Introduction
On 1 September 2025, the UK's new "failure to prevent fraud" offence came into force, representing one of the most significant shifts in corporate criminal liability and fraud prevention in years. Large organizations (not just corporations) can now be held criminally liable for their failure if an employee, subsidiary, or agent committed fraud for the organization's benefit.
In contrast, Canada's fraud prevention system remains reactive, relying on traditional criminal law and procurement rules to deter corporate fraud. It is reactive in that punishment follows wrongdoing, with fines and debarment (and imprisonment in more extreme cases) acting as the principal deterrents.
With rising pressure from international partners and public demand for stronger accountability, Canada may soon follow the UK's lead. A "failure to prevent fraud" offence in Canada would help bring about a much-needed change in approach on the part of organizations from reactive response to fraud to proactive prevention.
UK's Offence A Game Changer
Introduced last year as part of the UK's Economic Crime and Corporate Transparency Act (ECCT), the new offence is intended to hold large organizations (but not individuals within them except the fraudster) to account if the organization intended to profit or actually profited from the fraud. It is a strict liability offence (or rather a lengthy list of offences).
Organizations will be held criminally liable where an employee, agent, subsidiary, or other "associated person" commits a fraud intending to benefit the organization even if directors or management had no knowledge of the misconduct. Note that anyone performing services on behalf of the organization can be caught by the provision and that the organization need not be the only actual or intended beneficiary: a client also benefitting from the misconduct will also be at risk of conviction.
The type of activity that would be caught by the new offence is broad. Examples given include dishonest sales practices, the hiding of important information from consumers or investors, or dishonest practices in financial markets.
An organization will have a defence to the new offence if it can show that it had reasonable fraud prevention systems at the time, or if they can demonstrate that it was not reasonable in all the circumstances to expect the organization to have any prevention systems in place. These systems to be effective as a legal defence will need to involve more than paper policies. Organizations must demonstrate things such as active compliance frameworks, training, monitoring, and continuous assessment, the stuff of only a well put together, comprehensive and robust risk management system.
Canada's Approach
Canada does not have a direct equivalent to the UK's new fraud offence. Canada relies instead on a patchwork of different and sometimes overlapping offences found in a variety of statutes, all having various element of deceit, advantage-taking and/or cheating.
Generally, corporate liability as it relates to fraud in Canada arises when a senior officer (directing mind) is complicit, negligent, or directs the activity at issue and the activity falls under one or more of the Competition Act (deceptive marketing, bid-rigging, etc.), the Criminal Code (including municipal bribery), federal or provincial tax legislation (criminal tax evasion), or under federal proceeds of crime, terrorist financing, anti-money laundering and anti-corruption legislation.
In addition, where a company is convicted under a corporate criminal provision it may also be debarred from federal contracts under the Integrity Regime under which companies found guilty of fraud or corruption can be banned from bidding on government contracts for up to 10 years (the ban can be reduced to 5 years if firms cooperate and enhance compliance).
Government Contracts: The High-Stakes Arena
Fraud in public procurement carries particularly heavy consequences. In the UK, fraudulent invoices, misrepresented costs, or rigged tenders can lead to criminal prosecution, director disqualification, and exclusion from future public tenders.
In Canada, similar misconduct often results in debarment under the Integrity Regime. While this can significantly impact a company's access to lucrative infrastructure projects, criminal liability typically only extends to senior officers who were directly involved.
Both systems, however, underscore the same reality: for some companies fraud in government contracts is an existential threat. Companies whose main business is in the public sector risk losing not only money but their very legal ability to carry on business.
Why Risk Assessments Are Essential
The UK's new offence makes it clear that fraud prevention is no longer optional — it is a practical and legal necessity. Even in Canada, where the law has not yet caught up, conducting fraud risk assessments is increasingly becoming essential for:
- Identifying vulnerabilities: Fraud risk assessments help uncover weak points — from aggressive sales incentives to procurement practices and third-party relationships — before they are exploited.
- Demonstrate due diligence: In the UK, risk assessments form part of the "reasonable prevention procedures" defence. In Canada, they are a vital part of demonstrating to stakeholders, regulators, procurement authorities, and courts that a company takes compliance seriously.
- Protect directors and senior management: Board members face reputational harm and possible disqualification if fraud takes place under their watch. A documented fraud risk assessment shows leadership commitment to prevention, potentially reducing corporate as well as personal liability.
- Safeguard government contracts: For firms bidding on public work, prevention measures are as critical as financial capacity. A failure to demonstrate fraud risk management could cost companies millions in lost opportunities.
- Build a culture of integrity: robust risk assessments, followed by training and monitoring, transform fraud prevention from a compliance checkbox exercise to a pillar of corporate culture — the ultimate defence against misconduct.
Conclusion
The UK's failure to prevent fraud offence forces companies to take prevention seriously. While the global momentum toward strict corporate liability is undeniable, Canada still relies on traditional liability rules and procurement bans.
For organizations on both sides of the Atlantic, the message is clear:
- Fraud is no longer just a legal risk — it is a strategic risk to survival.
- Conducting fraud risk assessments have become essential and are no longer optional.
- Those who invest in proactive prevention will be best positioned to protect directors, preserve reputation, and maintain access to valuable government contracts.
The era of reactive compliance is coming to an end. Prevention, consisting of robust preventative regulatory, litigation and fraud risk management systems, is the new standard for corporate governance. Devising and implementing such systems is also no longer the preserve of any one area of expertise: such systems now require combined and coordinated expertise in legal compliance and regulation, accounting, forensics and data analytics.
Co-authored by Dave Oswald
The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.
© McMillan LLP 2025
