What is the Offence of failure to prevent fraud and does it affect my firm?

The Economic Crime and Corporate Transparency Act (ECCTA) received Royal Assent in December 2023. The Act included a new corporate offence of a failure to prevent fraud. In November 2024, the government issued guidance relating to the new offence and the implementation date of the new offence was announced as 1^st September 2025.

The Guidance sets out what government expects firms to do to comply with the requirement of the new corporate offence.  With less than nine months until the offence becomes law, organisations should understand the impacts of the Act, and consider how they will be compliant with the requirements by 1st September this year.

In this two part series, Bruce Viney, Director of Financial Crime Compliance Training, summarises the key clarifications and requirements set out in the guidance, in order to assist Boards, partners and Senior Managers to review and as necessary amend or create controls so that their firm will be compliant by the implementation date.

The offence arises when fraud is committed by an ‘associate’ of a firm with the intention of benefitting the organisation, and where the firm does not have in place adequate and relevant controls for the prevention and detection of fraud.

The offence applies only to ‘large, incorporated bodies and partnerships’ across all business sectors, whether regulated or not.  Such large organisations are those which meet two out of three of the following criteria:

• More than 250 employees;
• More than £36 million turnover;
• More than £18 million in total assets.

The types of fraud that are included in the offence are extensive and are included in Schedule 13 of the ECCTA. While there are variations between offences as defined under Scottish law and the laws of England and Wales, the offences broadly include most common definitions of fraud.

It is worth noting that, although the offence applies to large organisations as defined, the government’s Guidance points out that the principles outlined in the new offence represent good practice and may be helpful to smaller organisations.

The penalty for the new offence is, on indictment, a fine levied on the organisation. Courts will take account of all relevant circumstances when deciding the level of a fine in any particular case.

The Act refers to a fraudulent act as the ‘base fraud offence’.  The base fraud offence is committed by a ‘person associated with the organisation’.

An employee, an agent or a subsidiary of the relevant organisation is automatically an associated person. A person who provides services for or on behalf of the relevant organisation is also an associated person while they are providing those services.

Partners of a partnership are also associated persons.

Providing services does not include providing goods. Small organisations (i.e. that are outside the thresholds highlighted above) should be aware that they may be associated persons.

A relevant organisation does not need to actually receive a benefit, it is enough that the intention was that the organisation would be the beneficiary.  This would also apply where an associated person carried out a fraud intended to benefit the clients of the organisation.

It is important to note that the intention to benefit the organisation does not have to be the sole or even the dominant intention.  The example given in the Guidance is of a salesperson who commits a fraud to increase their own commission, but in doing so also increases the organisation’s sales.  This interpretation gives the offence a broad application.

It is also worth noting that the benefit can be financial or non-financial.

The offence only applies where there is a UK nexus. That means that one of the acts took place in the UK, or that the gain or loss occurred in the UK.

If a UK based employee commits such a fraud, the employing organisation could be prosecuted wherever it is based. On the other hand, if an overseas employee or subsidiary of a UK organisation commits a relevant fraud with no UK nexus, the corporate offence will not apply.

If an associated person commits a relevant offence with a UK nexus, an organisation will have a defence if it can demonstrate that it has in place reasonable procedures to prevent fraud. 

If the case comes to court, then the onus is on the organisation to prove that these reasonable procedures were in place at the time of the offence. The standard of proof will be the balance of probabilities.

Senior Management and Boards must review existing fraud prevention and detection controls and procedures against the requirements of the new offence.  The second part of this series outlines what Senior Managers, Boards, and partners must be doing now to ensure their firms are compliant by the implementation date. Read it here.

Alternatively, if your firm’s Senior Management & Board require additional training relating to the new offence, get in touch. Our new course, The Corporate Offence of Failing to Prevent Fraud, for Senior Management & the Board, provides Senior Management and the Board with an understanding of the key requirements and a framework for preparing for the new corporate offence of failing to prevent fraud. 

Bruce has been working in financial services for nearly 40 years, 25 of these as a learning professional focusing on compliance for a wide range of financial services companies, mainly through the analysis, design, creation and implementation of global training programmes for Tier 1 Banks and FTSE 100 companies. He has been Global Head of Compliance Learning for such firms three times and has provided compliance learning consultancy to similar companies many times. 

Bruce has also provided compliance training and consultancy in other fields such as real estate, industrial supply chains, charities, payment services providers, gambling and casinos and many others.  

A former Director of Training for CISI, Bruce has extensive experience of compliance and financial services-related qualifications and qualified as a Chartered Accountant with Price Waterhouse (as it was then known).

Bruce provides excellent training events on compliance, with a specific focus on financial crime, including all aspects of anti-money laundering, anti-bribery and corruption, fraud and sanctions.