How should businesses react to the failure to prevent fraud guidance?

The Economic Crime and Corporate Transparency Act 2023 introduces a new corporate offence: failure to prevent fraud.

This legislation is part of the government’s broader strategy to combat economic crime and reinforce corporate responsibility.

Business owners need to understand the implications of this offence, the required compliance measures, and how to adapt their operational practices effectively.

When does this come into effect?

The offence of failure to prevent fraud will come into effect on 1st September 2025 and earlier this year the government published guidance to assist large companies in preparing for the legislative changes.

The guidance, which outlines six key principles, provides a flexible framework to assist businesses in preventing fraud by anyone associated with it.

Following the publication of the guidance, businesses have a nine-month window to develop and embed comprehensive fraud prevention procedures.

Along with their current risk management frameworks and address any gaps in their systems and processes. The countdown to compliance has begun, and businesses are urged to use this period to prepare.

Government expectations

The government has provided general guidance on compliance, but it expects different sectors to create tailored measures that align with their unique risk profiles. This approach recognises that fraud risks vary significantly across industries, and a financial services firm will need to address different challenges from a retail business.

As such, industry associations and regulatory bodies are expected to play a pivotal role in shaping these tailored guidelines. For instance, financial regulators may advise banks on enhanced due diligence procedures, while retail associations may focus on customer data fraud prevention.

Understanding the offence

The failure to prevent fraud offence applies to organisations where an associated person commits a ‘base fraud offence’, intending to benefit the organisation.  A list of the base fraud offences is outlined in the legislation. An ‘associated person’ includes employees, agents, subsidiaries, or any individual acting on behalf of the company.

However, this list is not exhaustive and anyone who performs services for or on behalf of the company can fall within the definition. This wide scope ensures that all potential conduits for fraud are covered, prompting organisations to scrutinise all external and internal relationships.

To be prosecuted, there must also be a link to the UK, also described as a UK nexus.  It does not matter where in the world the business is based; if the offence has been undertaken by a UK based employee, then the business can be prosecuted.

Only large organisations can be prosecuted for the offence.  A ‘large organisation’ must meet at least two of the following criteria:

• More than 250 employees
• Turnover exceeding £36 million
• Balance sheet total exceeding £18 million

While smaller organisations may not fall under this legal scope at the moment, this could change in the future.

Therefore, adopting robust fraud prevention measures remains advisable as a matter of good practice. Small businesses can still suffer severe reputational and financial damage from fraud, so preventive strategies are valuable across the board.

Fraud prevention measures

The government’s guidance outlines six key principles that organisations should follow to demonstrate that they have taken reasonable steps to prevent fraud. These principles are not prescriptive; instead, they offer a flexible framework that can be adapted to different sizes and types of businesses.

Risk assessments

Conducting regular, thorough assessments of potential fraud risks specific to the business is essential. This involves identifying vulnerabilities in business operations and understanding how fraud could occur. For example, an e-commerce company might assess risks related to payment fraud, while a manufacturing firm may focus on supply chain integrity.

Proportional procedures

The measures put in place should align with the company’s size, nature, and complexity. Smaller organisations might implement simpler controls, such as rigorous invoice checks, while larger corporations may develop more comprehensive anti-fraud systems involving multiple levels of oversight.

Top-level commitment

It is vital that senior management demonstrates a strong commitment to preventing fraud. This could include appointing a senior executive to oversee fraud prevention measures or making public statements that reinforce the company’s stance against fraud. A visible commitment from leadership fosters a culture where employees understand the importance of compliance.

Due diligence

Conducting due diligence checks on associated persons helps mitigate risks. This involves vetting third-party service providers, contractors, and even potential employees to ensure they do not pose a fraud risk. For instance, businesses might introduce background checks for new hires in finance or procurement roles.

Communication and training

Communicating anti-fraud policies effectively and supporting them with regular training sessions is crucial. Employees should be aware of how to identify and report potential fraud. Training should cover practical examples and warning signs relevant to the business sector, to help employees to apply the guidance effectively in their roles.

Monitoring and Review

Implementing a system for regular monitoring and review of anti-fraud measures allows procedures to remain effective and evolve with changing risks. This system can include audits, feedback mechanisms, and updates based on new fraud techniques or business changes.

Practical steps for implementation

Business owners should start by reviewing their anti-fraud strategy that clearly defines objectives, responsibilities, and processes. This strategy should outline how the company plans to meet its legal requirements to prevent fraud. It should also place employees at the centre of the failure to prevent fraud measures.

Employees play a key role in preventing fraud, and business owners should encourage a culture where employees feel comfortable reporting suspicious activity without fear of retaliation. Whistleblower protection policies can be an effective addition to ensure this.

Utilising fraud detection software and automated compliance tools can also strengthen an organisation’s ability to monitor and detect fraudulent activity. Technology can assist in analysing large volumes of data for anomalies and issuing alerts when potential fraud is detected. This strategy should be executed by a dedicated officer or team who can oversee the implementation of these measures and can ensure continuity and accountability. This individual or group should be responsible for coordinating training, monitoring activities, and updating procedures as needed.

Implications for business owners

The introduction of the failure to prevent fraud offence carries significant implications for business owners. If an associated person commits fraud, and the company cannot prove it had reasonable procedures in place, it could face prosecution. This may result in fines, reputational damage, and a loss of business confidence. Therefore, establishing robust fraud prevention measures is not only a compliance requirement but also a strategic one.

Implementing these measures may require changes in company policies, processes, and the allocation of resources. Business owners should anticipate costs related to training, technology investment, and compliance consultancy. However, these expenditures are a long-term investment in safeguarding the organisation’s financial health and legal compliance and should be viewed as such.

The Economic Crime and Corporate Transparency Act 2023 represents a major shift in corporate responsibility, placing a greater onus on organisations to prevent fraud. With the enforcement date set for 1st September 2025, business owners have little time left to align their operations with the new requirements and should look at this as a matter of urgency. By adhering to the government’s guidance, companies can not only prevent fraud but also demonstrate their commitment to ethical practices and foster a culture of transparency and integrity.