UK Fraud Prevention Bombshell: Large Firms Face Unlimited Fines from September 2025 Under New Corporate Liability Law!
Starting September 2025, the Economic Crime Act holds large UK organisations criminally liable for failing to prevent fraud by associates, unless reasonable procedures are proven to be in place.
• public
New Liabilities for Large Employers from September 2025 in England & Wales
Corporate criminal liability is about to transform significantly with the introduction of the Failure to Prevent Fraud Offence under the Economic Crime and Corporate Transparency Act 2023. This groundbreaking legislation will take effect on 1 September 2025 across England and Wales, creating new legal responsibilities for large organisations. If an associated person commits fraud intending to benefit your company, and you lack effective fraud prevention measures, your organisation could face criminal liability regardless of senior management's knowledge or involvement.
The legislation specifically targets large organisations meeting defined criteria rather than small or medium-sized enterprises. This shift represents a move away from requiring proof of senior management complicity toward holding companies accountable for their prevention systems. The potential consequences are severe, including unlimited fines that could substantially impact your business operations and reputation.
Why is this change happening now? Regulatory bodies recognise that traditional approaches to corporate fraud accountability have proven insufficient. By requiring organisations to demonstrate proactive prevention measures, the law aims to create stronger deterrents against fraudulent behaviour across all business sectors.
This comprehensive guide will help you understand the offence's scope, identify who qualifies as an "associated person," and explore the specific fraud types covered under the legislation. You'll also discover the statutory defence of "reasonable fraud prevention procedures" and learn practical steps to implement effective controls before the September 2025 deadline.
What Is the Failure to Prevent Fraud Offence?
Defining the Offence
The Failure to Prevent Fraud Offence establishes a new standard of corporate responsibility that applies exclusively to large organisations. Your company can be held criminally liable if an associated person commits a specified fraud offence with the intention of benefiting your organisation, provided you cannot demonstrate that reasonable prevention procedures were in place. This approach removes the traditional requirement of proving senior management knowledge or direct involvement in fraudulent activities.
The offence operates alongside existing fraud legislation rather than replacing it. This means individual prosecutions can still occur while your organisation faces separate corporate liability charges. The key difference lies in the focus on prevention systems rather than management culpability. Under this new framework, your organisation's ability to demonstrate adequate fraud prevention measures becomes the primary factor in determining liability.
Government guidance emphasises that prevention procedures should be flexible and risk-based, allowing organisations to tailor their approaches according to their specific circumstances. This flexibility recognises that different businesses face varying levels of fraud risk and require proportionate responses. However, the burden of proof remains firmly on your organisation to establish that reasonable measures were implemented and maintained.
Which Organisations Are Covered?
Large organisations fall under this legislation if they meet at least two specific criteria:
- More than 250 people employed
- Annual turnover exceeding £36 million
- Total assets worth over £18 million
These thresholds apply to incorporated bodies, partnerships, and group structures, with consolidated figures used for multi-entity organisations.
The scope extends beyond private companies to include incorporated public bodies and large charitable organisations. If your business operates as part of a larger group structure, the size criteria apply to the entire group rather than individual entities. This comprehensive approach ensures that significant organisations cannot avoid liability through complex corporate structures.
For group organisations, consolidated assessment means that even if individual subsidiaries fall below the thresholds, the entire group remains subject to the legislation if the combined entity meets the criteria. This prevents larger organisations from restructuring to avoid compliance requirements while ensuring that genuinely smaller businesses remain outside the scope.
Understanding "Associated Persons"
Who Is an Associated Person?
The concept of "associated persons" extends far beyond traditional employment relationships to encompass anyone performing services for or on behalf of your organisation. This broad definition includes employees at all levels, agents, consultants, independent contractors, and subsidiary companies. The legislation captures any individual or entity that acts in a service capacity, regardless of their formal contractual status.
This expansive interpretation means that your fraud prevention procedures must account for a diverse range of individuals who might not appear on your payroll but still operate under your business umbrella. Temporary workers, freelance professionals, and third-party service providers all fall within this definition. The law recognises that modern business operations often involve complex networks of relationships that extend beyond direct employment.
Consider how this affects your risk assessment processes. Every consultant hired for a specific project, every agent acting on your behalf, and every subsidiary operating under your corporate structure becomes a potential source of liability. Your prevention procedures must therefore be comprehensive enough to address risks across this entire spectrum of associated relationships.
Expanding the Scope of Liability
The legislation significantly broadens traditional concepts of corporate liability by focusing on the intention to benefit rather than actual benefit received. Your organisation can face prosecution even if the intended benefit never materialises, provided the associated person committed fraud with the purpose of advancing your company's interests. This intention-based approach removes many previous legal barriers to corporate prosecution.
The concept of "benefit" extends beyond direct financial gain to include non-monetary advantages such as enhanced reputation, improved market position, or competitive advantage. This broad interpretation means that fraudulent activities aimed at securing contracts, avoiding regulatory penalties, or gaining business intelligence could all trigger liability under the offence.
Can your organisation be held liable for actions it never authorised or endorsed? Absolutely. The legislation removes the need to prove senior management knowledge or approval. This shift places emphasis on prevention systems rather than management culpability, fundamentally changing how corporate fraud liability is assessed.
Specified Fraud Offences Covered
What Constitutes a "Base Fraud" Offence?
The legislation applies to specific fraud offences defined under UK law, primarily those outlined in the Fraud Act 2006. These include fraud by false representation, fraud by failing to disclose information, and fraud by abuse of position. Additional offences covered include cheating the public revenue, false accounting, and fraudulent trading under various corporate legislation.
Your fraud prevention procedures must address each relevant offence type, ensuring that your monitoring systems can detect the specific warning signs associated with different fraudulent activities. False representation fraud might involve misleading customers about product capabilities, while abuse of position could involve employees using their access to confidential information for personal gain.
Understanding these specific offences helps you tailor your prevention measures appropriately. Generic anti-fraud policies may not provide adequate protection if they fail to address the particular risks associated with each type of specified offence. Your training programmes and internal controls should reflect the diverse nature of potential fraudulent activities.
Extra-territorial Reach
The offence includes extra-territorial application, meaning that fraudulent activities occurring outside the UK can still trigger liability provided there is a sufficient UK connection. This connection might involve part of the offence taking place in the UK, targeting UK-based victims, or involving UK-based associated persons.
For example, if your UK-based employee commits fraud while working overseas on your behalf, or if an overseas-based contractor targets UK customers, the offence could still apply. This global reach reflects the international nature of modern business operations and the need for comprehensive fraud prevention measures.
Your prevention procedures must therefore account for the geographical spread of your operations and associated persons. Consistent standards should apply regardless of location, ensuring that your fraud prevention framework provides adequate protection across all jurisdictions where you operate.
The Defence of "Reasonable Fraud Prevention Procedures"
The Statutory Defence
Your organisation's sole defence against this offence lies in demonstrating that reasonable fraud prevention procedures were in place when the fraud occurred. This defence requires you to prove, on the balance of probabilities, that your organisation met the expected standard of prevention measures. The burden of proof rests entirely on your organisation to establish the adequacy of your procedures.
The defence is not automatic or assumed; it requires active demonstration through documented evidence of your prevention framework. This includes risk assessments, policy documents, training records, monitoring reports, and incident response procedures. Your ability to present comprehensive evidence of your prevention efforts becomes crucial in establishing this defence.
What constitutes "reasonable" depends on your organisation's specific circumstances, including size, complexity, and risk profile. The flexibility built into this standard allows for proportionate responses while maintaining the expectation that all large organisations implement meaningful prevention measures.
The Six Principles of Reasonable Procedures
Government guidance establishes six core principles for reasonable fraud prevention procedures:
- Top-level commitment - Demonstrated leadership from board and senior management in fostering a culture where fraud is unacceptable
- Risk assessment - Regular identification and evaluation of fraud risks across all areas of operations
- Proportionate risk-based prevention procedures - Controls that match the specific risks faced by the organisation
- Due diligence on associated persons - Understanding and managing risks from individuals and entities acting on behalf of the organisation
- Communication and training - Ensuring all personnel understand their responsibilities and the importance of fraud prevention
- Monitoring and review - Keeping prevention framework dynamic and responsive to changing risks and circumstances
These six principles work together to create a comprehensive approach to fraud prevention that addresses all aspects of organisational risk management.
Implementing Reasonable Procedures: Key Steps
Conducting a Comprehensive Risk Assessment
Your fraud prevention programme must begin with a thorough risk assessment that examines every aspect of your business operations. This assessment should identify potential vulnerabilities across all departments, processes, and relationships with associated persons. Consider both internal risks from employees and external risks from contractors, agents, and other third parties.
The assessment process should examine historical fraud incidents, industry-specific risks, and emerging threats that might affect your organisation. Analyse your business model, operational processes, and control environment to identify areas where fraud could occur. Document your findings comprehensively, as this assessment forms the foundation for all subsequent prevention measures.
Regular updates to your risk assessment are essential, with annual reviews representing the minimum frequency. Changes in your business operations, personnel, or external environment may create new risks that require updated prevention measures. Your risk assessment should be a living document that evolves with your organisation.
Developing and Implementing Proportionate Procedures
Based on your risk assessment findings, develop prevention procedures that are proportionate to the identified risks. This involves reviewing existing policies and procedures, identifying gaps, and implementing new controls where necessary. Your procedures should address the specific fraud types most relevant to your organisation while maintaining proportionality with your risk profile.
Implementation requires clear communication of new procedures to all relevant personnel, including training on their responsibilities and the importance of compliance. Establish clear reporting mechanisms that allow employees to raise concerns about potential fraud without fear of retaliation. Regular testing and evaluation of your procedures ensure they remain effective over time.
Your prevention procedures should integrate with existing business processes rather than creating separate, burdensome systems. This integration helps ensure that fraud prevention becomes part of your organisation's routine operations rather than an additional administrative burden.
The Importance of Top-level Commitment and Training
Fostering a Culture of Integrity
Top-level commitment represents the cornerstone of effective fraud prevention, requiring visible leadership from your board and senior management. This commitment must go beyond policy statements to include active participation in fraud prevention initiatives and regular communication about the importance of ethical behaviour. Senior leaders should model the behaviour they expect from others.
"Effective fraud prevention isn't just about compliance – it's about creating a culture where ethical behaviour is embedded in every business decision. The new legislation recognises that prevention is always better than prosecution." - Lisa Osofsky, Director of the Serious Fraud Office
Creating a culture of integrity involves establishing clear expectations, providing adequate resources for fraud prevention, and ensuring that ethical behaviour is recognised and rewarded. Your organisation's values should be communicated consistently and reinforced through management actions. Regular discussion of fraud risks and prevention measures at board level demonstrates ongoing commitment.
Does your leadership team actively participate in fraud prevention training? Senior management involvement in training programmes sends a strong message about the importance of fraud prevention and helps ensure that prevention measures receive appropriate attention and resources.
Communication and Training
Effective communication ensures that all personnel understand their roles in fraud prevention and the potential consequences of fraudulent behaviour. Your communication strategy should include regular updates on fraud risks, prevention procedures, and the importance of reporting suspicious activities. Tailor your messages to different audiences, ensuring that everyone receives relevant information.
Training programmes should be comprehensive, covering the nature of fraud offences, your organisation's prevention procedures, and individual responsibilities. Provide role-specific training that addresses the particular risks and responsibilities associated with different positions. Regular refresher training helps maintain awareness and ensures that new personnel receive appropriate guidance.
Your training should include practical examples and case studies that illustrate how fraud can occur and how prevention measures help protect your organisation. Interactive elements and opportunities for questions help ensure that participants understand the material and can apply it in their daily work.
Monitoring, Review, and Due Diligence
Ongoing Monitoring and Review
Fraud prevention requires continuous monitoring and regular review of your procedures to ensure they remain effective. Establish systematic processes for monitoring key risk indicators, investigating suspicious activities, and assessing the performance of your prevention measures. Regular internal audits help identify weaknesses and opportunities for improvement.
Your monitoring processes should capture both quantitative metrics and qualitative assessments of your fraud prevention programme. Track incident reports, investigation outcomes, and training completion rates while also assessing the overall effectiveness of your prevention culture. Use this information to refine your procedures and address emerging risks.
External developments in fraud techniques, legal requirements, and industry best practices should inform your review processes. Stay informed about new threats and regulatory changes that might affect your organisation. Regular benchmarking against industry standards helps ensure that your prevention measures remain current and effective.
Due Diligence on Associated Persons
Due diligence procedures should be risk-based and proportionate to the level of access and authority granted to different associated persons. Conduct thorough background checks on high-risk individuals and entities, including verification of credentials, references, and financial standing. Regular reviews of ongoing relationships help identify changes that might affect risk levels.
Your due diligence processes should be integrated with your existing procurement and human resources procedures to ensure consistency and efficiency. Maintain detailed records of your due diligence activities, including the rationale for your risk assessments and any follow-up actions taken. This documentation may be crucial in demonstrating the reasonableness of your procedures.
Consider the practical challenges of conducting due diligence on international associated persons, including different legal systems and information availability. Develop procedures that are realistic and achievable while maintaining appropriate standards of scrutiny.
Penalties and Consequences of Non-compliance
Potential Penalties
Organisations found liable under the Failure to Prevent Fraud Offence face unlimited fines that could severely impact their financial stability. These penalties reflect the seriousness with which the law treats corporate fraud prevention failures. The Serious Fraud Office and other prosecuting authorities have indicated their intention to pursue these cases vigorously.
Type of Consequence | Impact |
|---|---|
Financial Penalties | Unlimited fines |
Legal Costs | Investigation and defence expenses |
Reputational Damage | Loss of customer trust and business partnerships |
Regulatory Scrutiny | Increased oversight and compliance costs |
Operational Impact | Restricted business flexibility |
The financial impact extends beyond immediate fines to include legal costs, investigation expenses, and potential civil liability. Shareholders and other stakeholders may seek compensation for losses resulting from fraud-related convictions. Professional and regulatory bodies may also impose additional sanctions on licensed organisations.
The reputational damage associated with a fraud conviction may compromise your organisation's ability to operate effectively. A finding of corporate liability for fraud prevention failures may also affect banking relationships, insurance coverage, and business partnerships.
Broader Consequences
Reputational damage from a fraud conviction can have lasting effects on your organisation's ability to attract customers, investors, and talented employees. Media coverage of fraud cases often focuses on corporate governance failures and management accountability, potentially affecting public perception of your entire industry sector.
Regulatory scrutiny may increase following a fraud conviction, with authorities paying closer attention to your compliance with other legal requirements. This enhanced oversight can increase operational costs and restrict business flexibility. Directors and senior managers may face personal reputational damage that affects their future career prospects.
The impact on employee morale and corporate culture can be significant, with potential effects on productivity and talent retention. Rebuilding trust and reputation following a fraud conviction requires substantial time and resources that could otherwise be invested in business development.
How Litigated Supports Employers
Litigated provides comprehensive support for employers navigating the complexities of the Failure to Prevent Fraud Offence through our Litigated platform. Our expert analysis helps you understand how courts are likely to interpret the new legislation, drawing on extensive case law research and legal precedent analysis. You gain access to practical insights that translate complex legal requirements into actionable business strategies.
Through Litigated, you can access expert insights on corporate governance, compliance frameworks, and risk management strategies specifically tailored to UK legal requirements. Our analysis covers the intersection between employment law and fraud prevention, helping you understand how workforce management practices contribute to effective fraud prevention. This comprehensive approach ensures that your prevention procedures align with both fraud prevention requirements and employment law obligations.
Litigated empowers you to build robust fraud prevention frameworks that protect your organisation while maintaining positive employment relationships. Our practical guidance helps you implement training programmes, develop reporting mechanisms, and establish monitoring procedures that support both legal compliance and effective people management.
Preparing for September 2025: Actionable Steps
Review and Assess
Begin your preparation by determining whether your organisation meets the criteria for a "large organisation" under the legislation. Calculate your employee numbers, annual turnover, and total assets to establish whether the thresholds apply to your business. For group structures, ensure that you assess the combined figures across all entities.
Key assessment steps include:
- Determine if your organisation meets the "large organisation" criteria
- Calculate employee numbers, annual turnover, and total assets
- Conduct a comprehensive fraud risk assessment
- Review existing anti-fraud policies and procedures
- Document current prevention measures
Conduct a comprehensive fraud risk assessment that examines every aspect of your operations. Review your existing anti-fraud policies and procedures to identify gaps and areas for improvement. Consider the full range of associated persons who might present fraud risks, including employees, contractors, agents, and subsidiaries.
Document your current prevention measures thoroughly, as this baseline assessment will inform your improvement efforts and potentially serve as evidence of your commitment to fraud prevention. Engage relevant stakeholders across your organisation to ensure that your assessment captures all potential risks and existing controls.
Implement and Train
"The key to successful fraud prevention lies in proportionate, risk-based procedures that are tailored to each organisation's specific circumstances. One size does not fit all." - Professor Mark Button, Centre for Counter Fraud Studies, University of Portsmouth
Develop a comprehensive fraud prevention plan based on your risk assessment findings. Update your policies and procedures to address identified gaps and ensure compliance with the six principles of reasonable procedures. Establish clear governance structures that assign responsibility for fraud prevention at appropriate levels within your organisation.
Implementation priorities include:
- Develop a comprehensive fraud prevention plan
- Update policies and procedures
- Establish clear governance structures
- Implement a robust training programme
- Create monitoring and review processes
Implement a robust training programme that covers all relevant personnel, with specialised content for higher-risk roles. Establish clear reporting mechanisms that encourage employees to raise concerns about potential fraud. Create monitoring and review processes that keep your prevention framework current and effective.
Seek professional legal advice to ensure that your prevention procedures meet statutory requirements and reflect current best practices. Consider engaging external experts to review your risk assessment and prevention measures, providing independent validation of your approach.
Regular testing and evaluation of your procedures help ensure their continued effectiveness and identify opportunities for improvement. Establish a timeline for implementation that allows adequate preparation before the September 2025 deadline while maintaining business continuity.
Conclusion
The Failure to Prevent Fraud Offence represents a fundamental shift in corporate accountability that will affect large employers across England and Wales from September 2025. Your organisation must understand the scope of this legislation, including the broad definition of "associated persons" and the comprehensive range of fraud offences covered. The statutory defence of reasonable fraud prevention procedures offers protection, but only for organisations that can demonstrate proactive prevention measures.
The potential consequences of non-compliance extend far beyond financial penalties to include lasting reputational damage and operational disruption. However, organisations that embrace this new framework and implement robust prevention measures can strengthen their resilience against fraud while building stakeholder confidence in their governance standards.
Success requires immediate action to assess your current position, identify risks, and implement appropriate prevention measures. The September 2025 deadline provides a clear timeline for preparation, but effective fraud prevention takes time to develop and embed within your organisation. Start your preparation now to ensure that your business is fully protected when the legislation takes effect.
This shift towards greater corporate accountability reflects broader changes in how society expects businesses to operate. Organisations that adapt successfully to these new requirements will be better positioned to thrive in an environment where integrity and transparency are increasingly valued by stakeholders.
FAQs
What Is the Economic Crime and Corporate Transparency Act 2023?
The Economic Crime and Corporate Transparency Act 2023 is comprehensive legislation that introduces the Failure to Prevent Fraud Offence alongside broader reforms to corporate criminal liability. This Act aims to strengthen corporate accountability and transparency by making it easier to prosecute organisations for fraud committed by their associated persons. The legislation reflects growing recognition that traditional approaches to corporate fraud prosecution have proven insufficient to deter fraudulent behaviour.
Does This Offence Apply to Small and Medium-sized Enterprises (SMEs)?
The offence specifically targets large organisations that meet defined size criteria rather than applying to all businesses. SMEs that fall below the thresholds for employee numbers, turnover, and total assets are not directly subject to this legislation. However, the principles of good fraud prevention practice remain relevant for smaller organisations, and they may find value in implementing similar prevention measures on a proportionate basis.
What Are "Reasonable Procedures"?
Reasonable procedures represent the statutory defence available to organisations facing prosecution under the offence. These procedures must be proportionate to the fraud risks faced by your organisation and should follow the six principles outlined in government guidance. The defence requires you to prove that adequate prevention measures were in place when the fraud occurred, with the burden of proof resting on your organisation to demonstrate the reasonableness of your procedures.
Can Senior Managers Be Held Individually Liable Under This Offence?
The Failure to Prevent Fraud Offence creates corporate liability rather than individual liability for senior managers. However, individuals who commit fraud can still face personal prosecution under existing fraud legislation. Senior managers remain responsible for ensuring that their organisations implement adequate prevention procedures, and their failure to do so could result in corporate liability even if they are not personally prosecuted.
Where Can I Find the Official Government Guidance on This Offence?
Official government guidance on the Failure to Prevent Fraud Offence is available through the GOV.UK website, which provides comprehensive information on statutory requirements and reasonable procedures. This guidance includes detailed explanations of the six principles for fraud prevention and practical examples of how organisations can implement effective prevention measures. Regular updates to this guidance may be published as the legislation comes into effect and case law develops.
