As the new corporate offence of failure to prevent fraud under the Economic Crime and Corporate Transparency Act (ECCTA) becomes effective from 1 September 2025, businesses must now navigate a major change in corporate liability.
This FAQ answers some common questions and outlines what general counsel and compliance leaders must consider to prepare for the changes and implement effective fraud prevention measures.
Frequently asked questions
What is the new failure to prevent fraud offence?
Under p 199 of ECCTA, a "relevant body" (i.e. a large organisation) commits an offence if:
- an associated person commits a specified fraud offence;
- with intent to benefit the organisation or its clients; and
- the organisation lacks adequate procedures for preventing fraud.
This is a strict liability offence — no need to prove senior management involvement.
Who does the offence apply to?
The offence applies to UK and overseas companies and partnerships doing business in the UK that meet at least two of the following:
- over 250 employees;
- turnover over £36 million; and
- balance sheet total over £18 million.
It also applies to parent companies and subsidiaries if the group meets the threshold.
Even if your organisation is not currently in scope, you may still be affected contractually — larger partners may require anti-fraud controls.
What fraud offences are covered?
Specified frauds include:
- fraud by false representation and fraud by failing to disclose information (p 2 & 3 Fraud Act 2006 offences);
- fraud by abuse of position, participating in a fraudulent business and obtaining services dishonestly (p 4, 9 & 11 Fraud Act 2006 offences);
- fraudulent trading (p 993 Companies Act 2006);
- false accounting (p 17 Theft Act 1968);
- false statements by company directors (p 19 Theft Act 1968);
- cheating public revenue (common law); and
- aiding and abetting any of the above.
What qualifies as "Intention to Benefit"?
The fraud must be intended to benefit the organisation or its clients — even if the benefit is indirect or the fraud fails. For example:
- manipulating results to boost bonuses and company performance; or
- gaining contracts through misrepresentation.
What's the defence?
The only defence is having "reasonable fraud prevention procedures" in place at the time of the offence.
The six principles of reasonable procedures:
- Top-level commitment
Leadership must be committed to anti-fraud efforts. - Risk assessment
Identify and document fraud risks across all business areas. - Proportionate procedures
Tailor controls to your risk profile — e.g. dual authorisation, whistleblowing channels. - Due diligence
Vet those people who will be carrying out services for you with background checks and ongoing monitoring. - Communication and training
Provide regular, practical training, make it mandatory and test understanding. - Monitoring and review
Update procedures regularly and log incidents and responses – and feed them back into the risk assessment.
Read the original article on GowlingWLG.com
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
