Failure to Prevent Fraud – Guidance From an Auditor’s Perspective

The Economic Crime and Corporate Transparency Act (ECCTA) took effect from 1 September 2025 and introduces a new corporate offence – Failure to Prevent Fraud.

The Government’s aim is to strengthen accountability in the fight against fraud, currently estimated to cost the UK economy over £200bn each year.

For those organisations prosecuted and convicted, the consequences can be serious:

• Unlimited financial penalties
• Exposure to civil claims alongside criminal sanctions
• Significant reputational damage

Leisyen Cox, Associate Audit Partner takes a look at what the legislation includes, who it affects, and what you can do to stay compliant.

Who The Act Applies To

The legislation is primarily aimed at larger organisations.

Your institution will be in scope if, in the financial year before the alleged fraud, it meets two or more of the following criteria:

• It employs more than 250 staff
• It has a turnover exceeding £36m
• It holds assets worth more than £18m

This means many organisations will fall within the threshold because of staff size and asset levels.

And for those not legally in scope, there still remains a strong expectation from regulators and funders that they demonstrate robust anti-fraud arrangements as a matter of good governance and sector best practice.

What “Failure to Prevent Fraud” Means

The new offence creates organisational liability if an “associated person” commits fraud, and the institution did not take reasonable steps to prevent it. The term “associated person” is deliberately wide and includes:

• Employees
• Contractors and agents
• Subsidiaries working on the organisation’s behalf

Actual knowledge of the fraud by senior staff is not required for liability to arise.

Suggested Fraud Prevention Procedures

The Government guidance outlines a six-pillar fraud prevention framework to guide organisations in developing a proportionate approach to fraud prevention. The pillars align closely with good governance practice already familiar to Boards and Audit Committees in the public sector:

Top level commitment: Fraud prevention and detection is the responsibility of an organisation’s governing body and senior management, who must lead by example, establish clear governance, provide training and resources, and foster an open culture where fraud is never acceptable.

Risk assessment: Organisations must carry out dynamic and regularly reviewed fraud risk assessments that identify different types of associated persons and potential fraud scenarios, using frameworks such as the fraud triangle to evaluate opportunity, motive, and rationalisation.

Proportionality to the risk: Organisations should implement clear, practical, and proportionate fraud prevention procedures based on their risk assessment, ensuring controls are tailored to the level of oversight over associated persons, aligned with existing compliance measures, and documented when risks are not specifically addressed.

Due diligence: Organisations must apply proportionate, risk-based due diligence on all associated persons and transactions, including partners, agents, and mergers or acquisitions, using appropriate tools, contract controls, and ongoing monitoring to address and mitigate identified fraud risks.

Communication: Organisations should ensure fraud prevention policies are clearly communicated and embedded at all levels through consistent messaging and training, so that staff and associates understand expectations, can identify risks, and follow proper reporting procedures.

Monitoring and review: Organisations should continuously monitor, investigate, and review their fraud detection and prevention procedures, adapting them over time by learning from incidents, whistleblowing, and sector developments, to ensure controls remain effective and proportionate to evolving risks.

To help you better understand how this may apply within your organisation, we’ve collated some examples of what Failure to Prevent Fraud could look like.

Example 1 – False Representation in Grant Awards

What it looks like

Staff or agents provide misleading information or falsified documents when applying for government grants, allowing the organisation to secure funding it isn’t entitled to.

How to prevent it

• Conduct thorough due diligence checks on all grant applications, including background verification and retaining supporting evidence.
• Provide staff with anti-fraud training specific to grant funding requirements.
• Make sure staff have adequate knowledge of the processes that should be followed and the evidence to retain.

Possible controls

• Automated document verification tools to detect inconsistencies.
• Segregation of duties between staff preparing and those signing off applications.
• Regular audits and reviews of awarded grants to ensure compliance.

Example 2: Cheating the Public Revenue

What it looks like

Employees under-report liabilities, inflate allowable expenses, or misrepresent activities in reports submitted to HMRC or funding bodies, to reduce the organisation’s tax or clawback exposure.

How to prevent it

• Create clear policies and provide mandatory training on truthful and accurate financial reporting.
• Establish whistleblowing procedures for staff to report unethical practices.

Possible controls

• Independent review and approval of financial statements before submission.
• Periodic compliance audits by internal or external teams.
• Data analytics to flag anomalies in reported figures.

Example 3: Fraudulent Tendering and Procurement Practices

What it looks like

Internal staff or agents collude with suppliers to inflate contract prices, submit false tenders, or manipulate procurement criteria so the organisation secures contracts unethically, benefitting organisational budgets or targets.

How to prevent it

• Vet all bidders with third-party background checks.
• Make procurement rules clear, require tender panel independence, and rotate panel members.
• Ensure transparency with open tendering and clear audit trails.
• Train procurement teams to recognise collusion and report suspicions.

Possible controls

• Use e-procurement platforms to maintain robust data trails.
• Rotate duty between key procurement staff to prevent coercive relationships.
• Require all tender decisions to be signed off by an independent panel.

Example 4: Concealing Service Failures to Retain Funding

What it looks like

Managers suppress information about service failures or non-delivery to avoid reductions in public funding, meaning the organisation benefits fraudulently by retaining funds it shouldn’t have.

How to prevent it

• Implement whistleblower hotlines and foster a culture of openness around reporting shortcomings.
• Mandate periodic, independent reviews of performance data.

Possible controls

• Data analytics to cross-check service delivery against reported outcomes.
• Policy that requires all adverse findings to be transparently reported to governance bodies.
• Require documented justifications for all amendments to performance data, with random spot checks.
• Regular refresher training for staff on the risks and consequences of concealment.

We’re here to help

As internal audit specialists within the public sector, we’re committed to supporting you every step of the way with services to help you get ahead such as:

• Facilitating and documenting a fraud risk assessment aligned to the Act
• Reviewing current policies, procedures and reporting mechanisms for compliance with ECCTA expectations
• Supporting the development of Board-level reporting and assurance over fraud controls
• Supporting the development of your staff and offering leadership training programmes on fraud awareness and prevention
• Undertaking focused internal audits of your anti-fraud framework to assess the controls in place, the levels of staff understanding of their responsibilities and reviewing compliance with the Act.
• Undertaking data analysis to identify potential fraudulent activity.
• Undertaking fraud investigation into suspected fraud.

To find out more about how we can support your organisation get in contact with Leisyen or one of the team by calling 0330 058 6559 or email us hello@scruttonbland.co.uk