Skip to content

Navigating the failure to prevent fraud offence: guidance for organisations

person typing on keyboard

Earlier this month, the Government published guidance on the new failure to prevent fraud offence (the Guidance) introduced by the Economic Crime and Corporate Transparency Act 2023 (ECCTA). Organisations will be especially keen to understand the Guidance on how to develop reasonable fraud prevention procedures, as having reasonable fraud prevention procedures in place can serve as a defence against the new offence. 

Publication of the Guidance has triggered a nine-month implementation period for organisations to develop and put in place appropriate procedures. Organisations that are found criminally liable could land a potentially unlimited fine. It is therefore essential that steps are taken now to develop and implement fraud prevention procedures before the offence comes into force on 1 September 2025.

This briefing provides an overview of the principles of fraud prevention procedures as set out in the Guidance.

Overview of the offence

The offence will hold organisations to account for fraud committed by their employees, agents, subsidiaries, or other “associated persons” who provide services for or on behalf of the organisation, where the fraud was committed with the intention of benefitting the organisation or their clients (directly or indirectly). Senior managers and directors do not need to have known about the fraud.

The offence applies to large, incorporated bodies and partnerships across all sectors of the economy. It should be noted that when considering the size of organisations, the criteria apply to the whole organisation, including subsidiaries and regardless of where the organisation headquarters or subsidiaries are located provided there is a UK nexus (see further below). The offence is not limited to commercial organisations; incorporated charities will be within scope if they meet the “large organisation” criteria.

The new offence encompasses the fraud and false accounting offences most likely to be relevant to corporations. It only applies if the person commits the base fraud while acting in their capacity as a person associated with the corporation (for example, if acting as an employee or as an agent). A fraudulent act that takes place outside this capacity – for  example, in that person’s private life – does not give rise to corporate liability.

What is meant by “intending to benefit”

The issue of who is intended to benefit from the underlying fraud is key to determining whether a relevant organisation can be held accountable for the offence of failure to prevent fraud. There is no requirement for an organisation to actually receive a benefit for the offence to apply. It is enough that the organisation was intended to be the beneficiary. The same applies if the intention was to benefit the clients to whom the associated person provides services for or on behalf of the relevant organisation.

Intent is judged based on the position of the associated person at the time they commit the fraud. The Guidance notes that it would be irrelevant, for example, if, as a consequence of the fraud being discovered, the organisation had to reimburse the proceeds and therefore did not benefit from the fraud in the end.

Crucially, the intention to benefit the organisation does not have to be the sole or dominant motivation for the fraud.

Territoriality

The offence requires a “UK nexus”, which means that one of the acts which was part of the underlying fraud took place in the UK, or that the gain or loss occurred in the UK. The offence is therefore broad in scope: an employing organisation, irrespective of where it is based, could be prosecuted if a UK-based employee commits fraud or if an overseas-based employee commits fraud in the UK or targets victims in the UK. 

Reasonable fraud prevention procedures

The onus is on the organisation to put in place adequate fraud prevention measures designed with its specific structure and location in mind. Organisations will have a defence if they have reasonable fraud prevention procedures in place or if they can show it was not reasonable to expect the organisation to have any prevention procedures in place. This assessment can only be made by the courts which will take into account the particular facts and circumstances of the case.

Chapter 3 sets out comprehensive guidance on what organisations should consider when designing and implementing reasonable procedures. Organisations should be informed by the following six principles:

Top level commitment: responsibility for the prevention and detection of fraud rests with those charged with the governance of the organisation. As such, the role of the board of directors, partners and senior management is likely to include:

  • Communicating and endorsing formal statements of the organisation’s fraud prevention stance
  • Ensuring clear governance for the organisation’s fraud prevention framework
  • A commitment to training and resourcing
  • Leading by example to foster a culture that combats fraud

Risk assessment: most organisations will already have carried out risk assessments in some form, so what is required for these purposes may only need to be an extension of existing analysis where necessary. Risk assessments should also be reviewed regularly. 

The assessment may start with the identification of categories of associated persons followed by a range of circumstances under which the risk of fraud arises. Typologies of risks may be developed by considering the fraud triangle:

  • Opportunity: this includes not just whether the associated persons have the opportunity to commit fraud but also looking at whether emerging tech facilitates the ability to commit fraud and whether certain associated persons can operate with minimal supervision.
  • Motive: this considers factors such as whether there are financial, operational or temporal constraints within the organisation that can place additional pressure on employees to complete projects quickly.
  • Rationalisation: this looks both at the prevalence of fraud in wider business sector and whether the organisation makes it difficult for employees to raise concerns.

Proportionate risk-based prevention procedures: appropriate fraud prevention procedures should be proportionate to the potential fraud risks and take into account the nature and complexity of operations.

When drawing up a proportionate fraud prevention plan, risk factors should be considered in the context of:

  • Reducing the opportunities for fraud
  • Reducing the motives for fraud
  • Being clear on the consequences for committing fraud
  • Challenging the rationalisation of fraudulent behaviour
  • Sector specific information

In limited circumstances it will be reasonable not to introduce measures. It is recommended under the Guidance that a record is kept of the decision maker and reasons for making the decision. However, the Guidance states that it will rarely be considered reasonable not to have even conducted a risk assessment.

Due diligence: Appropriate due diligence should be carried out in respect of individuals within the organisation who perform services on its behalf to mitigate fraud risks.

Communication (including training): Fraud prevention policies should be communicated and embedded throughout the whole organisation. This is likely to involve:

  • Regular training: this is key and should be proportionate to the risk faced
  • Whistleblowing arrangements

Monitoring and review: Procedures should be regularly reviewed to ensure that they are sufficient and updated where required.

If you are considering the impact of the new offence on your organisation, our team would be happy to discuss next steps with you. Please contact Gerard Heyes and Georgia Tetlow for further information.

If you would like to know more about the broader reforms that have been introduced under ECCTA so far and/or any of the other provisions that are expected to come into force during the course of 2025, please read our earlier commentary here. We will continue to monitor developments.

This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.

© Farrer & Co LLP, November 2024

 

Want to know more?

Contact us

About the authors

Gerard Heyes lawyer

Gerard Heyes

Partner

Gerard is an experienced litigation and contentious regulatory lawyer, specialist in advising senior executives, (U)HNWIs, entrepreneurs, investors, asset managers and investment funds in responding to and resolving disputes, litigation, enforcement investigations by the FCA and PRA, internal investigations and civil fraud claims. Gerard’s experience includes litigation in the High Court, Court of Appeal and Supreme Court and regulatory investigations, enforcement and disputes involving the FCA and PRA.

Gerard is an experienced litigation and contentious regulatory lawyer, specialist in advising senior executives, (U)HNWIs, entrepreneurs, investors, asset managers and investment funds in responding to and resolving disputes, litigation, enforcement investigations by the FCA and PRA, internal investigations and civil fraud claims. Gerard’s experience includes litigation in the High Court, Court of Appeal and Supreme Court and regulatory investigations, enforcement and disputes involving the FCA and PRA.

Email Gerard +44 (0)20 3375 7109
Hoi-Yee Roper lawyer

Hoi-Yee Roper

Senior Counsel

Hoi-Yee is Senior Counsel and the Knowledge Lawyer in the Dispute Resolution team. As an experienced litigator and author of legal guidance, Hoi-Yee works with the team to ensure they deliver the best possible service to clients. She keeps the team up to date with developments in the law, practice and technology, ensures the team has the resources required to undertake client work, and oversees dispute resolution training to the team and across the firm. In addition, Hoi-Yee regularly contributes to client briefings and legal journals.

Hoi-Yee is Senior Counsel and the Knowledge Lawyer in the Dispute Resolution team. As an experienced litigator and author of legal guidance, Hoi-Yee works with the team to ensure they deliver the best possible service to clients. She keeps the team up to date with developments in the law, practice and technology, ensures the team has the resources required to undertake client work, and oversees dispute resolution training to the team and across the firm. In addition, Hoi-Yee regularly contributes to client briefings and legal journals.

Email Hoi-Yee +44 (0)20 3375 7186
Georgia Tetlow lawyer

Georgia Tetlow

Associate

Georgia specialises in commercial dispute resolution, regularly advising companies, institutions and private individuals. Georgia advises on a broad range of commercial disputes, including breach of contract claims; shareholder disputes and professional negligence. Her work also includes acting in high-value and complex civil fraud claims, often with an international element.

Georgia specialises in commercial dispute resolution, regularly advising companies, institutions and private individuals. Georgia advises on a broad range of commercial disputes, including breach of contract claims; shareholder disputes and professional negligence. Her work also includes acting in high-value and complex civil fraud claims, often with an international element.

Email Georgia +44 (0)20 3375 7698
Sophie Giblin lawyer

Sophie Giblin

Knowledge Lawyer

Sophie is the knowledge lawyer for the firm’s Corporate practice providing technical legal support and training to the team.

Sophie is the knowledge lawyer for the firm’s Corporate practice providing technical legal support and training to the team.

Email Sophie +44 (0)20 3375 7489
Back to top