The introduction of the new "failure to prevent fraud offence" marks a shift in how large organisations (those which fulfil at least two of the relevant criteria below) are held accountable for economic crime.
As of 1 September 2025, large organisations must have robust fraud prevention procedures in place, or risk facing prosecution.
According to the UK Government Guidance published in November 2024, the failure to prevent fraud offence "is intended to encourage organisations to build an anti-fraud culture, in the same way that failure to prevent bribery legislation has helped reshape corporate culture since its introduction in 2010".
While much of the commentary has focused on the corporate compliance of large organisations, private clients - particularly those with complex financial interests, who own or control businesses which meet the criteria, are part of a corporate group company structure, including multi-national, or hold positions as directors or shareholders - should take note.
What is the "failure to prevent fraud" offence?
Introduced under the Economic Crime and Corporate Transparency Act 2023, the new offence is designed to hold large organisations to account if they fail to prevent fraud committed by an associated person for their benefit.
Under the Act an organisation will commit the offence where:
- a person who is associated with the organisation commits a specified fraud offence intending to benefit (whether directly or indirectly) the organisation and the organisation did not have reasonable fraud prevention procedures in place.
Critically, directors, officers and/or senior management do not need to know about the fraud for the organisation to be held liable. Organisations found liable of the failure to prevent fraud offence can be subject to an unlimited fine.
The offence applies to "large organisations", which is one that meets two of the following criteria:
- More than 250 employees
- More than £36 million turnover
- More than £18 million in total assets
The fraud must be carried out by "an associated person", which includes employees, agents, or a subsidiary of the organisation, with the intention to benefit the organisation or its clients. An organisation does not need to actually receive any benefit for the offence to apply, nor does the benefit in question need to be financial.
Is there a defence?
An organisation will have a defence if it has reasonable fraud prevention procedures in place. What is meant by reasonable will depend on the size, sector and risk profile of the organisation.
The UK Government guidance outlined six principles that should inform an organisation's fraud prevention framework:
- Top level commitment from the senior management;
- Risk assessment policies and processes;
- Proportionate risk-based prevention procedures;
- Due diligence;
- Communication (including training); and
- Monitoring and review.
What should private clients do now?
Private clients should take proactive steps in response to the new failure to prevent fraud offence. This includes engaging advisers at an early stage, notably legal counsel and compliance professionals and, where appropriate, reputational management experts. Early engagement is essential, not only for understanding the direct risks but also for assessing wider exposure through associated individuals, companies or trusts.
Clients should undertake a thorough review of their existing structures to determine whether any organisations they own, control, manage or benefit from fall within the scope of the legislation. If a client establishes that their existing structures are caught, they should then seek to establish whether those organisations are taking the required steps to protect against the new offence.
Organisations themselves should be considering the following points
- Conduct risk assessments to identify potential fraud risks within your organisations.
- Review and develop policies and procedures to manage the risks presented by the new offence.
- Consider targeted training for employees and associated persons.
- Develop a record of decisions and actions taken to demonstrate compliance.
- Continue to monitor and review effectiveness of fraud prevention measures.
- Engage advisers early, including legal counsel, to build a defensible position should issues arise.
Why this matters for private clients
While the offence of failure to prevent fraud is aimed at organisations, private clients with complex business structures or interests and who are or could be connected to large organisations are now exposed to legal, financial and reputational risk if the companies they are connected to do not have adequate fraud prevention procedures in place.
Although it remains to be seen how the UK authorities will prosecute this offence, adopting a robust and defensible fraud prevention framework with reference to the principles advised by UK Government guidance represents good practice and should also be considered by smaller organisations.
This legislation also signals a broader push by the UK Government towards accountability, transparency, and due diligence - values that are increasingly expected from wealth holders in this jurisdiction as well as corporations. Taking proactive steps now to mitigate against the risks is a necessary part of responsible wealth and business management.