The Economic Crime and Corporate Transparency Act 2023 (ECCTA) marks a significant shift in the UK's approach to tackling economic crime. With its introduction, the government has made clear its intention to impose greater accountability on businesses, encouraging them to take a proactive stance against fraudulent conduct. A cornerstone of this legislative overhaul is the creation of a new "failure to prevent fraud" offence, which comes into force on 1 September 2025.
Under this new offence, large organisations will be held criminally liable if they fail to prevent fraud carried out by individuals or entities "associated" with them, where that fraud was committed for the benefit of the organisation. Associated persons may include employees, subsidiaries, agents, or other third parties acting on the organisation's behalf.
Significantly, liability arises even if senior management was unaware of the misconduct. The only statutory defence available is having "reasonable fraud prevention procedures" in place. A conviction may result in unlimited fines, further regulatory scrutiny, and reputational damage.
Who does the offence apply to?
The offence is targeted at "large organisations", which are defined as entities meeting at least two of the following criteria in the financial year prior to the alleged offence:
- More than 250 employees
- More than £36 million in annual turnover
- More than £18 million in total assets
It is therefore crucial for organisations operating at or above this threshold to assess their risk exposure and ensure that compliance measures are in place well ahead of the September 2025 implementation date.
Taking Steps to Ensure Compliance
The introduction of this offence creates a strong incentive for organisations to review and strengthen internal anti-fraud controls. Importantly, the law recognises that fraud can still occur despite robust procedures. However, where reasonable steps have been taken to prevent such conduct, a company can avoid liability.
The Six Principles of a Robust Fraud Prevention Framework
Guidance accompanying the new offence highlights six core principles that should inform the design and implementation of fraud prevention procedures:
- Top-Level Commitment
Senior leadership must actively support and promote a culture of integrity and compliance. - Risk Assessment
Businesses must regularly assess the nature and extent of their exposure to fraud risks, tailored to their size, sector, and operational model. - Proportionate Procedures
Anti-fraud measures must be proportionate to the risks faced, reflecting the scale and complexity of the organisation. - Due Diligence
Reasonable steps must be taken to understand and monitor associated persons and business relationships. - Communication
Anti-fraud policies must be clearly communicated, and relevant personnel should receive appropriate training. - Monitoring and Review
Procedures should be subject to ongoing evaluation and improvement to ensure their continued effectiveness.
These principles are intended to be flexible and outcome-focused, allowing organisations to develop controls that are realistic, appropriate, and fit for purpose.
The introduction of the failure to prevent fraud offence represents a transformative change in corporate criminal liability in the UK. While the potential penalties are severe, the law offers organisations a clear path to protection: put in place reasonable and effective fraud prevention procedures.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
