On 1 September 2025, the new offence of 'failure to prevent fraud', which was introduced as part of the Economic Crime and Corporate Transparency Act 2023 ('ECCTA'), will come into force. Recently published guidance has provided some welcome clarity on how organisations can prepare.
The new offence will mean that organisations will be held criminally liable where an employee, agent, subsidiary or other 'associated person' who provides services for or on behalf of the organisation, commits a fraud intending to benefit the organisation or their clients. The organisation's senior managers or directors do not need to order, or know about the fraud for the offence to bite.
The offence applies only to large organisations (including partnerships and charities) which, broadly speaking, is defined as meeting at least two of the following criteria in the financial year preceding the fraud:
- more than 250 employees;
- more than £36 million turnover; and
- more than £18 million in total assets.
The criteria apply to the whole organisation, including subsidiaries, regardless of where the organisation is headquartered or where its subsidiaries are located. There are detailed provisions about how to calculate each of the criteria above, but it is important to note that if resources are held across a parent company and its subsidiaries and they cumulatively satisfy the size thresholds, that group will be in the scope of the offence.
The new offence will not extend to individual liability for those who may have failed to prevent fraudulent behaviour, though they may be prosecuted under existing fraud law.
Organisations will have a defence if they can show that they had 'reasonable prevention procedures' in place to prevent fraud, or if they can show that it was not reasonable to expect them to have any prevention procedures in place.
While reasonable fraud prevention procedures will be assessed by the courts on a case-by-case basis, the recent Home Office guidance sets out six principles:
- top level commitment;
- risk assessment;
- proportionate risk-based prevention procedures;
- due diligence;
- communication (including training); and
- monitoring and review.
The guidance expands upon these principles, with examples of good practice. For example, partners and senior management should proactively communicate and endorse their organisation's stance on fraud prevention and ensure that a reasonable budget is allocated to anti-fraud measures, such as staff training.
The guidance also sets out a helpful overview of the offence and considers the overlap between the offence and existing regulatory requirements.
Organisations have a matter of months to assess, improve and (if necessary) implement reasonable policies and procedures to detect and prevent fraud, so they should act now.
HR professionals may also wish to consider including reference to the offence in whistleblowing and other policies.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
