With days to go before the UK's new "failure to prevent fraud" offense comes into force under the Economic Crime and Corporate Transparency Act 2023 (ECCTA), the Crown Prosecution Service (CPS) and Serious Fraud Office (SFO) have jointly updated their Corporate Prosecution Guidance.
While a key feature of ECCTA is the introduction of an offense to hold companies liable for failure to prevent fraud in their organization, the updates by the CPS and SFO reflect the separate provisions within ECCTA that establish corporate liability for economic offenses committed by senior managers.
The updated guidance renews focus on the imminent expansion of potential corporate offending and provides a reminder for companies to finalize their targeted compliance programs.
The Announcement
On August 18, 2025, the CPS and SFO updated their guidance on establishing corporate liability for economic offenses committed contrary to ECCTA, which is due to come into effect on September 1, 2025.
Under previous legislation, companies could only be held accountable for the actions of individuals who were the "directing mind and will of the company," under the common law identification doctrine. Historically, the identification doctrine presented limitations for prosecutors who were often faced with a steep evidential burden in order to establish who was the directing mind of the company, taking into account the particular circumstances of the individual, their acts and state of mind at the time of the offense, and the constitution of the company. Identifying such individuals in large organizations has proved significantly challenging, especially in companies with complex structures and varying levels of hierarchy across teams, departments, and at the board level.
The updated guidance serves as a reminder that, under ECCTA, prosecutors no longer need to establish that the individual was the "directing mind and will" of the company. Now, offenses committed by "senior managers" will suffice for the purpose of attributing corporate liability, defined as an individual who "plays a significant role in either the making of decisions about how the whole or a substantial part of the organization's activities are to be managed or organized," or "the actual managing or organizing of the whole or a substantial part of those activities."
While the apparent widening of the net is likely to lower existing evidential challenges in holding companies accountable, burdens will remain, particularly in demonstrating the "significance" of the individual's role.
What Does This Mean in Practice?
As ECCTA was announced in 2023, companies should now have enhanced and specific compliance programs in place that are designed to mitigate the unique risks of fraud being committed by employees or associated persons of the business. Additionally, we expect that organizations will already have considered their exposure to criminal liability if certain economic offenses were to be committed by senior managers and have adapted their policies accordingly.
Last year, the UK government issued six guiding principles to inform compliance measures and to mitigate against the risk of fraud, which are akin to the principles issued regarding the implementation of "adequate measures" under the Bribery Act 2010. Under these principles, senior managers are likely to be required to:
- Communicate and endorse the organization's stance on preventing fraud.
- Ensure clear governance across the organization with respect to the fraud prevention framework.
- Commit to training and resourcing.
- Lead by example and foster an open culture, where staff feel empowered to speak up if they encounter fraudulent practices.
In its overview of the updated guidance, the CPS reminded companies to "finalize" preparations for ECCTA coming into force and ensure that policies specifically consider the roles and responsibilities of their senior workforce in combating fraud.
Looking Ahead
While compliance measures, if deemed "reasonable," will offer a complete defense to a company's failure to prevent fraud, no measure will be relevant if a senior manager commits an economic offense — the company will, in that instance, be exposed to a risk of having committed the primary offense itself.
The CPS has further reminded large companies that they could face prosecution if they do not maintain "proper fraud prevention procedures ... which will in turn encourage better corporate behavior." The focus on "better corporate behavior" will likely be most relevant to companies when assessing their exposure to liability in connection with the conduct of their senior managers.
In light of the updated guidance, companies should ensure that their existing anti-fraud measures are dynamic and not simply a paper exercise. Risk assessments should be conducted at regular intervals, and measures should be adapted to remain responsive and proportionate to the evolving risks of fraud. Importantly, compliance programs should address specific vulnerabilities within the business that are at risk of exploitation by senior managers and adopt a zero-tolerance approach at a senior level, which is subsequently embedded throughout the business.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
