The Offence of failure to prevent fraud – what it is and what should Senior Managers and the Board do now?

The UK Government has responded to the rapidly increasing threat of fraud by introducing a new corporate offence of failing to prevent fraud, which comes into effect on 1^st September this year.

With less than nine months until the offence becomes law, organisations should be thinking now about how to ensure that they will be compliant with the requirements by 1st September 2025.

In this article, Bruce Viney, Director of Financial Crime Compliance Training, discusses what Senior Managers, Boards, and partners must be doing now to ensure their firms are compliant by the implementation date.

In November 2024, the government issued guidance relating to the new offence.

This Guidance sets out a framework for fraud prevention controls, and should inform an organisations approach to putting in place reasonable procedures to prevent fraud. The Guidance follows the same six principles that are applied in relation to both the Bribery Act and the Criminal Finances Act (both of which include ‘failure to prevent’ offences).  These are:

• Top level commitment
• Risk assessment
• Proportionate risk-based prevention procedures
• Due diligence
• Communication including training
• Monitoring and review

Boards and Senior Management must review existing fraud prevention and detection procedures against the requirements of the new offence.  This review needs to start as soon as possible given the relatively short timeline to the implementation of the offence.

Responsibility for the prevention and detection of fraud rests with those charged with governance of the organisation - the Board of Directors, partners and other Senior Management.

Senior Management should consider their own role in fraud prevention and detection, and ensure it meets the expectations of the new corporate offence and the Guidance.

This responsibility includes fostering a culture in the organisation which clearly signals that any fraud is unacceptable.  This will include:

• communicating and endorsing the organisation’s stance on fraud, including articulating the consequences for anyone carrying out a fraud;
• ensuring clear governance;
• providing a strong commitment to training; and
• ensuring appropriate resourcing and leading by example.

Senior Management are responsible for identifying, assessing and mitigating all relevant risks to the organisation.  Regulated firms will be familiar with applying a risk-based approach across financial crime generally.  As part of the review of procedures, Senior Management should review any existing risk assessment that addresses fraud risk, and carry out a gap analysis against the new requirements.

There is no requirement to have a separate risk assessment for fraud, although organisations may find this helpful.

Due to the breadth and potential complexity of defining an ‘associated person’ the Guidance suggests that an organisation’s fraud risk assessment begins by identifying all associated persons in relation to the organisation.

The Guidance provides extensive examples of risk best practice in the context of fraud (it is not practical to cover them in this article, but firms should review the examples to identify relevant issues for their organisation). 

Senior Management may consider taking third party advice on fraud typologies, as these require a detailed understanding of the motives for fraud, the methods that are used and the mentality of different types of fraudsters.  Fraud today is very different to fraud of only a few years ago.

Senior Management should review these requirements against any existing fraud risk assessments and consider any required additions or changes.

Senior Management are responsible in general for ensuring that the organisation has proportionate procedures in place for managing financial crime risk, and the Guidance requires similar procedures for the prevention of fraud.

This is likely to include drawing up a fraud prevention plan, with procedures that are proportionate to the risks of fraud for the particular organisation.  Where suitable and sufficient proportionate controls already exist, it may not be necessary to duplicate controls to address the corporate offence.

Senior Management should consider existing relevant controls, in particular those relating to reducing opportunities and motivation for fraud, and assess these in the light of the requirements laid out in the Guidance, with reference, among other things, to the fraud triangle.

Senior Management should ensure the provision of risk-based, proportionate training to all relevant staff and other associated persons.  Specific, tailored training might be appropriate for associated persons who perform tasks or occupy roles with a higher risk of opportunities for relevant fraud. More information on CCL Academy’s Financial Crime training courses can be found here.

Senior Management should ensure that staff and other associated persons are familiar with the firm’s whistleblowing policies and procedures. Whistleblowing is one of the most effective controls for detecting potential or actual fraud.

For the purposes of fraud, monitoring and review means:

• A regular and consistent review of all fraud-related risk assessments and controls to ensure that they continue to be proportionate and effective.
• Controls to detect fraud and attempted fraud.
• Investigation of suspected fraud.

Senior Management need to consider each of these in the context of the new corporate offence. For example:

• Do the existing procedures meet the requirements of the new corporate offence and related guidance?
• What checks, analyses, reconciliations, management information and other controls are in place to detect fraud, and are they sufficient and appropriate in the light of the new corporate offence?
• Does the organisation have sufficient staff, with appropriate experience, to detect anomalies, indicators or other red flags that might indicate fraud?
• Where fraud is detected and investigated, are lessons learned fed back, and are controls changed to reflect new threats or typologies?

The new corporate offence of a failure to prevent fraud has several implications for Boards, partners and Senior Management.

The new offence requires all large organisations to review their fraud prevention and detection controls in the light of the government’s Guidance. Senior Management should begin now to review their organisations existing controls against the new requirements, so that their organisation may be compliant with all relevant requirements by 1st September this year.

For in-depth training and a deeper understanding of the key requirements and a framework for preparing for the new corporate offence of failing to prevent fraud, get in touch and discover more about our new The Corporate Offence of Failing to Prevent Fraud course for Senior Management & the Board.

Bruce has been working in financial services for nearly 40 years, 25 of these as a learning professional focusing on compliance for a wide range of financial services companies, mainly through the analysis, design, creation and implementation of global training programmes for Tier 1 Banks and FTSE 100 companies. He has been Global Head of Compliance Learning for such firms three times and has provided compliance learning consultancy to similar companies many times. 

Bruce has also provided compliance training and consultancy in other fields such as real estate, industrial supply chains, charities, payment services providers, gambling and casinos and many others.  

A former Director of Training for CISI, Bruce has extensive experience of compliance and financial services-related qualifications and qualified as a Chartered Accountant with Price Waterhouse (as it was then known).

Bruce provides excellent training events on compliance, with a specific focus on financial crime, including all aspects of anti-money laundering, anti-bribery and corruption, fraud and sanctions.