On 1 September 2025, a new offence of Failure to Prevent Fraud came into effect. The offence was created by The Economic Crime and Corporate Transparency Act 2023 (“ECCTA 2023”).
Data published by UK Finance in November 2025 revealed that in the first half of 2025, fraud remained one of the UK’s biggest financial threats, with over 2 million reported cases in the first half of 2025, and £623.9m stolen through scams and payment fraud.
The offence of failure to prevent fraud is designed to ensure that organisations are held to account for fraud offences committed by employees, or other associated persons, which may benefit the organisation, or, in certain circumstances, their clients, in essence making it easier for organisations to be prosecuted for fraud committed by employees or third parties that the organisation benefits from.
This article looks at the offence, how it relates to organisations and what the impact could be for organisations. If you would like to speak to us for guidance on the ECCTA 2023 and its ramifications, then please contact us here.
What is the failure to prevent fraud offence?
Section 199 of ECCTA 2023 makes ‘large organisations’ criminally liable if a person associated with an organisation in any financial year commits fraud that is intended to benefit the organisation and the organisation did not have reasonable fraud prevention procedures in place. This offence also includes any person to whom services are provided on behalf of the organisation.
The offence applies to a wide range of large, incorporated bodies and partnerships, and partnerships which are not bodies corporate (including Scottish partnerships and Limited Partnerships formed under the Limited Partnerships Act 1907).
The scope for failure to prevent fraud covers:
- Fraud by false representation (section 2 Fraud Act 2006)
- Fraud by failing to disclose information (section 3 Fraud Act 2006)
- Fraud by abuse of position (section 4 Fraud Act 2006)
- Obtaining services dishonestly (section 11 Fraud Act 2006)
- Participation in a fraudulent business (section 9, Fraud Act 2006)
- False statements by company directors (Section 19, Theft Act 1968)
- False accounting (section 17 Theft Act 1968)
- Fraudulent trading (section 993 Companies Act 2006)
- Cheating the public revenue (common law).
Money laundering offences are not covered in the scope of Failure to prevent fraud, as organisations that are regulated by the Financial Conduct Authority (FCA) are already required to have anti-money laundering procedures in place.
Failure to prevent fraud will only apply where the associated person commits an offence under UK law. It does not apply to UK organisations whose overseas employees or subsidiary undertakings commit fraud
MSP Company Secretarial can provide support with the organisation of risk policies and anti-fraud procedures. Speak to us here to find out more.
What is ‘a large organisation’ according to the ECCTA?
Sections 201 and 202 specify that a ‘large organisation’ is one that satisfies two or more of the following conditions in the financial year preceding the year of the offence:
- More than 250 employees
- More than £36 million turnover
- Assets of more than £18 million.
Subsidiaries of parent companies that meet the conditions above could be liable for the offence. Also, a subsidiary, which is not itself a large organisation, can be prosecuted rather than the parent company if an employee of the subsidiary commits fraud intending to benefit the subsidiary.
What are ‘reasonable fraud prevention procedures’?
If faced with a possible contravention of Failure to prevent fraud, organisations are required to prove that, at the time the fraud offence was committed, they had in place prevention procedures. These procedures should be as reasonable in all the circumstances to expect the organisation to have in place. The alternative is that it can be proved that it was unreasonable in all the circumstances to expect the body/organisation to have any prevention procedures in place (Section 199(4) of ECCTA 2023).
The UK Home Office has produced guidance providing organisations with information about what reasonable procedures are, and provides a fraud prevention framework that an organisation should put in place to reduce the risk of fraud, based on the following six principles:
- Top-level commitment
- Risk assessment
- Proportionate risk-based prevention procedures
- Due diligence
- Communication (including training)
- Monitoring and reviews.
The guidance is intended to be flexible for all types of organisations. Procedures to prevent fraud should be designed with the organisation’s structure and the territoriality of the offence in mind and should be proportionate to the risk of fraud. Also, the guidance is principles-based rather than rule-based, so organisations should adopt and implement policies and strategies to mitigate the risk of fraud, based on their own circumstances.
In practice, organisations should consider taking the following actions to develop fraud prevention procedures:
- Review risk assessments by reference to the risk of fraud.
- Review company and anti-fraud policies and procedures.
- Review training programmes and their effectiveness and assess if they adequately cover fraud-specific training and address fraud risks.
- Review and implement changes to governance arrangements, monitoring and reporting processes in respect of fraud prevention measures and to build an anti-fraud culture.
MSP Company Secretarial can provide support and guidance with your fraud prevention procedures. To find out more, please contact us here.
How does the offence of failure to prevent fraud compare to a company’s obligations under the Bribery Act 2010?
Both corporate offences of failure to prevent fraud and failure to prevent bribery under the Bribery Act 2010 place responsibility on organisations to implement procedures to prevent these offences from occurring in their business operations. The fraud prevention framework set in the Home Office guidance is based on the same six principles contained in the Bribery Act guidance.
What are the impacts of failing to prevent fraud for companies?
The offence of failure to prevent fraud is punishable by an unlimited fine (Section 199(12) ECCTA 2023); however, there is no specific sentencing guideline for the offence of failure to prevent fraud. Alongside the financial penalties for organisations, there is also significant reputational damage and regulatory scrutiny for organisations to consider.
How MSP Company Secretarial Can Help
It is essential that organisations invest heavily in developing procedures to detect and mitigate the risk of fraud and reduce the opportunities for fraud to occur. MSP Company Secretarial can provide guidance on the requirements of the ECCTA 2023 and work with you in reviewing your Corporate Governance Frameworks, carry out a governance health-check on your organisation and provide support with drafting and implementing policies and procedures.
Contact us today for more information.
UK Failure to Prevent Fraud Offence and the ECCTA: Frequently Asked Questions
When does the offence of failure to prevent fraud come into practice?
This new offence came into effect on 1st September 2025. This means that all organisations should be considering their current anti-fraud policies and fraud resilience and reviewing them to ensure they are compliant.
How does “failure to prevent fraud” differ from the offence of “failure to prevent bribery”?
The main differences relate to the organisations that are in scope and the territoriality of these offences. Under section 7 of the Bribery Act 2010, body corporates and partnerships of all sizes are in scope of the offence of failure to prevent bribery, whereas “large” organisations are in scope of the failure to prevent fraud offence under Section 199 of ECCTA 2023.
Additionally, the offence of failure to prevent bribery applies to conduct by associated persons based anywhere in the world, provided the organisation is (i) UK incorporated; or (ii) carries on business, or part of a business, in the UK. The offence of failure to prevent fraud applies where any element of the base fraud offence took place in the UK (including any actual loss or gain).
How does ECCTA 2023 define an “associated person” for the purposes of the failure to prevent fraud?
Section 199 of ECCTA defines an associated person to be an employee of the relevant organisation, an agent, a subsidiary undertaking (acting corporately) or any other person who provides services for or on behalf of the relevant organisation, regardless of whether the associated person is under contract or not.
Related Topics to the ECCTA:
A Guide to Navigating the Economic Crime and Corporate Transparency Act
A Guide to Company Reports – what to report and in what format.