With effect from 1 September 2025, section 199 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) creates a new criminal offence of failure to prevent fraud. Under the new offence an organisation will be liable where a specified fraud offence is committed by an employee, agent, subsidiary or other “associated person” with the intention of benefiting the organisation and the organisation did not have relevant fraud prevention procedures in place. The penalty can be an unlimited fine. Liability for the new offence is strict, increasing the likelihood of successful convictions. The offence is one of many measures under ECCTA to shift corporate culture to focus on, and prioritise, fraud prevention and encourage responsible business.
Who will the offence apply to?
The offence applies to “large organisations” (corporates and partnerships) that satisfy two of the following criteria:
- over 250 employees; and/or
- more than £36 million turnover; and/or
- more than £18 million total assets.
The criteria above apply to “whole organisations” which includes subsidiaries. This means that where an employee of a subsidiary (which itself is not a large organisation) commits a fraud which is intended to benefit the subsidiary then the subsidiary may be prosecuted. If the fraud committed by the employee is intended to benefit the parent, then the parent may be prosecuted.
It should be noted that the offence can apply to organisations that are based overseas if the fraud offence is committed in the UK or targets victims in the UK.
What type of fraud is captured by this offence?
The fraud offences are set out in a schedule to ECCTA and include false accounting and false statements by directors in sections 17 and 19 Theft Act 1968, fraudulent trading under section 993 Companies Act 2006, various fraud offences under the Fraud Act 2006 (for example participating in a fraudulent business, obtaining services dishonestly), the common law offence of cheating the public revenue, and also aiding or abetting any of these offences.
The base fraud offence is committed by someone associated with the relevant body (an employee, agent, subsidiary company, a partner of a partnership or other “associated person” providing services for the benefit of the organisation or on its behalf). There must be an intention to benefit the relevant organisation in some way, but this need not materialise nor need it be the primary motivation.
The reasonable prevention procedures defence
An organisation will be liable where an offence has been committed save where it can demonstrate:
- that it had reasonable prevention procedures in place; or
- that it was not reasonable in all the circumstances to expect the organisation to have any prevention procedures in place.
Prevention procedures are those procedures that are in place to prevent an associated person from committing a fraud offence.
In November 2024 the Home Office published guidance which sets out what organisations should consider when implementing reasonable fraud prevention procedures. The guidance sets out six principles:
Top level commitment: senior management to lead by example and foster a culture where fraud is never acceptable. They should, for example, commit to training and the implementation of fraud prevention procedures throughout the organisation.
Risk assessment: organisations to adopt a dynamic approach to assessment of risk which must be kept regularly under review. This will include looking to identify the different types of risk presented to different associated persons within the organisation.
Proportionate risk-based fraud prevention procedures: fraud prevention procedures need to be proportionate to the risk faced and the nature of an organisation’s operations. Those procedures should be clear, practical, accessible and effectively implemented and enforced.
Due diligence: due diligence proportionate to the fraud risk should be undertaken on associated persons including contract reviews for agents and service providers and monitoring for increased fraud risk on account of stress, targets or workload.
Communication: clear communication of fraud prevention policies and procedures to encourage compliance. Regular training is key.
Monitoring and review: regular monitoring and review of fraud detection and prevention procedures and making improvements where necessary.
The guidance makes it clear that there is not a one-size-fits-all approach to reasonable procedures. It needs to be adapted to the nature of each organisation, its employees, agents and supply chains.
The Birketts view – next steps
The new offence will make it easier to prosecute organisations for fraud as it will no longer be necessary to demonstrate that a director or senior manager (“the directing mind and will” of the organisation) committed or knew about the fraud offence to secure a conviction.
Organisations that are potentially caught by this new offence should take the opportunity now to consider their potential exposure and review, develop and enhance existing procedures to prevent fraud and/or conduct new risk assessments as appropriate in the months leading up to 1 September 2025.
Key Contacts
The content of this article is for general information only. It is not, and should not be taken as, legal advice. If you require any further information in relation to this article please contact the author in the first instance. Law covered as at May 2025.