Failure to prevent fraud: What HR teams need to know

A new corporate offence has arrived – and HR is on the frontline of compliance.

On 1 September 2025, the failure to prevent fraud offence under section 199 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) came into force. For HR professionals still implementing policies to meet the duty to prevent workplace sexual harassment, this introduces an additional compliance responsibility.

Most HR professionals will be familiar with the failure to prevent bribery offence under the Bribery Act 2010. The new fraud offence extends this approach: companies must now guard against a broad range of fraud offences committed by employees, agents, subsidiaries, or others acting on their behalf.

Enforcement is ramping up

The Serious Fraud Office, under Director Nick Ephgrave, has signalled a more aggressive enforcement approach:

“You’ve got a very, very hungry director of the SFO that is determined to find out. I’m pushing for whistleblowing. I’m pushing for people to come forward. I’m using more covert tactics. I’m getting into your boardrooms.” Army of undercover agents to target boardroom crooks Daily Telegraph 19 June 2025

Since taking up his role, Ephgrave has a higher enforcement rate than any previous director of the SFO: strengthening fraud prevention and compliance cannot wait.

What is the failure to prevent fraud offence?

A “large organisation”, as defined in ECCTA, is guilty if:

• an "associated person" (that is any employee, agent, or person who performs services for or on behalf of the company);
• commits one of 7 fraud offences (listed in Schedule 13 ECCTA);
• intended to benefit the organisation; and
• the organisation does not have reasonable fraud-prevention procedures in place.

Key points

• Senior personnel do not need to have been involved in the fraud for the offence to bite.
• Penalties are severe: unlimited fines, often calculated as a multiple of turnover.
• If the fraud is intended to benefit the individual themselves, the new offence will not be triggered.

Who does the offence apply to?

The offence applies to organisations meeting at least two of the following criteria in the previous financial year, globally.

• More than 250 employees.
• Turnover above £36 million.
• Total assets above £18 million.

Subsidiaries of large organisations may also be caught, even if they do not meet the thresholds themselves.

Is there a defence?

A company can avoid liability by demonstrating it had reasonable procedures in place to prevent fraud, tailored to the organisation’s specific risks, structure, and operations. Even if fraud occurs, the company may rely on the defence if procedures were reasonably designed to prevent fraud. Government guidance on reasonable procedures published in November 2024 strongly recommends targeted, evidence based, but proportionate, measures designed to prevent fraud.

A tailored defence: key elements

• Evidence-based risk assessments: regularly evaluate areas most vulnerable to fraud using internal reports, historical incidents, and industry data.
• Comprehensive policies: include whistleblowing, reporting channels, investigation processes, and mandatory training for employees and associated persons, consistent with the guidance.
• Implementation and monitoring: policies must be actively applied, monitored, and updated to maintain effectiveness, as emphasised in the Government’s guidance.
• Demonstrable effectiveness: companies must be able to evidence that prevention policies and procedures are informed by a robust risk assessment and effectively implemented and monitored.

The SFO’s recently updated guidance to corporate co-operation also highlights the importance of cooperation and transparency during investigations, which can strengthen a company’s position if procedures are challenged. Similarly, in Scotland, the self-report scheme introduced in response to the bribery offences has been extended to failure to prevent fraud offences and places a similar emphasis on cooperating and being fully transparent in investigations.

Policies are expected to be reasonable, not perfect. The new offence is designed to inspire systemic, cultural change to combat economic crime, and companies are expected to devote proportionate time and resource in designing policies to prevent it.

Why this matters for HR

HR sits at the heart of governance and culture. People teams are often the first to hear of concerns or spot red flags, whether via grievances, whistleblowing, or informal reports. How HR responds to such concerns can determine whether a matter is quickly resolved or escalates into a criminal investigation.

HR also plays a crucial role in helping to shape culture: embedding compliance, building trust in reporting systems, and ensuring staff understand expectations – making HR key to the organisation’s defence.

Practical HR actions

HR can play a decisive role in supporting the reasonable procedures defence:

1. Evidence-based risk assessments: identify fraud vulnerabilities and help tailor anti-fraud measures.
2. Review and update policies: keep whistleblowing, disciplinary, and conduct policies current, and implemented by targeted training and risk-based monitoring.
3. Investigations and whistleblowing: an anti-fraud programme is only as strong as the procedures which underpin it. HR teams often sit at the heart of corporate investigations, and are well placed to guide and support the development of fraud focussed measures, addressed in more detail below.
4. Cross-functional coordination: work closely with the Finance, Risk, Audit, and Communications functions for consistent implementation.
5. Training and awareness: ensure mandatory fraud-prevention training and reinforce ethical standards.
6. Recruitment and third-party oversight: evaluate and where necessary enhance processes for vetting high-risk roles and appropriate monitoring of employees, contractors, and agents.
7. Culture from the top: support leaders in promoting compliance and transparency; encourage prompt escalation (SFO guidance).

Taking these steps enables HR to evidence the organisation’s “reasonable procedures”, reinforce its statutory defence, and foster a culture of integrity.

HR should also assess the impact of the new offence on business as usual HR activities — for example, whether it may be a relevant factor in determining the appropriateness of suspension in particular cases. Practical measures might include robust recruitment screening, conflict-of-interest declarations, and training designed to build a culture of integrity and accountability, with clear guidance on identifying and raising fraud-related whistleblowing concerns. HR teams may also need to identify high-risk roles — such as those with financial control or decision-making authority — and conduct periodic risk assessments to ensure effective segregation of duties. Within certain business functions, monitoring for potential fraud indicators, including unexplained absences, resistance to oversight, or patterns of non-compliance, may be appropriate. Finally, the effective management of fraud investigations, including the prompt revocation of system and data access, will be critical to mitigating ongoing risk.

What’s coming next for corporate compliance?

In addition to the new failure to prevent fraud offence, ECCTA also expanded the power to prosecute companies for economic crimes more broadly. Further reforms are expected in 2026 which will expand the power to prosecute companies for all offences, not limited to economic crime. These new powers introduce strict liability for companies where senior managers commit economic crimes. This applies to all businesses regardless of size and has no “reasonable procedures” defence, but strong prevention systems will still mitigate risk, and may assist organisations with any defence when facing criminal prosecution.

The SFO continues to expand its use of investigatory and asset recovery powers, signalling that active monitoring and early action remain essential.

Why act now?

HR is increasingly at the coalface of corporate compliance, whether it is the duty to prevent sexual harassment, ongoing implementation of anti-bribery and corruption measures, ensuring whistleblowing is handled correctly, or helping implement measures to avoid corporate criminal liabilities. Employers in some sectors such as life sciences, media and financial services face even more regulatory oversight.  Further changes are also anticipated in corporate compliance and HR legal matters once the Employment Rights Bill (ERB) receives Royal Assent and its changes implemented over the next two years. For more information on the ERB, please visit the CMS Employment Rights Bill Hub.

How can CMS help?

CMS works with HR, compliance, and leadership teams, drawing on expertise in both employment and criminal law, to prepare for the new offence in the following ways.

• Identifying high-risk business areas.
• Supporting policy updates, implementation and training delivery.
• Reviewing/drafting contractual wording to ensure a robust anti-fraud stance is reflected in an organisation’s relationship with all of those who may meet the definition of an “associated person”.
• Guiding internal investigations while protecting legal privilege where this is desirable.

Preventing fraud is not just a finance or compliance task – it is a people and culture challenge, and HR is at the heart of the solution.