Failure to Prevent Fraud

Understanding the UK's New Corporate Criminal Offence

As of September 1, 2025, large organisations operating in the UK will face significant new criminal exposure for fraud committed by anyone acting on their behalf – Arbor Law’s Pregeshni Maduramuthu examines the new offence and its implications for UK businesses.

The Economic Crime and Corporate Transparency Act 2023 (“Act”) introduces a strict liability offence that fundamentally alters corporate criminal liability, removing the traditional requirement to prove senior management knowledge or involvement.

Background

This Failure to Prevent Fraud (“FTPF”) offence marks the most significant expansion of corporate criminal liability since the Bribery Act 2010. Unlike previous frameworks that required prosecutors to identify a “directing mind and will”, the new legislation imposes automatic liability, subject only to one defence: proving reasonable fraud prevention procedures were in place.

What is the Failure to Prevent Fraud Offence?

The FTPF offence holds large organisations criminally liable when their associated persons commit specified fraud offences intended to benefit the organisation or its clients. This represents a fundamental departure from traditional corporate criminal liability principles.

The offence became law when the Act received Royal Assent in October 2023, with government  guidance published on November 6, 2024. Under the strict liability framework, prosecutors must show only that an associated person committed a qualifying fraud offence with intent to benefit the organisation. The organisation’s knowledge, approval, or involvement is irrelevant.

This approach mirrors the “failure to prevent” models under the Bribery Act 2010 and Criminal Finances Act 2017. The Serious Fraud Office (“SFO”) has indicated it will prioritise enforcement, especially where systemic failures in fraud prevention are evident.

Which Organisations Are Subject to the Offence?

The offence applies to “large organisations” meeting at least two of the following criteria during the financial year when fraud occurred:

  • More than 250 employees
  • More than £36 million in annual turnover
  • More than £18 million in total assets

These thresholds apply to corporate bodies, partnerships, limited liability partnerships, and certain charitable organisations, including overseas entities carrying on business in the UK.

For corporate groups, thresholds apply on an aggregate basis, meaning that parent companies may be liable for the combined metrics of their subsidiaries (and vice versa). This ensures organisations cannot avoid liability by fragmenting operations across smaller entities.

Key Elements of the Offence
Associated Persons

The term “associated person” is interpreted broadly, covering anyone performing services for or on behalf of the organisation, not just employees. This includes agents, subsidiaries, contractors, intermediaries, joint venture partners, and consultants.

Professional advisers acting in purely advisory roles (e.g. external lawyers or auditors) are generally excluded.

Intent to Benefit Requirement

The fraudulent act must be intended to benefit the organisation or its clients. This benefit can be financial or non-financial, such as enhanced reputation, competitive advantage, regulatory compliance, or cost savings. 

Actual benefit need not materialise, and mixed motives do not exclude liability.

Specified Fraud Offences

The offence applies to a defined set of underlying crimes listed in Schedule 13 to the Economic Crime and Corporate Transparency Act 2023.

There are nine specified fraud offences, including:

  1. Fraud by false representation – section 2, Fraud Act 2006
  2. Fraud by failing to disclose information – section 3, Fraud Act 2006
  3. Fraud by abuse of position – section 4, Fraud Act 2006
  4. Obtaining services dishonestly – section 11, Fraud Act 2006
  5. Participation in a fraudulent business by a sole trader – section 9, Fraud Act 2006
  6. False accounting – section 17, Theft Act 1968
  7. False statements by company directors – section 19, Theft Act 1968
  8. Fraudulent trading – section 993, Companies Act 2006
  9. Cheating the public revenue – common law offence

Money laundering and tax evasion are not included, as these are already addressed under the Proceeds of Crime Act 2002 and the Criminal Finances Act 2017 (Failure to Prevent the Facilitation of Tax Evasion) offences respectively.

Territorial Scope and Jurisdiction

The offence has extensive extraterritorial effect, applying to both UK and overseas entities with UK connections. For UK organisations, liability applies regardless of where the underlying fraud occurs.

Overseas organisations become subject to the offence if they carry on business in the UK and the fraudulent conduct has sufficient UK nexus, including when:

  • The underlying fraud occurred in the UK
  • UK victims or property were targeted
  • UK  economic interests were affected
  • The perpetrator was based in the UK
Defence: Reasonable Fraud Procedures

The sole defence is that the organisation had reasonable procedures in place to prevent fraud. The Government guidance identifies six core principles:

  1. Top-level Commitment. Senior management must actively lead, allocate resources, and model anti-fraud behaviour. 
  1. Risk Assessment. Comprehensive identification and evaluation of fraud risks across all business activities, geographical locations, and business relationships. 
  1. Proportionate Procedures. Tailor controls to the organisation’s specific risk profile. 
  1. Due Diligence. Conduct robust screening of associated persons and third parties. 
  1. Communication and Training. Ensure staff and partners understand their responsibilities. 
  1. Monitoring and Review. Continuously assess and enhance procedures.
Penalties and Enforcement

Conviction exposes organisations to unlimited fines, with courts considering factors including:

  • Seriousness of underlying fraud and victim impact
  • Organisation’s turnover and financial position
  • Any gains derived from fraudulent conduct
  • Adequacy of prevention procedures
  • Cooperation with investigations

Fines may reach hundreds of millions of pounds for major organisations. Beyond financial penalties, consequences include public contract debarment, regulatory action, and severe reputational damage.

Deferred Prosecution Agreements (DPAs) remain available where organisations cooperate and commit to remediation.

Sector-Specific Risks

Different industries face distinctive fraud risks:

  • Financial services: client onboarding, regulatory reporting, transaction monitoring.
  • Manufacturing: supply chain and procurement fraud.
  • Technology: data manipulation, IP misrepresentation.
  • Healthcare: clinical data integrity and regulatory submissions.
Conclusion

The Failure to Prevent Fraud offence marks a transformative development in UK corporate criminal law.

Organisations must act now to review fraud risk assessments, strengthen prevention procedures, and demonstrate top-level commitment to compliance.

How Arbor Law can help 

For further information on the Failure to Prevent Fraud offence, or to discuss how your organisation can develop robust fraud prevention procedures, please contact me.

About Pregeshni Maduramuthu

Pregeshni is a senior compliance, risk and governance professional with more than 15 years of experience working within the financial services industry. Pregeshni works with financial services clients regulated by the FCA and PRA, advising on regulatory authorisation, regulatory change, conflict management, governance frameworks, compliance controls and market abuse frameworks.