Is your business prepared to prevent corporate fraud?

Since the implementation of the “failure to prevent fraud” offence in September 2025, companies and partnerships may be held criminally liable where a specified fraud offence is committed by an employee, agent, subsidiary or person associated with the organisation, with the intention of benefitting the organisation or its clients.

It does not need to be shown that senior managers or directors were involved in or aware of the fraud.

Organisations found liable of this new offence may face an unlimited fine.

It’s therefore essential that relevant organisations have – or put in place – suitable prevention procedures. Doing so may provide a defence to the offence.

The specified fraud offences are listed in Schedule 13 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA 2023) and include:

• Participation in a fraudulent business
• Obtaining services dishonestly
• Cheating the public revenue
• False statements by company directors.

Aiding, abetting, counselling or procuring the commission of any of these offences also qualify.

The offence applies to both UK-based organisations and those based abroad (provided there is a sufficient connection to the UK) if they meet two of the following thresholds in the financial year preceding the year of the offence (as per section 201 ECCTA 2023):

• More than 250 employees
• More than £36 million turnover
• More than £18 million in total assets.

If your organisation does not currently meet the criteria, consider whether it might do so in the future – for example, following a merger, restructure, or acquisition.

The criteria can also be applied at group level, meaning turnover includes other companies within the organisation’s group. All organisations within the group are in scope if the test is satisfied on a group-wide basis.

Defence

In the event of prosecution, it’s a defence for the organisation to prove that, at the time the fraud offence was committed:

• It had in place such prevention procedures as it was reasonable in all the circumstances to expect
• It was not reasonable in the circumstances to expect the organisation to have any prevention procedures in place.

It’s the responsibility of the organisation to prove, on the balance of probabilities, that it had reasonable procedures in place to prevent fraud at the time the offence occurred.

To constitute “reasonable prevention procedures”, Home Office guidance highlights that the fraud prevention framework should be informed by the following six principles:

• Top-level commitment
• Risk assessment
• Proportionate risk-based prevention procedures
• Due diligence
• Communication, including training
• Monitoring and review.

HCR Law can provide practical sessions for corporate clients on a range of white-collar crime topics. These can be selected as a standalone seminar or as part of a fully curated risk and compliance training programme.