Failure to prevent fraud offence: what should companies do now?

Following the publication of government guidance in November 2024 the failure to prevent fraud offence, introduced by the 2023 UK Economic Crime and Corporate Transparency Act (ECCTA), will come into force on 1 September 2025.

Key elements of the Failure to prevent fraud offence

Outward fraud focus: the offence requires companies to focus on fraud committed by an associated person (i.e. an employee/agent/supplier etc.) for the company’s benefit (commonly referred to outward fraud). It does not cover the more traditional concept of fraud committed against the company (inward fraud).

Reasonable procedures: in the case of outward fraud being committed, it is insufficient for organisations to rely on the defence that they were unaware of the fraudulent offence taking place. They will need to demonstrate instead that they had “reasonable fraud prevention procedures” in place.

Reform of corporate liability: the ECCTA reforms the identification doctrine. Previously the “directing mind and will” of a company needed to be identified for corporate liability to be attributed; this has now been changed to a “senior manager” of the company. The term has a flexible application and encompasses anyone significantly involved in making decisions or managing and organising a substantial part of the organisation’s activities.

Government guidance to comply with ECCTA

As described in our previous blog linked here, the published government guidance presents the measures which in-scope companies should adopt to form the basis of their reasonable procedures. These are set out below.

Top-level commitment: this involves fostering a clear tone from the top from the directors and senior management of the company. Management is expected to communicate the company’s fraud stance actively, establish governance and ownership for fraud prevention and review the company’s fraud procedures to ensure these meet the requirements of the new offence.

Risk assessment: the offence requires companies to evaluate the nature and extent of their exposure to fraud risks, ensuring that their risk assessment takes into account outward fraud which benefits the company. Assessments should consider the opportunity, motive and means for committing this kind of fraud.

Proportionate risk-based fraud prevention procedures: based on the results of their risk assessment companies are then required to develop a fraud prevention plan with procedures to mitigate the identified fraud risks. These procedures should be proportionate to the risks identified, should focus on the opportunity, motive and means for committing fraud and should ensure that there are adequate fraud detection mechanisms in place.

Due diligence: this involves reviewing due diligence measures to ensure that these cover outward fraud sufficiently. Again, due diligence measures should be proportionate to the risks identified and should consider the company’s possible level of control and supervision over the subject of the due diligence (i.e. it will be easier to monitor employee behaviour than supplier behaviour, for example).

Communication and training: companies are expected to communicate actively and raise awareness on their expectations, policies and procedures regarding fraud prevention. This should involve training employees, particularly those in higher-risk positions, and encouraging an open speak up culture.

Monitoring and review: the guidance expects companies to monitor the efficacy of their fraud prevention procedures, given that the nature of the risks faced by companies will evolve. Fraud prevention procedures may need adapting in the future in line with the company’s changing risk profile.

What should in-scope companies do to prepare for ECCTA compliance?

Avoid duplicating efforts: the first thing to do is to take stock and consider what procedures are already in place across the business (this may involve existing ABC, financial crime and risk management procedures) and assess what can be adapted to include fraud prevention and detection.

Ensure that outward fraud is covered: whether adapting existing procedures or establishing new ones, it is vital to make sure that these adequately cover outward fraud (i.e. the fraud that benefits the company), which is the fraud covered by the new offence.

Widen the scope of the risk assessment: the failure to prevent fraud offence includes a range of types of offence, including:

• false representation,
• false accounting and false statements,
• participation in a fraudulent business, and
• cheating the public revenue.

When conducting a fraud risk assessment companies should consider the business activities and functions where these fraud offences could occur, including sustainability and financial reporting, advertising and sales, procurement, due diligence and human resources.

Assign clear ownership for fraud prevention: companies should establish clear fraud governance. While often fraud sits under finance teams, companies should not lose sight of the importance of assigning responsibility for fraud across other areas of the business so that it is considered in all the relevant processes, including ESG and investor reporting, advertising and communications.

Identify and train senior managers: companies should map the individuals who under the new offence can be defined as the company’s senior managers and should set about training them. Mapping should identify higher-risk roles (for example, in finance and procurement) and training should be tailored to address the specific fraud risks faced in these functions.

How GoodCorporation can help

We work with companies to assess their readiness for compliance with the failure to prevent fraud offence, helping them to identify gaps in their fraud management programme, where their risks lie, and how these can be addressed. We use our GoodCorporation Framework on Preventing Fraud to do this, which has been updated to be fully aligned with the government guidance. For more information see our fraud prevention services webpage or contact us by clicking the button below.