What Is the Failure to Prevent Fraud Offence?

• The new failure to prevent fraud offence comes into force on 1 September 2025.
• It creates a legal duty for large organisations to take reasonable steps to prevent fraud committed on their behalf.
• Senior management does not need to be aware of the fraud – organisations can still be liable if they failed to take reasonable steps to prevent it.
• The offence covers specific fraud and false accounting crimes, including false representation and tax fraud.
• Although it currently only applies to large companies, smaller businesses should still review their fraud controls to meet growing client and regulatory expectations.

The failure to prevent fraud offence is a new corporate crime introduced by the Economic Crime and Corporate Transparency Act 2023. (There’s no separate Failure to Prevent Fraud Act.)

It makes organisations criminally liable if a person commits fraud for the organisation’s benefit – and the organisation failed to take reasonable steps to prevent it.

There’s no requirement to prove that senior management knew, approved, or even suspected anything. If the fraud benefits the organisation, and there’s no evidence of adequate prevention measures, the organisation itself can be prosecuted.

The failure to prevent fraud is part of a broader push to clamp down on economic crime in the UK. It marks a significant change in how corporate fraud is treated.

For years, prosecutors and regulators struggled to hold organisations accountable when fraud was committed on their behalf. Prosecutions hinged on proving intent at the top, which is notoriously difficult for large or decentralised businesses.

In fact, there have been multiple cases where shady business leaders escaped punishment even when there was credible evidence of wrongdoing. They just had to sufficiently distance themselves from the fraudulent acts.

So, the new offence shifts the focus from what directors did to what the organisation did (or didn’t do) to prevent fraud in the first place.

If a fraud occurs and your business hasn’t acted to prevent it, the law may now treat that failure as a crime in itself. This reflects a wider shift in policy and law: organisations are now expected to prevent harm, not just respond to it.

Bribery, tax evasion, even sexual harassment – in each instance, the law now requires organisations to take reasonable steps to prevent these offences.

The new offence applies to a specific set of criminal fraud and false accounting offences already defined in law. These are:

• Fraud by false representation – Lying to someone to gain a benefit. For example, providing false information in a contract or invoice to secure payment or a business deal.
• Fraud by failing to disclose information – Deliberately leaving out key facts when you have a duty to speak up. For example, not disclosing known defects in a product or service.
• Fraud by abuse of position – Exploiting a position for personal or organisational gain. This could include a finance manager manipulating accounts to cover up losses or a director using insider knowledge to divert funds.
• False accounting – Knowingly changing, hiding or fabricating financial records to mislead. For example, inflating revenue to make a business look healthier than it is.
• Fraudulent trading – Running a business with the intention of deceiving creditors or customers. For instance, an insolvent company continuing to take customer payments when it can’t deliver or repay.
• Cheating the public revenue – Deliberately underpaying or avoiding tax by dishonest means. This could include falsifying VAT returns, hiding income, or claiming deductions you’re not entitled to.

For the failure to prevent fraud offence to apply, the fraud must be carried out by someone acting on behalf of the organisation and it must be intended to benefit the organisation in some way.

The new failure to prevent fraud will be enforced from 1 September 2025.

Not every organisation is directly affected by the new offence at this time. It currently only applies to businesses classed as large organisations.

To qualify, an organisation must meet two or more of the following criteria:

• More than 250 employees
• More than £36 million in turnover
• More than £18 million on the balance sheet

If your business doesn’t meet these thresholds, the offence doesn’t currently apply to you. But that doesn’t mean it’s irrelevant.

The introduction of this law sets a new compliance benchmark. And for many smaller organisations working with larger clients, especially in regulated sectors or public procurement, expectations around fraud prevention may shift quickly.

In practice, organisations of all sizes may soon need to demonstrate that they have taken reasonable steps to reduce the risk of fraud, whether or not the law explicitly demands it.

The law states that organisations must implement “reasonable fraud prevention procedures”.

What’s considered reasonable will depend on your size, structure, and level of fraud risk.

The government’s failure to prevent fraud guidance outlines six core principles that large organisations must follow. While many small to medium-sized enterprises (SMEs) won’t be directly in scope, these principles provide an excellent framework for good practice.

The six guiding principles are:

1. Top-level commitment – Leaders must visibly support fraud prevention and allocate the necessary resources.
2. Risk assessment – Risk assessments must be used to identify where fraud could happen in your organisation or supply chain.
3. Proportionate, risk-based procedures – Control measures that match the risks you’ve identified must be put in place. This might include basic approval checks, financial oversight, or transaction thresholds.
4. Due diligence – Carry out simple checks and keep records of any person or organisation that acts for you, such as suppliers, agents, or contractors.
5. Communication and training – Make sure your team is clear on the organisation’s position, can recognise fraud, and knows how to raise concerns.
6. Monitoring and review – Periodically assess how your controls are working and update them when necessary.

First, the legislation signals a broader shift in regulatory expectations. Organisations are increasingly expected to actively prevent wrongdoing. The government has already placed duties on all businesses to take reasonable steps against bribery and money laundering. It’s possible the same may happen with fraud.

Second, many SMEs operate in supply chains or partnerships with larger businesses. Those clients may begin asking more questions about your fraud controls, especially if they’re required to demonstrate their own. A lack of basic procedures could put contracts at risk or limit your ability to win new business.

Third, the risk of fraud is not limited to large organisations. In fact, smaller businesses may be more vulnerable. With fewer resources and a heavier reliance on personal relationships, fraud can go undetected for longer – and do more damage.

For most SMEs, a great first step is to review current policies and training. Ask yourself:

• Do your employees and contractors understand what fraud looks like?
• Are approval and reconciliation processes clearly defined and consistently followed?
• Have recent changes (like growth, remote work, or new partners) introduced fraud risks?

Our online Fraud Prevention and Risk Management for Managers course will help you prevent and respond to fraud.

For large companies, it provides evidence that you have taken reasonable steps to meet your new legal duties under the Economic Crime and Corporate Transparency Act. For SMEs, it acts as a vital safeguard against fraud and economic exploitation.

The course provides practical guidance to help your managers:

• Understand how fraud happens in the workplace
• Recognise their legal responsibilities and liabilities
• Identify and manage fraud risks in your team or business
• Implement effective internal controls and preventative measures
• Respond confidently if fraud is suspected or detected

Act now to ensure compliance – and help protect your business from serious financial and reputational risk.