Failure to Prevent Fraud: A wake-up call for UK business leaders

By Georgina Swain
Contributor
Published 19th Jun 2025, 13:40 BST
Updated 19th Jun 2025, 13:44 BST
On September 1, a new chapter in UK corporate accountability begins. The Failure to Prevent Fraud offence, introduced under the Economic Crime and Corporate Transparency Act 2023, will come into effect – and it represents one of the most significant shifts in corporate criminal liability in decades.

While the term may sound technical, the implications are simple and stark: if an employee, agent or subsidiary commits fraud for the benefit of your business – even without your knowledge – your organisation may be held criminally liable unless you can prove that “reasonable procedures” were in place to prevent it.

In today’s risk-laden commercial landscape, this legislation is more than a compliance challenge. It’s a call for leadership.

What Is the Failure to Prevent Fraud Offence?

Hide Ad
Hide Ad
What matters is whether the business can demonstrate it took its fraud prevention responsibilities seriously.placeholder image
What matters is whether the business can demonstrate it took its fraud prevention responsibilities seriously.

This new offence is designed to make large businesses more accountable for the actions of those operating on their behalf – referred to in law as "associated persons." This includes:

  • Employees
  • Subsidiaries
  • Agents
  • Other parties acting for or on behalf of the company

If one of these associated persons commits a specified fraud offence – such as fraud by false representation, false accounting, or abuse of position – and it benefits the business or its customers, the business may face prosecution.

The only defence? That the business had reasonable procedures in place to prevent such fraud.

Ken Dulieu leads Capcon Argen, providing discreet intelligence services to help clients manage risk and protect their interests.placeholder image
Ken Dulieu leads Capcon Argen, providing discreet intelligence services to help clients manage risk and protect their interests.

Why This Matters

This legislation places the burden firmly on organisations to be proactive. Critically, the offence is one of strict liability, meaning the prosecution does not have to prove means REA (intent). The company is automatically liable for fraud committed by an associated person, unless it can prove reasonable procedures to prevent the fraud were in place. What matters is whether the business can demonstrate it took its fraud prevention responsibilities seriously.

Hide Ad
Hide Ad

As someone who has spent decades advising organisations on risk, governance and operational control, I welcome this change. Not because it adds pressure, but because it raises standards.

Government Guidance: What Counts as “Reasonable Procedures”?

In November 2024, the UK government published general guidance to help businesses understand what constitutes reasonable procedures. The guidance is principles-based and aligns with existing models used for other “failure to prevent” offences.

The six principles are:

  1. Top-Level Commitment – Senior leaders must set the tone from the top.
  2. Risk Assessment – Identify, evaluate and prioritise potential fraud risks.
  3. Proportionate Procedures – Procedures must reflect the size, sector, and risk profile of the business.
  4. Due Diligence – Know who you’re working with, both internally and externally.
  5. Communication and Training – Staff must be equipped to understand and act.
  6. Monitoring and Review – The effectiveness of policies should be kept under review and evolve alongside business operations and emerging risks.

Practical Steps Businesses Must Take Now

The good news is that businesses still have time to prepare — but time is running out. Here’s how to get started:

1. Review Existing Anti-Fraud Controls

Hide Ad
Hide Ad

Examine your current framework. Does it extend to risks in relationship of associated persons to the business? Are fraud risks documented and understood? Are whistleblowing mechanisms functioning? What’s the incident history? Can the existing framework be enhanced to address this new offence?

2. Conduct a Fraud Risk Assessment

Identify areas of the business most susceptible to fraud. Does framework cover third party suppliers who might be considered “associated persons”? This might include procurement, cash handling, high-pressure sales environments, or remote operations.

3. Implement or Enhance Reasonable Procedures

Controls should include segregation of duties, transaction-level monitoring, approval thresholds, due diligence checks, and reconciliation routines.

4. Train Your People

Fraud prevention is everyone’s responsibility. Invest in targeted training that goes beyond awareness and into practical application, but also check whether third parties are “associated persons”. Are they taking adequate steps including training, sufficient to prevent fraud. I.e. part of your risk assessment might be: are you satisfied those acting on your behalf are doing enough to prevent fraud?

5. Document and Audit Everything

Hide Ad
Hide Ad

Your strongest defence is a clear audit trail: risk assessments, policy updates, training logs, and internal communications that show proactive engagement.

6. Engage Legal and Compliance Support

Ensure your approach is aligned with both the letter and the spirit of the law. This may involve specialist counsel, internal audit, or third-party assurance providers.

Examples of Reasonable Procedures in Action

  • Pre-employment and post-employment screening: verifying credentials, experience, and any past criminal conduct.
  • Supplier vetting: applying due diligence not just on pricing, but on ethics and compliance histories.
  • Incident reporting hotlines: giving staff the tools to report concerns anonymously and safely.
  • Segregation of duties: ensuring no single individual has end-to-end control of sensitive processes.
  • Third-party audit reviews: engaging external experts to assess vulnerabilities and verify controls.

The Business Case for Compliance

This isn’t just about avoiding fines or reputational damage – it’s about embedding a culture of integrity. Fraud is corrosive. It damages trust, impairs morale, and can undermine the very foundation of customer and investor confidence.

The Failure to Prevent Fraud offence compels leaders to ask themselves: If fraud were to occur in our business today, could we show we did everything reasonable to prevent it?

Hide Ad
Hide Ad

If the answer isn’t a confident yes, now is the time to act.

Final Thought

In an era where public scrutiny and regulatory expectations continue to rise, businesses must stop treating fraud prevention as a back-office function and start treating it as a board-level priority.

At Capcon Argen, we’re already working with businesses to prepare for this legislative change – helping leadership teams put the right procedures in place, train their people, and demonstrate clear evidence of control.

Because prevention isn’t just policy – it is ensuring the business has adequate controls in place to protect the brand and profitability of the business, its reputation and its income stream.

Ken Dulieu

Chairman, Capcon and Head of Capcon Argen

Related topics:Fraud
Follow us
©National World Publishing Ltd. All rights reserved.Cookie SettingsTerms and ConditionsPrivacy notice