be greatest).
3. Proportionate procedures
Fraud-prevention controls should be tailored to the organisation’s size, complexity, sector, and risk profile. There is no “one-size-fits-all” approach. Measures should be practical, targeted, and scalable to address identified risks effectively.
4. Due diligence
Organisations should carry out due diligence on third parties, including clients, suppliers, agents, and any individuals or entities involved in mergers or acquisitions. This helps identify red flags and ensures that those acting on behalf of the organisation meet expected ethical standards.
5. Communication and training
Fraud-prevention policies and expectations must be clearly communicated across the organisation. Employees and relevant third parties should receive regular, tailored fraud prevention training to help them understand fraud risks and their responsibly to prevent misconduct.
6. Monitoring and review
Organisations must regularly review and improve their fraud-prevention measures. This includes staying alert to emerging threats, such as digital scams or fraud-as-a-service, and adapting policies and procedures to remain effective over time.
Practical steps to take now
To be effective, fraud prevention must be embedded into the organisation’s broader compliance and governance frameworks. This means aligning fraud controls with existing anti-bribery, anti-money laundering (AML), and corporate governance measures, and reflecting fraud risks in annual reports, audit outcomes, and ESG strategies.
In the lead-up to enforcement of the failure to prevent fraud offence, organisations should take the following key steps:
- Conduct a comprehensive fraud risk assessment to identify where outward fraud could occur across operations, departments, and third-party relationships.
- Review and update internal controls and due diligence processes, particularly in areas like procurement, client onboarding, and mergers and acquisitions.
- Train employees to recognise and report outward fraud, especially in high-risk functions such as sales, finance, and supply chain.
- Document decision-making and fraud risk mitigation efforts to evidence your compliance journey.
- Embed fraud prevention into broader governance frameworks, including ESG disclosures, internal audits, and the UK Corporate Governance Code.
- Appoint a board-level sponsor or establish a cross-functional working group to oversee implementation and ongoing monitoring.
For detailed guidance on each step, please see our article, How to prevent corporate fraud: strategies for businesses.
What happens if you get it wrong?
Organisations that fail to prevent fraud face unlimited fines, with penalties reflecting the seriousness of the offence. The reputational damage can be significant, undermining stakeholder trust, attracting investor concern, and inviting greater regulatory scrutiny.
In England and Wales, prosecution may be avoided through a Deferred Prosecution Agreement (DPA). A DPA is a court-approved deal where the organisation admits wrongdoing and agrees to conditions such as a fine, compliance improvements, and cooperation. However, DPAs are not available in Scotland or Northern Ireland.
Prepare your team with fraud awareness training
With the failure to prevent fraud offence coming into force in September 2025, now is the time to ensure your organisation understands the guidance and is prepared. Fraud awareness training strengthens your defence and helps embed a culture of integrity across your business.
Praxis42 offers two targeted eLearning courses:
- Fraud Awareness Training for Employees: helps employees recognise common fraud risks, understand their responsibilities, and know how to report concerns.
- Fraud Awareness Training for Managers: provides managers with the tools to identify fraud risks in their teams, implement controls, and support organisational compliance.
Find out more about Fraud Awareness Training for Employees and Fraud Awareness Training for Managers on our website, or talk to our friendly team on 0203 011 4242/ info@praxis42.com to find out how we can tailor courses to your organisation and activities.
