By Ruth Prickett, 24 February 2025
Fraud prevention is about to get more complicated with penalties rising sharply for UK organisations. Starting on 1 September 2025, larger businesses will be liable to criminal prosecution if any of their employees – or an agent, subsidiary, or other ‘associated person’ –commits fraud that is intended to benefit the company.
The new failure to prevent fraud offence (part of the Economic Crime and Corporate Transparency Act) [1] throws the doors open to a host of new legal cases and exposes businesses to a range of risks.
At the very least, relevant companies should now be putting in place measures to identify and prevent fraud taking place. This is shining the spotlight on corporate culture and ‘tone from the top’ as executives realise that merely pointing to company policies and mission statements is unlikely to exonerate them if a case comes to court. They will need evidence that they have actively engaged with relevant people and are promoting desired behaviour, as well as operating controls to catch fraud if it happens
About 40% of all crime in England and Wales involves fraud, making it the single most common type of crime committed in the UK, according to the government. The new law is intended to encourage organisations to build an anti-fraud culture, in the same way, that failure to prevent bribery legislation has helped reshape corporate culture since its introduction in 2010, the Home Office said in November when it released its latest guidance. [2]
David Hanson, Minister with Responsibility for Fraud, said the guidance ‘marks the first steps towards a corporate culture shift around fraud prevention,’ calling the scourge of fraud across the UK ‘a pernicious crime.’
Time is running short
Nick Ephgrave, Director of the UK’s Serious Fraud Office, added that corporate fraud ‘significantly damages confidence in UK companies and ultimately costs the taxpayer.’ He warned that ‘time is running short for corporations to get their house in order or face criminal investigation.’
With less than seven months to go, the clock is certainly ticking, so organisations that have not yet begun work need to start now. Preparations may prove more complicated than some expect since the definition of ‘associated person’ is broad. It could mean anybody providing services on behalf of an organisation.
‘So, for example, if an employee is engaged in dishonest sales practices or deceitful behaviour in financial markets then the company itself could face prosecution. This would also apply if employees were engaged in the practice of hiding significant information from its investors or consumers,’ warned Rachel Gregory, Partner at Grosvenor Law, in Business & Accountancy Daily.[3]
Train fraud recognition, develop risk frameworks
The first thing organisations can do to prepare is to identify all their employees who fall within the relevant categories and to ensure they undergo training on what constitutes fraudulent activity, according to Keith Fenner, Senior Vice President and General Manager, International, at software developer Diligent.
‘Ignorance or lack of intent will not mitigate liability,’ he said.
Iain Armstrong, Regulatory Affairs Practice Lead at ComplyAdvantage, believes that the new offence will prompt many firms to develop more comprehensive risk frameworks, like those already in place in large financial institutions. He advises compliance leaders to review the programme’s six key principles and document how their firm embeds these across their organisation.
‘It’s important to note that the definition of “associated persons” is broad, including employees, agents, and any person providing services for, or on behalf of, the financial institution,’ he said. ‘This could include certain outsourced providers such as cleaning companies, and the extraterritorial nature of the provisions goes much further than, for example, the UK Bribery Act.’
The challenges will vary according to the size of the organisation, larger corporations are likely to understand the risks in their outsourced population better than smaller ones, but they will also have more vendors to assess. All larger corporate customers will be required to have their own fraud risk mitigation measures in place, which could have a knock-on effect down supply chains.
‘Either way, larger corporations that are directly impacted by the new offence, and the smaller ones that act on behalf of those companies, will likely need to put in place a much more rigorously thought-out and documented risk assessment process,’ Armstrong added. He believes that this should cover the various ways that fraud could be committed to the benefit of the organisation and should look at motives and opportunities at multiple levels.
‘The recent guidance from the Home Office makes clear that “tone from the top” is one of the central pillars that will need to be demonstrably embedded for firms to stand a chance of being compliant,’ he concluded.
Seven months is not long to turn around corporate culture or turn the tide on the UK’s most common crime, but by making companies liable for the misdeeds of their people, the government is sending a clear message that fraud is not just a financial risk.
To help you and your firm prepare for the new failure to prevent fraud offence, join ICA’s Failure to Prevent Fraud: Roadmap to Readiness masterclass with senior lawyer and government advisor on financial crime, Gaon Hart, taking place on 5 March 2025.
This article has been republished with permission from Compliance Week, a US-based information service on corporate governance, risk, and compliance. Compliance Week is a sister company to the International Compliance Association. Both organisations are under the umbrella of Wilmington plc. To read more visit www.complianceweek.com