Failure To Prevent Fraud Offence: The Private Credit Outlook

Introduction

Section 199 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) took effect on September 1, 2025, introducing a new failure to prevent fraud offence (FTPF Offence) with extraterritorial impact.

Under the FTPF Offence, 'large organizations' can be found liable for frauds committed by an 'associated person' (including employees) if the fraud was conducted with the aim of benefitting (directly or indirectly) the organization or a person to whom it provides services. The FTPF Offence is a criminal offence and can result in unlimited fines.

The silver lining for organizations is that it is a complete defence to the FTPF Offence for firms that have reasonable procedures in place to prevent fraud. Accordingly, to the extent that private credit firms have not already done so, they should conduct fraud risk assessments and implement appropriate controls to mitigate any identified risks.

The FTPF Offence

The FTPF Offence can be split into five key elements:

1. Large Organizations: a 'large organization' meets at least two of the following three criteria:

• more than 250 employees,
• more than £36 million turnover,
• and/or more than £18 million in assets.

The thresholds can apply on a parent/consolidated basis where applicable – small UK entities within large global groups can still be in scope.

2. Fraud: there must be an underlying base fraud. These include fraud offences prescribed by the Fraud Act 2006, the Theft Act 1968, the Companies Act 2006 and common law.

3. Associated person: The person committing the underlying fraud offence must be an employee, agent or subsidiary of the organization or otherwise performing services for or on behalf of the organization. In a private credit context, this could include:

• Partners or managers of a firm
• Employees and secondees of the manager
• Placement agents/introducers/finders
• Outsourced loan servicers/special servicers acting on behalf of the fund/manager
• Co‑origination partners mandated to act for the manager or fund
• Corporate directors or entity service providers acting for fund SPVs. Many professional advisers (e.g., auditors, external counsel) typically act independently (i.e. they provide services to the organization rather than providing services for or on its behalf) and, as such, are less likely to be associates; this will require a fact‑specific analysis.

4. Services: these must be provided for or on behalf of the body by the associated person.

5. Intention of Benefitting: the fraud must be intended to benefit the relevant body (e.g. the firm or the manager) or a person to whom it provides services (e.g. the fund or the investors). There is no requirement the organization actually receive a benefit, and the intention to benefit does not need to be the primary purpose of the fraud.

Private credit firms should assess how the FTPF Offence could be triggered by the conduct of employees and other associated persons, and how liability can cascade across the private credit ecosystem (manager/GP, adviser, fund, SPV).

Aggressive revenue-linked targets or compensation structures can heighten the fraud risk by incentivising misstatements or omissions—for example, inflating AUM, misstating fee terms or performance, over‑optimistic pipeline or valuation marks, or providing marketing, diligence materials, reports, or prospectuses that are knowingly or recklessly misleading.

More traditional concepts of fraud that benefit only the inpidual (e.g. expense fraud or embezzlement from the firm) are generally outside the scope of the FTPF Offence because the benefit test (applied to the organisation) is not met.

How Private Credit Firms Can Prepare

Guidance on the FTPF Offence published by the UK government in November 2024¹ (the 'Guidance') states that fraud prevention procedures put in place by relevant organizations should be informed by the following six principles:

Top level commitment – this means that those in charge of the governance of the organization (i.e. senior executives, partners and/or the board) should be responsible for ensuring the prevention and detection of fraud. Those same senior inpiduals should also be clear in their commitment to preventing associated persons from committing fraud.

Risk assessments – this is essentially reviewing the nature and extent of the firm's exposure to fraud risks. The Guidance specifically notes organizations should undertake risk assessments with the three elements of the fraud triangle in mind: opportunity, rationalization and motivation. This involves considering whether associated persons have the opportunity to commit fraud, whether fraud is incentivized by any internal policies at the company (for example, bonus schemes, origination metrics or other sector-specific risks in private credit) and whether fraud is 'quietly tolerated' in the organization and/or prevalent in the private credit sector.

Proportionate risk-based fraud prevention procedures – this means each firm should draw up a fraud prevention plan, with proportionate policies and fraud prevention procedures taking account of the level of risk identified in the firm's risk assessment. What is 'proportionate' depends on the size of the organisation, the level of control and supervision the organization can exercise over its 'associates' and the relevant body's proximity to their 'associates'.

Due diligence – this requires firms to conduct appropriate and proportionate due diligence in respect of 'associated persons'. In the private credit context, this means firms must ensure their due diligence is robust enough to detect fraud risks at all stages of the investment lifecycle (e.g. risk-based onboarding and oversight of placement agents, introducers, servicers, co-origination partners and SPV directors).

Communication (including training) – this involves internal and external communications to ensure that the fraud prevention policies and procedures are cascaded throughout an organization. In this regard, such policies and procedures should be clear and accessible, educating employees (e.g. in IR/marketing, origination, valuations, and portfolio operations) as to the elements of the FTPF Offence and how best to mitigate or otherwise avoid the fraud risk that the organization faces.

Monitoring and review – this means that an organization should regularly monitor and review its fraud detection and prevention procedures and organizations, making improvements where necessary. The use of data analytics and AI should be considered as part of the prevention toolkit.

The Guidance concedes different organizations are likely to have differing levels of control over the policies of their associated persons.

Private credit control focus

In light of the above, private credit firms may consider taking the following steps to mitigate fraud risks:

• Firms may centralize pre‑clearance of marketing materials, maintain appropriate evidence for performance and ESG claims, and provide approved scripts to placement agents.
• Valuation and reporting could include independent price verification, documented override logs with committee challenge and/or clear audit trails.
• For fund‑finance reporting, organizations may apply segregation of duties and dual‑control to lender deliverables (including borrowing‑base and NAV certificates), and periodic (external) sample checks or independent recalculation could be used to enhance assurance.
• Oversight of third parties may be supported by contractual fraud undertakings, training/attestations, audit and termination rights, and proportionate KPI monitoring, recognizing that the depth of controls should reflect practical leverage over each 'associated person'.
• A firm may also consider refreshing their maker‑checker protocols, tighten independence and documentation, and introduce targeted independent recalculation (by an internal or external reviewer) for high‑impact deliverables such as borrowing‑base / NAV certificates and valuation overrides.

Conclusion

The FTPF Offence is the broadest among the "failure to prevent" offences to be enacted in the UK to date. To the extent they have not already done so, private credit firms should ascertain whether they have reasonable fraud prevention measures in place with full backing from senior management and that these have been communicated to the wider organization. The FTPF Offence has extraterritorial effect, so firms headquartered outside the UK with subsidiaries or operations in the UK should also be made aware and adapt their risk assessments accordingly.

Footnote

1. https://assets.publishing.service.gov.uk/media/67f8ef1845705eb1a1513f35/Failure+to+Prevent+Fraud+Guidance+-+English+Language+v1.6.pdf

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.