Understanding The New Offence of Failing to Protect Fraud

The Economic Crime and Corporate Transparency Act 2023 has introduced a change in UK corporate law: the offence of ‘failure to prevent fraud’.

This new legislation, set to come into effect on 1 September 2025, places significant responsibility on large organisations to prevent fraud within their operations.

This short guide is designed to help you to understand the changes and to prepare effectively.

Understanding the new offence

The failure to prevent fraud offence applies to any large organisation across all sectors of the UK economy. Your organisation may be affected if it meets at least two of these criteria:

• More than 250 employees
• More than £36 million turnover
• More than £18 million in total assets

The legislation covers a wide range of fraudulent activities as set out in the Fraud Act 2006. And includes three key sections:

• Fraud by false representation (Sect. 2)
• Fraud by failing to disclose information (Sect. 3)
• Fraud by abuse of position (Sect. 4)

Other sections of the Fraud Act 2006, Theft Act 1968 and common law are also covered, including false accounting, participation in a fraudulent business, obtaining services dishonestly, false statements by company directors, cheating the public revenue and fraudulent trading.

It’s important to note the offence applies when the base fraud is committed by associated persons – including employees, agents, and subsidiaries – with the intention of benefiting the organisation or its clients.

Additionally the offence applies where part of the fraud occurred in the UK or the gain or loss happened here. This is known as a UK nexus.

Your defence and penalties for failing to comply

Organisations can defend themselves by proving they had reasonable fraud prevention procedures in place, or that it wasn’t reasonable to expect such procedures. Chapter 3 of the legislation states that your fraud prevention framework should be informed by the following six principles:

• Top level commitment
• Risk assessment
• Proportionate risk-based prevention procedures
• Due diligence
• Communication (including training)
• Monitoring and review

Full details of what these mean and examples of what classes as reasonable fraud prevention procedures have been outlined in the Act and can be found here. If convicted, organisations may face significant fines, the extent of which are determined on a case-by-case basis.

How can you protect your organisation?

As Internal Audit specialists we understand that navigating this new legislation can seem daunting. That’s why we’re committed to supporting you every step of the way by:

Conducting comprehensive risk assessments: We’ll help you identify potential fraud risks specific to your organisation before they become a problem.

Reviewing your internal control framework: Our specialists review your systems of internal control and provide insights and recommendations on where there are gaps and how to strengthen these.

Reviewing due diligence processes: We review your due diligence procedures for employees, agents, and third-party service providers, providing advice on their adequacy and suitability.

Providing training support: We’ll help develop and deliver fraud awareness training programmes for your staff.

Considering reporting mechanisms: We’ll provide advice to help you implement secure channels for reporting suspected fraudulent activities.

Monitoring compliance: Our experts review your existing levels of compliance, providing guidance and feedback on areas that could be enhanced.

How to prepare for the future?

While the implementation date of 1 September 2025 may seem a while away, it’s important to start preparing now. Proactive steps will not only help to ensure compliance but will also protect your organisation from the financial and reputational damage caused by fraud.

At Scrutton Bland, we’re dedicated to helping you navigate these changes with confidence. Our approachable team is ready to provide tailored advice and support, ensuring your organisation is well-prepared for this significant shift in corporate accountability.

Don’t let the new failure to prevent fraud offence catch you off guard. Contact Leisyen or one of our Risk and Assurance team by calling 0330 058 6559 or email hello@scruttonbland.co.uk to discuss how we can help you build a robust fraud prevention framework and safeguard your organisation’s future.