A new corporate criminal offence of 'failure to prevent fraud' came into effect in the United Kingdom on 1 September 2025. The new offence is found in section 199 of the Economic Crime and Corporate Transparency Act, 2023 ("ECCTA"). Although ECCTA was passed in October 2023, the commencement date of the new offence was postponed until 1 September 2025 to allow the Home Office time to prepare its guidance on the offence (the "Guidance"), and for organisations to prepare for the new offence by updating their fraud prevention frameworks to the extent required.
The new offence is similar in form to the 'failure to prevent bribery' offence found in section 7 of the UK Bribery Act, being a strict liability offence. In other words, the prosecution will not need to prove that the directors or senior managers of the company concerned ordered or knew about the fraud. As with the failure to prevent bribery offence, the new offence is coupled with a statutory defence. Although, unlike the section 7 'adequate procedures' defence, the test for section 199 is whether, at the time the fraud offence was committed (i) the relevant body had such prevention procedures as it was reasonable in all the circumstances to expect the body to have in place; or (ii) it was not reasonable in all the circumstances to expect the body to have any prevention procedures in place.
The prevention procedures referred to in the statutory defence are procedures designed to prevent persons associated with the body from committing fraud offences. The 'fraud offences' for purposes of the new offence, which are numerous, are listed in Schedule 13 of ECCTA and include, amongst others, fraud by false representation and fraud by false accounting, each as defined in the relevant underlying statute. Given the onerous nature of strict liability offences, ECCTA has provided for a few key scope limitations:
- First, the offence only applies to 'relevant bodies' who are 'large organisations'.
- Second, the fraudulent conduct concerned must have been committed by a person associated with the body (such as an employee) intending to benefit (directly or indirectly) either the body itself, or any person to whom, or to whose subsidiary undertaking, the associate provides services on behalf of the relevant body. No offence will be committed if the body was, or was intended to be, a victim of the fraud offence.
- Third, no offence will be committed where the body had in place reasonable prevention procedures (or it was unreasonable to expect it to have such procedures).
The above limitations are discussed hereunder.
Who does the new offence apply to?
The offence applies to 'relevant bodies' who are large organisations. For purposes of section 199, relevant bodies are bodies corporate or partnerships, wherever they are incorporated or formed, and large organisations are those relevant bodies which satisfy any two or more of the following conditions in the financial year preceding the fraud offence committed:
- Turnover is more than GBP 36 million (~ZAR 856,225,440)
- Balance sheet total is more than GBP 18 million (~ZAR 428,112,720)
- Number of employees is more than 250
According to the Guidance, the above criteria apply to the whole organisation, including subsidiaries, regardless of where the organisation is headquartered or where its subsidiaries are located.
In respect of territorial application, the offence will only apply where the associated persons commit a fraud offence under the law of part of the UK – in other words a UK nexus is required. The Guidance clarifies that this UK nexus will exist where:
- part of the underlying fraud offence took place in the UK; or
- the gain or loss occurred in the UK.
This is important for non-UK companies to consider, as they are not excluded from the ambit of the offence merely because they are not registered, or present in the UK. If non-UK companies have employees in the UK, or the victims of the fraud are based in the UK, the new offence will apply to them even though the company itself has no other UK link. Liability could therefore occur, for example, where an employee fraudulently misrepresents the company's financial performance in order to secure additional funding from UK investors.
Given the scope of possible application of the new offence, and the extent of the various fraud offences which may give rise to liability for companies, it is critically important – perhaps even more so than in respect of the failure to prevent bribery offence – for companies to ensure they have reasonable prevention procedures in place.
The reasonable fraud prevention procedures defence
Like the failure to prevent bribery offence, the Guidance adopts a six principles approach to the assess fraud prevention frameworks. Whilst the Guidance itself is not binding, aligning procedures with its recommendations is best practice . The six principles which should inform a fraud prevention framework are as follows:
- Top-level commitment – visible, active and unequivocal tone-from-the-top that fraud in any form is unacceptable.
- Risk assessment – dynamic identification and evaluation of where, how and by whom fraud might be perpetrated for the organisation's benefit.
- Proportionate procedures – controls/procedures tailored to the nature, scale and complexity of the organisation and the fraud risks it faces.
- Due diligence – risk-based vetting and ongoing monitoring of employees, agents, subsidiaries and high-risk third parties.
- Communication & training – clear policies, contractual obligations and targeted training to embed a culture of integrity and empower staff to raise concerns (this also includes ensuring that the organisation has appropriate whistleblowing arrangements).
- Monitoring & review – regular testing, data analytics, whistle-blowing mechanisms and lessons-learned to ensure the programme remains effective and evolves with the risk landscape.
Conclusion
The new failure to prevent fraud offence represents a significant expansion of the UK's corporate criminal landscape and is anticipated to be relied upon with enthusiasm by the UK's prosecutorial bodies, including the Serious Fraud Office. Given the scope of application of the new offence beyond just UK companies, it is vital important that companies, including those in South Africa and other jurisdictions, assess their potential exposure and review fraud prevention frameworks accordingly.
From experience, many fraud prevention programmes focus on fraud committed against the organisation by its employees, but do not focus on the risk of fraud committed for the company's benefit. Fraud prevention programmes of this nature will not be sufficient for purposes of reliance on the statutory defence discussed above.
ENS' Forensics team is able to support companies to align their compliance programmes with the six principles approach as outlined in the fraud prevention Guidance. This includes assessing the relevance of the new 'failure to prevent fraud' offence and strengthening internal controls to enhance both legal and overall fraud risk management
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
