Open navigation
Search
Search
All Expertise
Explore our breadth of expertise.
International Desks
Helping you access overseas markets with support from our country and region-specific experts.
Sectors View all
Practice Areas View all
Offices
Discover the scope of our presence in the jurisdiction.
Global Reach
Learn about our capabilities beyond borders.
CMS United Kingdom
All Insights
Leverage our expert analysis, intelligence and thought leadership for your strategic advantage.
Personalised updates
Receive tailored insights and intelligence that apply directly to your business.
Topics in Focus View all
Insights by type
CMS Spotlight: join our events and webinars!
CMS News
Stay up to date with our growth, evolution and our many successes.
CMS Press Office
Contact us
For all general enquiries.
About CMS
CMS Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
Legal Update

New corporate failure to prevent fraud offence in force – are you compliant?

01 Sep 2025 United Kingdom 5 min read

Introduction  

The new corporate offence of failing to prevent fraud came into force today, 1 September 2025.  The offence was introduced by the Economic Corporate Crime and Transparency Act 2023 (“ECCTA”), which brought into effect not only the new corporate offence, but a raft of other changes to the way in which corporate criminal liability works for financial crimes in the UK. 

This legislation and the new offence mark a significant shift in the landscape for corporate crime compliance in the UK.  Large organisations to which the offence applies should make sure they have reasonable prevention procedures in place to mitigate their fraud risk, as well as the financial and reputational damage that can flow from a conviction.

This briefing provides a high-level summary of the offence, as well as the reasonable procedures defence and what large organisations should be doing to mitigate their fraud risks.

What is the New Offence?

The failure to prevent fraud offence makes it a criminal offence for certain organisations to fail to prevent fraud committed by employees, agents, or associates for the organisation’s benefit. This means that companies and partnerships can be prosecuted if a person associated with them commits fraud to benefit the organisation, and the organisation did not have reasonable procedures in place to prevent such conduct.

Who Does It Apply To?

The new offence applies primarily to large organisations, including companies, partnerships, and other relevant entities incorporated in the UK or carrying on business in the UK. The government’s definition of “large organisation” is aligned with established thresholds under the Companies Act 2006 such as annual turnover, number of employees, and balance sheet totals.

What Constitutes “Fraud”?

For the purposes of this offence, “fraud” encompasses a range of economic crimes, including but not limited to:

  • False representation
  • Failure to disclose information when there is a legal duty to do so
  • Abuse of position
  • Obtaining services dishonestly
  • Cheating the revenue

If any of these offences are committed by a person acting on behalf of the organisation, and the organisation did not have reasonable preventative measures in place, the organisation could be held criminally liable and face an unlimited fine.

Defences Available to Organisations

The only defence available for organisations is to demonstrate that they had “reasonable procedures” in place to prevent fraud.  The government has published guidance for affected organisations, which follows the same six principles as applied to the other failure to prevent corporate offences under the Bribery Act 2010 and Criminal Finances Act 2017 (see our previous LawNow on the guidance here: Failure to prevent fraud offence: “reasonable procedures” guidance published and the countdown begins).

As with the other failure to prevent corporate offences, there is no legal requirement for organisations to put in place policies and procedures to cover fraud risks. However, only those that do may later raise a reasonable procedures defence.  Equally, organisations are not required to prevent every incident of fraud; rather, they must show they took reasonable steps to prevent it. If an organisation can demonstrate that it assessed its fraud risks and implemented robust anti-fraud measures, it may be able to avoid liability even if a fraud is perpetrated.

The government guidance makes clear the government’s expectations that large organisations:

  • Risk assessment: Identify and assess their fraud risks through a specific fraud risk assessment, which is to be revisited and revised on a regular basis.
  • Proportionate procedures: Tailor their anti-fraud policies and procedures to mitigate the specific fraud risks faced by the business.
  • Top-level commitment: Ensure senior management are leading by example and are committed to preventing fraud.
  • Due diligence: Conduct proportionate and risk-based due diligence on persons who perform or will perform services for on behalf of the organisation, including employees and external third parties.
  • Communication: Publicise internally and externally the organisation’s fraud prevention policies, including through training and encouraging a speak up culture.
  • Monitoring and review: Keep fraud assessment and prevention on the agenda through regular monitoring and updating of risk assessments, whistleblowing reports and controls.

Conclusion

The new corporate failure to prevent fraud offence marks a significant shift in the corporate compliance environment in the UK, effectively imposing a duty on large organisations to manage their external fraud risk. With the law coming into force on 1 September 2025, organisations should make sure that to the extent they have not already done so, they identify their fraud risks, review their procedures, train staff, and ensure they are prepared.

For further information and tailored guidance, please contact our corporate crime team.

More insights
Reputation & Defamation Dispute Resolution Fraud and Asset Recovery Risk & Investigations

Explore more

Expert Guide International

International arbitration law and rules in England and Wales

76 min read
Publication United Kingdom

Regulation nation?

15 Jan 2026 1 min read
Event United Kingdom

IP Insights webinar series 2026

28 Apr 2026
Back to top Back to top
Warning: Fraudulent emails and messages
Find out more.
Law-Now, RegZone, LEXplicite and Blogtt have moved to CMS.law. LawNow have moved to CMS.law. LEXplicite have moved to CMS.law. Blogtt have moved to CMS.law.
Learn more Learn more Learn more
If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.