INTRODUCTION
Welcome to the inaugural edition of our White Collar Crime & Investigations Bulletin. This publication provides insights into the latest trends, enforcement updates and regulatory developments in the realm of white-collar crime and corporate investigations. In this edition, we specifically cover the Failure to Prevent Fraud offence under the UK Economic Crime and Corporate Transparency Act 2023, which will take effect on 1 September 2025.
Our aim is to equip businesses operating in India with essential insights and practical guidance on how to navigate these evolving compliance challenges and mitigate emerging risks..
FAILURE TO PREVENT FRAUD: IS YOUR ORGANIZATION READY?
The UK's Economic Crime and Corporate Transparency Act 2023 (ECTA) introduces a game-changing offence—the Failure to Prevent Fraud (FTPF)—which will come into effect on 01 September 2025. This provision holds organizations criminally liable if an employee, agent, subsidiary, or any another ‘associated person' commits fraud intending to benefit the organization (or a client of the organization), and the organization fails to implement ‘reasonable' fraud prevention procedures. Importantly, the law does not require evidence that directors or senior managers ordered or were aware of the fraud. Instead, it places a duty on organisations to prevent fraudulent activities at all levels, shifting corporate culture towards proactive fraud prevention.
Who is at risk?
The FTPF offence introduces significant legal implications for both parent companies and their subsidiaries, particularly in cross-jurisdictional contexts.
Subsidiaries as ‘Associated Persons': A subsidiary undertaking of a large organisation is considered an associated person for the purpose of this offence. This means that if a subsidiary commits fraud, the parent company can be held liable for failing to prevent the fraud if the fraud is committed for the benefit of the parent company or its clients.
Fraud committed by employees of subsidiaries:
- If an employee of a subsidiary commits fraud to benefit the subsidiary, the subsidiary can be prosecuted.
- If the fraud is committed to benefit the parent company, the parent company can be prosecuted, even if the fraud takes place in the subsidiary's operations.
The term ‘intending to benefit' refers to an organisation being liable for failure to prevent fraud even if it does not receive the direct benefit, as long as the fraud was intended to benefit the organisation or its clients. This includes situations where a fraudster's actions primarily benefit themselves but also indirectly benefit the organisation, such as increasing sales. The organisation can still be prosecuted, even if the fraud's primary motive was personal gain.
UK-nexus requirement:
For prosecution, there must be a UK nexus, meaning:
- At least one element of the fraud occurred in the UK, or
- The gain or loss happened in the UK.
Building a robust fraud prevention framework:
To mitigate the risk of prosecution, organizations must implement strong, proactive fraud prevention measures based on the six core principles outlined in the guidance under the ECTA. These principles should serve as a foundational framework for compliance and be adopted as best practices. However, organizations should also tailor and expand their fraud prevention efforts to address their specific risks and operational needs. At a high level, they are:
1. Establish top-level commitment
Fraud prevention starts at the top. The board of directors, partners, and senior management must foster a ‘zero-tolerance' culture, ensuring integrity remains uncompromised.
- Demonstrate leadership commitment to preventing fraud.
- Clearly communicate ethical standards across the organisation.
- Develop a robust anti-fraud policy that aligns with corporate values.
2. Conduct a comprehensive fraud risk assessment
A dynamic, regularly updated risk assessment is essential for identifying vulnerabilities. To do so effectively, organizations should consider the three elements of the Fraud Triangle: Opportunity, Motive, and Rationalisation.
- Analyse industry-specific fraud risks, geographical exposure, and business relationships.
- Prioritise high-risk areas based on likelihood and potential impact.
- Adapt risk assessments to emerging fraud trends and regulatory updates.
3. Implement proportionate fraud prevention procedures
Fraud prevention must be tailored to the organisation's size, scale, and complexity.
- Define clear internal controls, approval processes, and segregation of duties.
- Ensure fraud prevention measures are practical, enforceable, and well-documented.
- Allocate resources strategically to higher-risk areas.
4. Strengthen due diligence processes
A risk-based due diligence approach helps identify and mitigate fraud risks associated with third parties.
- Screen employees, agents, and subsidiaries for compliance with anti-fraud standards.
- Establish continuous monitoring of business relationships.
- Implement strict onboarding and review policies for third-party partrs
5. Develop effective communication and training programs
Fraud prevention policies must be well-communicated and understood at all levels.
- Deliver tailored training to employees based on their roles and responsibilities.
- Raise awareness about fraud risks, prevention policies, and reporting mechanisms.
- Promote confidential whistleblowing channels for reporting suspicious activity.
6. Implement robust monitoring and review mechanisms
Ongoing monitoring and improvement ensure fraud prevention measures remain effective.
- Conduct periodic audits to assess the strength of fraud controls.
- Develop an incident response plan for investigating and addressing fraud cases.
- Document all fraud prevention efforts, from risk assessments to training programs.
Final thoughts: Are you ready?
The introduction of the FTPF offence under the ECTA marks a fundamental shift in corporate accountability. The six core principles outlined above—serving as a strategic framework for compliance—are essential for demonstrating that reasonable procedures were implemented to prevent fraud.
Ultimately, the onus will be on organizations to prove, on the balance of probabilities, that such procedures were in place. The standard of ‘reasonableness' will be determined based on various factors, including the organization's size, complexity, and specific risk exposure. To defend against potential allegations of non-compliance, it will be critical for companies to meticulously document all fraud prevention measures, from risk assessments to training programs.
Given the significant potential implications of this new law, it is essential for companies to ensure they fully understand and implement the necessary steps to comply. Legal counsel should be consulted to navigate any uncertainties, particularly in relation to the nuances of the law's application to multinational operations. As this offence marks a new era in corporate accountability, organizations must remain vigilant in maintaining up-to-date fraud prevention practices and documentation. The time for action is now.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.