Failure to Prevent Fraud

What is the “failure to prevent fraud” offence and why was it introduced? 

The failure to prevent fraud offence is a new corporate liability law created by the Economic Crime and Corporate Transparency Act 2023. It was introduced as part of the UK government’s wider strategy to combat fraud, which has become the country’s most prevalent crime (around 40% of all reported crime). The aim is to hold large organisations accountable if they profit from fraud committed by people working for them and to encourage businesses to actively prevent fraud rather than reacting after the fact. 

Under this offence, a company or partnership can be criminally liable if a person associated with the organisation (for example, an employee, agent, subsidiary or other representative) commits fraud with the intention of benefiting the organisation. Crucially, the company can be prosecuted even if senior management or directors were not involved in or aware of the fraud. In other words, it’s no longer an excuse for a big company to say “a rogue employee did it without our knowledge.” The law effectively forces companies to take responsibility for those acting on their behalf. 

Why introduce this law?  

Fraud can cause enormous damage to victims (including businesses and the public) and was historically difficult to pin on large companies under old laws. Historically, prosecutors often had to prove a “directing mind” of the company (a senior executive) was involved in wrongdoing to convict the company – a high bar that meant many companies escaped liability for employees’ fraud. This new offence makes it easier to prosecute corporations by shifting the focus: if your company benefited from a fraud committed by someone working for you, your company can be punished for failing to prevent it.  

The government hopes this will drive a major shift in corporate culture, similar to the impact of the Bribery Act 2010’s corporate offence (failure to prevent bribery) which prompted companies to adopt stronger anti-bribery compliance. It’s part of a broader fraud-fighting strategy (the government’s 2023 Fraud Strategy) aimed at reducing fraud by boosting prevention and enforcement.  

Who does it apply to? 

Only large organisations are directly in scope of the failure to prevent fraud offence.  

In legislation, a “large organisation” is defined using the two out of three rule: the entity meets at least two of these criteria in its last financial year: 

• More than 250 employees, 
• More than £36 million annual turnover, and 
• More than £18 million in total assets. 

This definition means the offence is aimed at big companies and partnerships. Examples would include large corporations, financial institutions and other sizeable businesses. Smaller and medium-sized enterprises (SMEs) that do not meet the threshold will not be prosecuted for failing to prevent fraud, which should be a relief for small business owners. 

However, smaller organisations should still be aware. First, even if not directly covered, adopting anti-fraud procedures is good practice and protects your business from fraud losses. Second, a smaller firm could indirectly bring a larger partner into scope – for instance, if a small subsidiary commits fraud to benefit its large parent company, the parent (being large) could be prosecuted for failing to prevent it. The government has indicated that even though the law targets large entities, all businesses are encouraged to follow the guidance as best practice to foster an anti-fraud culture.  

In short, the bigger your organisation, the more urgent it is to ensure you have fraud prevention measures in place – and even if you’re not “large”, it’s wise to take fraud prevention seriously. 

What types of fraud are covered by the offence? 

Not every minor wrongdoing will trigger this law – it applies when an “associated person” of the company commits a serious fraud offence with intent to benefit the company. The legislation specifies a list of underlying “fraud offences” (sometimes called the “base offences”) that, if committed, could lead to a charge of failing to prevent fraud.  

These include many of the common fraud crimes, for example: 

• Fraud by false representation – knowingly lying or misrepresenting something to gain an advantage or cause a loss (covered by the Fraud Act 2006). 
• Fraud by failing to disclose information – not telling information when there is a legal duty to disclose it, in order to gain a benefit. 
• Fraud by abuse of position – exploiting a position of trust to commit fraud (for instance, an employee siphoning funds or an adviser misusing client assets). 
• False accounting – dishonestly falsifying or altering accounting records or documents to mislead (for example, hiding losses or inflating profits in company accounts). 
• Fraudulent trading – carrying on a business with intent to defraud creditors or for any fraudulent purpose (often relevant in insolvency scenarios or scam companies). 
• Cheating the public revenue – essentially tax fraud; dishonest conduct intended to deprive the public revenue (HMRC) of funds (this is a common law offence). 

There are other offences in the full list as well, such as obtaining services dishonestly and making false statements by company directors. In practice, if the conduct amounts to fraud or similar dishonesty for the company’s benefit, it is likely covered. 

Example: If a sales agent of a large company engages in dishonest sales practices – say, knowingly misrepresenting a product to customers to meet targets (fraud by false representation) – and this is done to benefit the company (increased sales revenue), the company itself could be prosecuted for failing to prevent that fraud even if upper management didn’t sanction it. Likewise, if an employee hides important information from investors (fraud by failing to disclose) to secure investment for the company, the company could be liable for failing to prevent fraud. Even attempts to cheat tax on the company’s behalf (cheating the revenue) could bring the company into trouble under this offence. 

It’s important to note that individuals who actually carry out the fraud can still be prosecuted for the underlying offence as normal. The new law doesn’t replace or diminish personal criminal liability; rather, it adds additional liability for the company.  agent/employee. 

What do organisations need to do to comply? 

Prevention is key. The good news for businesses is that the law provides a full defence if you can show you had “reasonable fraud prevention procedures” in place at the time the fraud was committed. In simple terms, if your company already did all that could reasonably be expected to stop fraud – and fraud still happened – you shouldn’t be convicted of this offence.  

To comply with the law (and to protect your business from fraud in general), organisations – especially those that meet the “large” criteria – should implement robust anti-fraud measures now. The Home Office has published official guidance (November 2024) outlining principles and examples of what “reasonable prevention procedures” might look like. These guidelines closely mirror the approach taken for anti-bribery compliance. In general, your fraud prevention program should be risk-based and proportionate to the size and nature of your business. 

Some practical steps and best practices for organisations include: 

Risk Assessment: Regularly assess where and how fraud might occur in your operations. Identify your company’s specific fraud risks (e.g. in procurement, sales practices, financial reporting, etc., depending on the industry). Focus on risks posed by associated persons like agents, intermediaries, or high-risk roles. 

Senior Management Commitment: Ensure your leadership is visibly committed to preventing fraud. Senior managers and directors should set a strong “tone from the top” that fraud will not be tolerated. This could include a clear anti-fraud policy or statement, and leadership involvement in overseeing compliance efforts. 

Policies and Controls: Put in place clear anti-fraud policies and practical controls to address the identified risks. Examples: separation of duties in financial processes, approval checks for high-value transactions, due diligence on business partners, and whistleblowing channels for staff to report concerns. These measures should be documented and enforced.

Training and Communication: Train your employees and agents on what constitutes fraud, how to spot red flags, and the importance of ethics and compliance. Regular training (e.g. workshops or e-learning) will help create an anti-fraud culture. Make sure everyone in the company (especially in high-risk roles like sales, finance, procurement) understands the policies and knows how to report suspicions. 

Monitoring and Review: Continuously monitor the effectiveness of your fraud prevention procedures. Conduct audits or compliance reviews to test whether controls are working. Update your procedures as needed – for instance, if you enter a new market or launch a new product line, revisit your fraud risk assessment. The guidance suggests periodic reviews (at least every couple of years) and learning from any incidents or near-misses. 

Due Diligence on Associates: Where you work with third parties (agents, consultants, contractors, or subsidiaries), carry out due diligence to ensure they are trustworthy and understand your anti-fraud expectations. In contracts, consider adding clauses requiring partners to abide by anti-fraud standards. Essentially, know who is acting for you and mitigate any risks they might pose. 

By taking the above steps, organisations not only strengthen their defence against potential prosecution, but also can actually prevent fraud losses and protect their reputation. The key is that your procedures should be proportionate – what is reasonable will depend on your company’s size, sector and risk profile. A multinational financial institution might need very sophisticated fraud analytics and compliance systems, whereas a smaller qualifying company may demonstrate reasonable prevention with simpler but well-targeted controls. The law does not expect zero fraud, but it does expect companies to actively try to stop fraud. Failing to have any adequate safeguards in place is what will put a company at risk. 

What are the consequences of failing to prevent fraud? 

If a large organisation is found guilty of this offence (meaning a fraud was committed for its benefit and the organisation did not have reasonable prevention measures in place), the consequences are serious: 

Criminal Conviction: The company will gain a criminal record. This is a corporate criminal offence, so it does not send individuals to jail (it’s the company that is convicted), but it is nonetheless a crime on the company’s record. For regulated businesses, a criminal conviction can have licensing or regulatory implications. 

Unlimited Fines: There is no fixed maximum fine for corporations convicted of failing to prevent fraud. Courts have the power to impose hefty fines – potentially running into millions of pounds, depending on the scale of the fraud and the harm caused. The fine is meant to punish the company and deter wrongdoing, so it typically corresponds to the severity of the offence. (For comparison, under similar legislation like the Bribery Act, companies have faced very large fines, and the same is expected here for serious cases.) 

Reputational Damage: A conviction for a fraud-related offence can significantly damage an organisation’s reputation and trust with customers, investors, and partners. The fact that the company failed to prevent fraud could signal poor governance or ethical standards. Companies may also be publicly named in press releases by prosecutors (e.g. the Serious Fraud Office or Crown Prosecution Service), which can attract negative media coverage. 

Business Consequences: In the aftermath, the company could face broader consequences: for instance, public or private sector clients might reconsider doing business with a company convicted of a fraud offence. In some cases, companies convicted of certain offences can be barred from tendering for public contracts for a period of time. At the very least, the company will need to invest in improving compliance after the fact, possibly under the watch of monitors or as part of settlement terms (if a Deferred Prosecution Agreement is used). 

Remediation and Investigations: Aside from the sentence, authorities may impose requirements to improve compliance. Also, the process of investigation and prosecution itself is costly and disruptive – law enforcement might raid offices or require extensive document reviews. Management time will be diverted to dealing with the fallout. In short, failing to prevent fraud can be an extremely costly mistake, far exceeding the investment that would have been needed to set up a compliance programme in the first place. 

For individual wrongdoers, as noted, the introduction of this corporate offence does not let them off the hook. The employee or agent who actually commits the fraud will still face the usual penalties for that fraud (which could include imprisonment, for example fraud by false representation can carry up to 10 years in prison). The new law simply means the company may be punished in addition, recognizing that organizations bear responsibility for the environment and controls under which the fraud occurred. 

How does this offence fit into the wider legal landscape? 

The failure to prevent fraud law is the latest step in a broader trend towards corporate accountability for economic crime.  

Over the past 15 years, the UK has introduced several “failure to prevent” style offences and other laws to make it easier to prosecute companies for misconduct: 

Bribery Act 2010 (Failure to Prevent Bribery): This made companies liable if they failed to prevent bribery by persons associated with them. It introduced the concept of an adequate procedures defence. This pushed companies to implement anti-bribery compliance programmes. The new fraud offence is very much modeled on this approach. 

Criminal Finances Act 2017 (Failure to Prevent Facilitation of Tax Evasion): Similarly, this law holds corporations liable if they do not prevent their employees or agents from facilitating tax evasion by others. It also uses a defence of having reasonable prevention procedures. Together with the bribery offence, it signaled that companies must proactively stop financial crimes. 

Corporate Manslaughter and Homicide Act 2007: While not a “failure to prevent” offence, this Act made companies criminally liable for deaths caused by gross management failures in health and safety. It reflected the idea that a company’s culture and controls (or lack thereof) can lead to tragic outcomes and that the company should be held to account. 

Economic Crime Plan and Reforms: The government’s recent policies, including the Fraud Strategy 2023 and the provisions of the Economic Crime and Corporate Transparency Act 2023, are part of a continuum focusing on combating economic crime (fraud, money laundering, corruption). The failure to prevent fraud offence came out of this agenda. It shows lawmakers responding to concerns that fraud was too easy to get away with, especially in large organizations, and that a tougher approach was needed to protect the public and the integrity of markets. 

All these “failure to prevent” offences share the same underlying principle: a form of strict (or vicarious) liability for companies, balanced by a due diligence defence. For businesses, this means that having strong compliance programs is not just good practice but increasingly a legal necessity. 

UK authorities (like the Serious Fraud Office and HMRC) now have more tools to deal with corporate crime. A company can no longer hide behind complex management structures to avoid liability – if someone acting for the company commits bribery, facilitates tax evasion, or now commits fraud, the company itself can be prosecuted. This pushes companies to create an ethical, law-abiding corporate culture. The introduction of the failure to prevent fraud offence is being seen as heralding a new era of corporate accountability for fraud, much as the Bribery Act did for corruption. 

It’s also worth noting that along with new offences, official guidance is available to help organisations understand expectations. The government’s fraud prevention guidance (issued in November 2024) provides detailed advice in line with the six principles (Governance/Tone at the Top, Risk Assessment, Due Diligence, Policies/Controls, Training & Communication, and Monitoring & Review).  

Businesses should consult such resources – and seek professional advice (if needed) to ensure they meet the standard of “reasonable procedures” and thereby protect themselves. 

Contact Olliers Solicitors – specialist fraud lawyers 

If you or your company face investigation or prosecution under the failure to prevent fraud law – or any fraud or business crime matter – please contact Matthew Claughton or one of our team at Olliers Solicitors – we can help. 

We are ranked as a Top Tier Crime and Fraud Firm by the Legal 500 2026 as well as Chambers Directory 2026. We are a Times Top 200 law firm 2026. We are the current Manchester Legal Awards Crime Team of the Year, an award we have won seven times since 2011 in the space of just over 10 years. 

We have a team of over 25 defence lawyers. Eight of our Partners are recommended Legal 500 lawyers, including Matt Corn, Gareth Martin, Toby Wilbraham and Richard Cornthwaite. Our Managing Director, Matthew Claughton is a recent Legal 500 Northern Powerhouse Criminal Lawyer of the Year. 

We have offices in both London and Manchester, and our specialist team of fraud defence lawyers can advise and represent you in relation to your case. Whether you need urgent guidance on an investigation, or advice on strengthening your fraud prevention processes, our experienced team is here to assist. Get in touch with us today for confidential legal support.

Fraud Articles