- within Compliance, Wealth Management and Tax topic(s)
- with Senior Company Executives, HR and Finance and Tax Executives
- with readers working within the Healthcare industries
As of 1st September 2025, large companies in the UK are exposed to criminal liability if they fail to prevent fraud carried out for the benefit of their employees, agents, subsidiaries, or other "associated persons" under the Economic Crime and Corporate Transparency Act (ECCTA) 2025. This new UK fraud prevention law introduces the "failure to prevent fraud" offence, which applies to large organisations and carries the risk of unlimited fines.
A possible defence is to demonstrate that "reasonable procedures" are in place to comply with ECCTA guidance. We take a look at what role contract wording plays as part of those reasonable procedures and how it aligns with ECCTA compliance, fraud risk assessment, and UK government fraud offence guidance.
What is the "failure to prevent fraud" offence?
The Economic Crime and Corporate Transparency Act 2023 (ECCTA) has created the new offence of "failure to prevent fraud", representing a significant change in corporate responsibility.
The legislation removes the requirement to prove that senior management was involved, instead obliging organisations to show they had reasonable procedures in place to deter fraudulent behaviour committed by a person "associated" with them. A person associated with an organisation includes an agent and a supplier performing services for and on behalf of that organisation.
Companies will fall within the scope of this offence if they meet at least two of the following thresholds:
- more than 250 employees;
- an annual turnover greater than £36 million; or
- assets exceeding £18 million.
Non-compliance may result in unlimited fines, damage to reputation and the risk of prosecution by the Serious Fraud Office or the Crown Prosecution Service.
Reasonable procedures and anti-fraud clauses
There is no one-size-fits-all approach as what is reasonable will depend on the organisation. However, in most cases, it will mean implementing a range of measures and being able to prove that the organisation has taken active steps to engage with and enforce these measures.
If the relevant organisation has implemented reasonable procedures to prevent such conduct, that is a defence under ECCTA.
- top level commitment;
- risk assessment;
- proportionate risk-based prevention procedures;
- due diligence;
- communication (including training); and
- monitoring and review.
One of the measures specially cited by the government under the third and fourth principles, proportionate risk-based prevention measures and due diligence, relates to the inclusion of clauses in the organisation's contracts. In particular, the government refers to reviewing services contracts - as well as contracts with agents - to "include appropriate obligations requiring compliance and ability to terminate in the event of breach where appropriate".
Therefore, the incorporation of anti-fraud provisions within contracts with suppliers and agents in particular could, where appropriate, play an important contributory role in demonstrating that an organisation has taken reasonable steps to prevent fraud.
Indeed, as has become the norm with other corporate compliance requirements such as anti-bribery, modern slavery and anti-tax evasion, we are starting to see our clients incorporate these clauses in their standard compliance provisions, whether within their supply contracts or, as is becoming increasingly common, within their supplier handbooks or codes of conduct.
Content of the anti-fraud clause
The length and detail of the clause is likely to depend on the risk profile. However, we anticipate that such clauses should include, as a minimum, obligations requiring the supplier or agent to:
- comply with the law;
- comply with the organisation's or other appropriate anti-fraud policies (perhaps by reference to a supplier code of conduct);
- notify the organisation of any suspected fraud;
- allow for audits to ensure compliance;
- co-operate in any fraud investigations; and
- a right for the organisation to terminate contract if the supplier/agent breaches the clause.
In addition, consideration should also be given to the supplier/agent providing assurances or a warranty that there has been no breach of the relevant law and that there has been no investigation by a regulatory authority.
Time for a single compliance clause?
Given the growing number of areas in which businesses are seeking contractual assurances from their suppliers, those responsible for contract templates may want to consider bundling the compliance issues into a single clause.
Traditionally, contracts include separate clauses for each compliance area, such as anti-bribery compliance or modern slavery compliance etc. However, adding a new clause for every emerging requirement may not be sustainable. Since most compliance areas share common themes (legal and policy adherence, notification duties, audit rights, and termination provisions), a single, consolidated compliance clause could be a more practical approach.
A clause is not enough
Including a contractual clause in relevant contracts is not enough. A clause is only part of the "reasonable procedures" a business needs to develop and apply. The court cases on the analogous requirement under the UK Bribery Act to have "adequate procedures" indicates that a business needs a broad approach in order to benefit from the defence.
Read the original article on GowlingWLG.com
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
