29/08/2025

Failure to Prevent Fraud (“FTPF”) is a new offence which is in force from 1 September 2025. It aims to make it easier to prosecute commercial organisations that have benefitted from fraudulent offences. With fraud being the most common crime type in the UK, amounting to around 40% of all crime in England and Wales, these new measures are part of a wider government ambition to reduce fraud and protect potential victims, including business victims.

The new regime is governed by the Economic Crime and Corporate Transparency Act 2023 (the “Act”). Section 199 of the Act dictates that a large organisation is guilty of an offence if an ‘associated person’ commits a fraud intended to benefit the organisation, and importantly, the organisation does not have reasonable procedures in place to prevent the fraud. 

What is fraud?

Fraud offences are listed in schedule 13 of the Act and the list is extensive. This list is known as the ‘Base Fraud Offences’ and it covers aspects such as false accounting, false statements by company directors and fraudulent trading, to name but a few. The full list can be found here

Importantly, it is enough to aid, abet, counsel or procure the commission of such a fraud offence to be guilty of the FTPF. 

Defining a large organisation

For the purposes of this offence, a large organisation is a company that meets at least two of the following criteria: 

  • More than £36 million in turnover
  • More than £18 million in total assets; or
  • More than 250 employees

This applies to the entire organisation, which includes its subsidiary undertakings. 

Who / what is an associated person?

An associated person can be an employee, agent or subsidiary undertaking of the large organisation. It can also be a person providing services for or on behalf of the organisation. The definition is wide-ranging in that it is possible for a subsidiary to commit a fraud offence, with the intention of benefitting the parent company, its clients, or the subsidiaries of its clients. 

Benefitting from the fraud offence 

The large organisation does not necessarily have to benefit from the fraud offence. Prosecutors will be looking at whether the associated person intended that it benefit from the fraud. This intention does not need to be the sole or dominant motivator behind committing the fraudulent offence. The intended benefit can take different forms and need not be financial. 

Jurisdiction- when and where?

The offence has extraterritoriality which means that it will apply to large incorporations outside the UK and there are instances where the offence can apply even if the fraud offence was committed outside the UK but has a UK connection. 

The fraud offence and its intended benefit need to occur in the same financial year of the large organisation. 

The Defence - Reasonable procedures to prevent the occurrence of fraud

FTPF is a strict liability offence. This means that a prosecutor does not need to prove that the large organisation knew of the fraud offence taking place, and a large organisation can be liable even if it did not know that an associated person committed a fraud offence, with the intention to benefit it. 

An organisation will not be guilty if it can show that at the time the fraud offence was committed, it either had in place adequate prevention procedures or, the circumstances dictate that it wasn’t reasonable to expect it to have any prevention procedures in place (section 199(4) and (5) of the Act). 

The reasonableness of procedures will depend on the level of control, proximity and supervision the organisation is able to exercise over a particular person acting on its behalf. 

We examined the guidance, and the relevant organisations should be informed by the following six principles: 

  1. Top Level Commitment - This principle is aimed at those who govern large organisations. The board of directors, partners and senior management of the large organisation should be committed to preventing associated persons from committing fraud. There is an emphasis on culture in the organisation which must be explicit that fraud is never acceptable. 
  2. Risk Assessment - The organisation should assess the nature and extent of its exposure to the risk of employees, agents and other associated persons committing fraud in scope of the offence. The risk assessment should be dynamic, documented and regularly reviewed.
  3. Robust but proportionate risk-based prevention procedures – An organisation’s procedures to prevent fraud by persons associated with it are proportionate to the fraud risks it faces, and to the nature, scale and complexity of the organisation’s activities.
  4. Due Diligence – The organisation applies due diligence procedures, taking a proportionate and risk-based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified fraud risks. 
  5. Communication (including training) – The organisation seeks to ensure that its prevention policies and procedures are communicated, embedded and understood throughout the organisation. Training and maintaining training are key.
  6. Monitoring and Review – Organisations should monitor and review its fraud detection and prevention procedures and make improvements where necessary. This includes learning from investigations, whistleblowing incidents and reviewing information from its own sector. 

These principles are intended to be flexible and outcome focused, allowing for the huge variety of circumstances that large organisations find themselves in. They reflect the principles in the UK Bribery Act Guidance for the similar offence of failing to prevent bribery which has been in existence since 2010. 

Organisations may wish to consider implementing the following:

Communication and endorsement of the organisation’s stance on preventing fraud 

Effective formal statements to demonstrate the commitment by senior managers with the organisation, could include the commitment to reject fraud, articulation of the business benefits of rejecting fraud, articulation of relevant bodies and policies, as well as naming the key individuals involved in the fraud prevention procedures.

Training and whistleblowing 

Training should be proportionate to the risk faced, with specific training for those in high-risk posts. It is good practice to monitor its effectiveness and engagement levels. Training should include ensuring that staff and associated persons are familiar with whistleblowing policies. Transparency International states that whistleblowing is one of the most effective ways to uncover corruption, fraud, mismanagement and other wrongdoing.  

Clear governance across the organisation in respect of the fraud prevention framework, including a fraud prevention plan 

In some organisations, senior management should be personally involved in the design and implementation of fraud prevention measures. Best practice should include designated responsibility for horizon scanning of new fraud risks, approving the assessment of risk, developing and implementing fraud detection measures and enabling senior managers to understand the risk and the effectiveness of fraud prevention procedures.

An organisation should consider publishing a fraud prevention plan. This should be proportionate to the risk and potential impact. The plan should take into account the level of control and supervision that the organisation is able to exercise over a particular person acting on its behalf. To avoid duplication of work, organisations should assess whether their existing regulatory compliance mechanisms, financial reporting controls and fraud prevention measures would be sufficient to prevent each of the fraud risks identified in the risk assessment. 

Risk factors to assess in order to reduce the opportunity for fraud include pre-employment and vetting checks, anti-fraud training, assessment of emerging risks, fraud impact assessments, financial reporting, audit concerns and conflict of interest procedures. 

Due Diligence 

Relevant organisations should conduct due diligence on associated persons. This could entail using appropriate technology such as screening tools, checking trading history/professional/regulated status, reviewing contracts with those providing services and agencies and monitoring well-being of staff and agents to identify persons who may be more likely to commit fraud.

In relation to M&A’s, best practice includes using third party merger and acquisition tools, assessment of criminal/regulatory charges, assessment of tax documentation and the firm’s exposure to risks. 

Monitoring and Review 

Monitoring includes the detection of fraud and attempted fraud, investigations and monitoring the effectiveness of fraud prevention measures. Questions to consider include:

  • What analysis is carried out (for example on procurement/payments/invoicing)? How quickly are discrepancies flagged and to whom?
  • What processes are in place for detecting unauthorised access to data?
  • What data analytics tools are used? Is there scope for use of AI to identify potential frauds?
  • What encouragement is there for staff to speak up about fraud-related concerns? Speaking up early prevents small ethical problems snowballing into criminality.
  • What are the organisation’s whistleblowing procedures?
  • What factors would trigger an investigation? Who authorises the investigations?
  • Are decisions to investigate documented?
  • What factors determine whether the investigation is internal or whether an external investigator is appointed? What arrangements are in place to ensure that internal investigations are independent?

Identifying typologies of associated persons 

Using these typologies, nominated risk owners in the organisation may then consider a wide range of circumstances under which associated persons could attempt a fraud in scope of the offence. It is recommended that nominated risk owners develop typologies of risks by considering the three elements of the fraud triangle: opportunity, motive and rationalisation. 

Sanctions

Section 199(12) sets out the sanctions. Should a large organisation be found guilty of FTPF, it can face unlimited fines. The amount will be determined by the court, who will consider all the circumstances. The full guidance on the FTPF offence can be found here.

Need further help?

Our Corporate Crime team at Bevan Brittan is well positioned to assist your company in dealing with this new offence and can provide further advice on the how to avoid your organisation falling foul. 

Louise Mansfield high res
Rahimeen Abbas

Our use of cookies

We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. We won't set optional cookies unless you enable them. Using this tool will set a cookie on your device to remember your preferences. For more detailed information about the cookies we use, see our Cookies page.

Necessary cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics cookies

We'd like to set Google Analytics cookies to help us to improve our website by collection and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone.
For more information on how these cookies work, please see our Cookies page.