Navigating the new 'Failure to Prevent Fraud' guidance: A compliance and financial crime perspective

3 March 2025

Fraud continues to be a significant challenge for businesses in the UK, resulting in billions of pounds lost annually to fraudulent activities.

According to the 2023 Annual Fraud Indicator Report, the annual cost of fraud in the UK is estimated to be £219 billion¹. The Economic Crime and Corporate Transparency Act 2023 introduces a new 'failure to prevent fraud' offence, which comes into force on 1 September 2025. The UK government subsequently published guidance on 6 November 2024, setting out how firms can take action to curb corporate fraud. This article explores the impacts of this new guidance on large organisations and provides insights into effective compliance and financial crime prevention strategies.

How did we get here?

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) represents a pivotal step in the UK's battle against economic crime, with aims that include enhanced Companies House powers and improved transparency of beneficial ownership. Arguably, the most significant impact of the ECCTA is the introduction of the ‘failure to prevent fraud’ offence, which aims to hold large organisations accountable for fraudulent activities conducted by employees or agents ('associated persons'). This offence is intended to promote a culture of transparency and integrity within corporate entities.

What are the key provisions of the new guidance?

Scope of the offence

The new guidance targets large organisations, which are defined as those meeting two out of three of the following criteria: a turnover of more than £36 million, a balance sheet total of more than £18 million, or more than 250 employees. The offence encompasses various types of fraud, such as false accounting, fraudulent trading, investors in an IPO, mis-selling of financial products, and greenwashing (misleading statements regarding the environmental impact of a product).

Reasonable procedures

To avoid liability, organisations must demonstrate that they had "reasonable fraud prevention procedures" in place. The guidance outlines several principles for these procedures, including risk assessment, proportionality, top-level commitment, due diligence, communication, monitoring and review.

What are the implications for organisations?

Compliance commitment

Organisations will need to ensure that their leadership is visibly and actively engaged in fraud prevention efforts. Senior management must demonstrate a strong commitment to preventing fraud. This means fostering a culture where fraud is unacceptable and ensuring that anti-fraud measures are a priority at the highest levels of the organisation. Liability for this offence does not depend on whether the firm instructed or had knowledge of the fraud taking place, meaning there is additional pressure for firms to ensure appropriate controls are in place.

Risk assessment

A thorough risk assessment is crucial for identifying areas where fraud is most likely to occur. This process should involve evaluating internal and external risks, considering the nature of the business, and understanding the potential impact of fraud on the organisation.

Proportionate procedures

Businesses must tailor their anti-fraud measures to their specific circumstances, ensuring that fraud prevention procedures are proportionate to the risks identified and the size, nature, and complexity of the organisation.

Due diligence

Organisations will need to scrutinise their relationships with third parties, ensuring that they have robust processes in place to assess and monitor these third-party relationships.

Communication and training

Regular training and awareness programmes are essential to ensure that employees and associated persons understand their roles in preventing fraud. These programmes should cover the organisation's fraud prevention policies, the legal implications of fraud, and the importance of ethical behaviour.

Monitoring and review

Effective internal controls and monitoring mechanisms are vital for detecting and preventing fraud. Organisations should implement controls such as segregation of duties, regular audits, and real-time monitoring of transactions to identify suspicious activities.

Reporting and Whistleblowing

Robust reporting and whistleblowing mechanisms are essential for encouraging employees to report suspected fraud. Organisations should establish clear and confidential reporting channels and protect whistleblowers from retaliation to promote a culture of transparency.

Associated Persons

The failure to prevent offence includes the concept of an "associated person", which is broadly defined to include employees, agents, subsidiaries, and other individuals or entities performing services for or on behalf of the organisation. This wide definition ensures that organisations are responsible for the actions of a broad range of individuals connected to their operations.

What does this look like in practice?

Several organisations have successfully implemented anti-fraud measures that align with the new guidance. For instance, a major player in the financial services industry recently overhauled its fraud prevention framework. This initiative led to a 30% reduction in fraudulent activities within the first year. By leveraging advanced data analytics and machine learning, they were able to identify and mitigate potential fraud risks more effectively.

Conclusion

The introduction of the ‘failure to prevent fraud’ guidance marks a significant step forward in the UK's efforts against corporate fraud. Organisations must take proactive measures to adhere to the guidance, such as conducting risk assessments, implementing robust fraud prevention procedures, and fostering an anti-fraud culture. These actions will help firms avoid regulatory intervention and contribute to a more transparent and ethical business environment.

Organisations need to evaluate their existing fraud prevention measures and take immediate steps to align with the new guidance. By focusing on fraud prevention, they can safeguard their operations, mitigate the risks of internal fraud and bolster their reputation for integrity and accountability.

Get in touch with our financial services experts

If you would like to speak with a member of our Financial crime team, please contact us today.

Explore our Financial services pages

Financial services insights

Expert insights surrounding the financial services sector.

Financial crime risk management & compliance

With technology evolving at a rapid pace, an ever changing geopolitical and macro-economic environment, and evolving regulatory requirements, it is essential that firms are aware of the key risks posed by financial crime.

Hugh Buttrick Manager - Forensics & Valuations - London

Detailed profile

Luke Firmin Director - Financial Crime - London