On 1 September 2025, the Economic Crime and Corporate Transparency Act 2023 (ECCTA) created a new corporate criminal offence: failure to prevent fraud.
Under the offence, an organisation is liable where a specified fraud offence:
- is committed by an employee, agent, subsidiary or other person performing services for or on its behalf (an “associate”)
- is committed with the intention of benefiting the organisation itself or benefiting someone else the associate provides services to, on behalf of the organisation
- the organisation did not have relevant fraud prevention procedures in place.
The maximum penalty is an unlimited fine. Organisations will be liable whether or not they are aware that an offence has been committed, increasing the likelihood of successful convictions unless robust fraud prevention procedures are in place.
The offence is one of many measures under ECCTA to shift corporate culture to focus on and prioritise fraud prevention and encourage responsible business.
Sector-specific risks in transport and logistics
Organisations in the transport and logistics sector face particular fraud risks due to the complexity of supply chains, reliance on third-party providers, and regulatory obligations.
Examples include:
Procurement fraud: Inflated invoices, collusion between suppliers and internal staff, or misrepresentation of goods and services
Subcontractor misrepresentation: False claims about qualifications, insurance, or capacity to deliver services
Customs and border fraud: False declarations, undervaluation of goods, or misclassification to avoid duties
Fuel card misuse: Personal use of company fuel cards or manipulation of mileage records
These risks often arise in fast-paced operational environments where oversight may be limited and pressure to meet targets is high.
Who will the offence apply to?
The offence applies to large organisations that satisfy any two of the following criteria:
- over 250 employees
- more than £36 million turnover
- more than £18 million total assets.
The criteria apply to the whole organisation, including subsidiaries. If an employee/agent of a subsidiary of a large organisation commits a fraud which is intended to benefit the subsidiary, then the subsidiary may be prosecuted even if the subsidiary itself does not qualify as a large organisation. If the fraud committed by the employee/agent is intended to benefit the parent, then the parent may be prosecuted.
The offence can apply to organisations that are based overseas if the fraud offence is committed in the UK or targets victims in the UK.
What type of fraud is captured by this offence?
Large organisations will be liable where a relevant person commits a fraud offence with the intention of benefiting the organisation or its customers. The benefit doesn’t have to be financial.
If an agent commits a fraud offence in the course of its agency, the organisation can be liable.
The fraud offences include:
- false accounting and false statements by directors
- fraudulent trading – whereby a company dishonestly carries on a business in a manner which puts creditors at risk of not being paid, or entices people who are not creditors to become creditors where the company is likely to become insolvent
- various fraud offences under the Fraud Act 2006 (for example participating in a fraudulent business or obtaining services dishonestly)
- the common law offence of cheating the public revenue including: making a false statement (whether written or not) relating to income tax; delivering (or causing to be delivered) a false document relating to income tax; failing to account for VAT; withholding PAYE and National Insurance; failing to register for VAT; and failing to disclose income
- aiding or abetting any of the above offences.
The base fraud offence is committed by someone associated with the large organisation (an employee, agent, subsidiary company, a partner of a partnership or other “associated person” providing services for the benefit of the organisation or on its behalf).
There must be an intention to benefit either the relevant organisation or a person to whom the organisation provides a service, but this benefit need not materialise nor be the primary motivation.
There is no liability under this legislation where the large organisation is a victim of fraud.
The reasonable prevention procedures defence
An organisation will be liable where an offence has been committed by a relevant person, irrespective of whether the organisation was aware that an offence had been committed. The only defence available to an organisation is where it can demonstrate:
- that it had reasonable prevention procedures in place
- that it was not reasonable in all the circumstances to expect the organisation to have any prevention procedures in place.
Prevention procedures are those procedures that are in place to prevent an associated person from committing a fraud offence.
In November 2024 the Home Office published guidance which sets out what organisations should consider when implementing reasonable fraud prevention procedures. The guidance sets out six principles:
Top level commitment: senior management to lead by example and foster a culture where fraud is never acceptable. They should, for example, commit to training and the implementation of fraud prevention procedures throughout the organisation.
Risk assessment: organisations to adopt a dynamic approach to assessment of risk which must be kept regularly under review. This will include looking to identify the different types of risk presented to different associated persons within the organisation.
Proportionate risk-based fraud prevention procedures: fraud prevention procedures need to be proportionate to the risk faced and the nature of an organisation’s operations. Those procedures should be clear, practical, accessible and effectively implemented and enforced.
Due diligence: due diligence proportionate to the fraud risk should be undertaken on associated persons including contract reviews for agents and service providers and monitoring for increased fraud risk on account of stress, targets or workload.
Communication: clear communication of fraud prevention policies and procedures to encourage compliance. Regular training is key.
Monitoring and review: regular monitoring and review of fraud detection and prevention procedures and making improvements where necessary.
The guidance makes it clear that there is not a one-size-fits-all approach to reasonable procedures. It needs to be adapted to the nature of each organisation, its employees, agents and supply chains.
The Birketts view
The new offence will make it easier to prosecute organisations for fraud as it will no longer be necessary to demonstrate that a director or senior manager (“the directing mind and will” of the organisation) committed or knew about the fraud offence to secure a conviction.
Organisations that are potentially caught by this new offence should review, and if necessary, develop and enhance existing procedures to prevent fraud.
The content of this article is for general information only. It is not, and should not be taken as, legal advice. If you require any further information in relation to this article please contact the author in the first instance. Law covered as at September 2025.
Key Contacts
The content of this article is for general information only. It is not, and should not be taken as, legal advice. If you require any further information in relation to this article please contact the author in the first instance. Law covered as at November 2025.