New UK Government guidance on failure to prevent fraud offence

Earlier this week the UK government published its long-awaited guidance on the new corporate criminal offence of “failure to prevent fraud”, introduced under the Economic Crime and Corporate Transparency Act 2023. This new legislation, set to come into force on 1 September 2025, aims to hold large organisations accountable if they benefit from fraudulent activities conducted by their employees, agents, subsidiaries, or other associated persons.

We summarise below the key points of the guidance, highlight what new information it provides, and explain what this could mean for organisations.

Overview of the offence

The “failure to prevent fraud” offence is designed to encourage organisations to implement robust fraud prevention measures by holding organisations to account for fraud committed within an organisation. Under this offence, a company can be held criminally liable if an employee or other associated person commits fraud intending to benefit the organisation, and the organisation did not have reasonable fraud prevention procedures in place at the time. This is similar to the “failure to prevent bribery” offence introduced in 2010, which has significantly reshaped corporate culture around bribery prevention.

New information in the guidance

The recently published guidance provides several new details and clarifications to the original legislation:

• Detailed principles for prevention: While the legislation introduced the requirement for reasonable fraud prevention procedures, the guidance elaborates on what constitutes “reasonable” by outlining six specific principles. This provides organisations with a clearer framework for compliance.
• Examples of fraudulent activities: The guidance offers concrete examples of fraudulent activities that could trigger the offence, such as dishonest sales practices and hiding important information from consumers or investors. This helps organisations better understand the types of conduct that need to be addressed.
• Exclusions and applicability: The guidance clarifies that the offence applies only to large organisations, explicitly excluding SMEs, to avoid placing undue burdens on smaller businesses. 
• Enforcement and penalties: The guidance emphasises the role of enforcement agencies like the SFO in monitoring compliance and prosecuting non-compliant organisations. It also highlights the potential for unlimited fines, underscoring the seriousness of the offence.

Key points from the guidance

What organisations are captured by the offence?

• The offence applies to large organisations, which are defined in the legislation as having a turnover of more than £36million, a balance sheet total of more than £18million and more than 250 employees for the financial year preceding the year in which the fraud was committed. 
• Whilst the offence currently only applies to large organisations, the guidance makes the point that the principles should be considered “good practice” and so could be helpful for smaller organisations.  
• The guidance clarifies the types of organisations to which the offence will apply, including:
  
  • Organisations incorporated under the Companies Act 2006
  • Royal Charter organisations
  • Organisations incorporated under statute, for instance, certain Government Agencies, NHS organisations (such as integrated Care Boards or NHS Trusts)
  • Partnerships, including Limited Partnerships and Limited Liability Partnerships and unincorporated partnerships
  • Societies under the Co-operative and Community Benefit Societies Act 2014
  • Incorporated charities

What types of fraud are covered by the offence?

• The offence applies to a wide range of fraudulent activities, such as dishonest sales practices, hiding important information from consumers or investors, and dishonest practices in financial markets.
• The offence covers fraud committed by employees, agents, subsidiaries or other “associated persons” who provide services on behalf of the organisation, where there was an intention to benefit the organisation or its clients.
• It does not need to be demonstrated that the organisation's senior management or directors knew about or approved the fraud. 
• As it is a corporate offence, an individual who failed to prevent fraud cannot be liable for this offence. 
• The guidance provides important clarification - all that needs to be shown is that the conduct by the employee or associated person constitutes a fraud offence. This means that an organisation can be prosecuted for failure to prevent fraud regardless of whether the individual is prosecuted.

What does “intending to benefit” mean?

• The guidance makes clear that an organisation does not need to receive any benefit for the offence to apply - only an intention for the organisation or the clients of the organisation to be the beneficiary.  
• The intention to benefit the organisation or its clients does not have to be the only or the dominant motivation for the fraud – for instance if the person committing the fraud is also intending to benefit, the offence may also be triggered.
• An organisation is not liable if it is the victim or intended victim of the fraud.

Reasonable fraud prevention procedures:

Organisations must demonstrate that they had reasonable procedures in place to prevent fraud. The guidance outlines six principles to help organisations develop these procedures:

1. Proportionality: Measures should be proportionate to the size, nature, and complexity of the organisation, taking into account the nature of the frauds it faces and how prevention can be effectively implemented.
2. Top-level commitment: Senior management must be committed to preventing fraud, fostering a culture where “fraud is never acceptable”.
3. Risk assessment: Regular assessments should be undertaken to identify and mitigate fraud risks.
4. Due diligence: Thorough checks should be made on employees, agents, and business partners, using appropriate technology, and tailoring due diligence to the different types of risk that an organisation faces.
5. Communication and training: Clear communication and regular training on fraud prevention should be given (and in particular, specific training for those in higher risk positions).
6. Monitoring and review: Ongoing monitoring and periodic review of fraud prevention measures should be conducted, which should include consideration of: the effectiveness of the measures in detecting attempted fraud; and how an investigation into suspected fraud would be carried out. 

What this means for organisations

This new guidance underscores the importance of proactive fraud prevention. Here are some steps organisations should consider:

• Review and enhance existing procedures: Assess your current fraud prevention measures and ensure they align with the six principles outlined in the guidance.
• Engage senior management: Ensure that your top-level management is visibly committed to fraud prevention.
• Conduct regular risk assessments: Identify potential fraud risks within your organisation and implement measures to mitigate them.
• Implement comprehensive training programmes: Educate your employees and associated persons about fraud risks and prevention strategies.
• Monitor and review: Continuously monitor the effectiveness of your fraud prevention measures and make necessary adjustments, including investigating suspected fraud. 

Contact us for expert advice

Navigating the complexities of the new “failure to prevent fraud” offence can be challenging. At Mills & Reeve, our team of experienced litigation solicitors is here to help you understand the implications of this guidance and ensure your organisation is compliant. Contact us to discuss how we can assist you in developing and implementing effective fraud prevention strategies.

By staying informed and proactive, you can protect your organisation from the risks associated with fraud and ensure compliance with the latest legal requirements. For more detailed advice tailored to your specific needs, please contact our team at Mills & Reeve.

Our content explained