The Economic Crime and Corporate Transparency Act 2023 (ECCTA) introduces a new corporate criminal offence of failure to prevent fraud, set to take effect on 1 September 2025. This landmark legislation, detailed in government guidance published on 6 November 2024, aims to hold large organisations accountable for fraud committed by their employees or associated persons that benefits the organisation or its clients. With the potential for unlimited fines, businesses must act swiftly to implement robust fraud prevention measures to avoid prosecution. This article outlines the scope of the offence, its implications, and the steps firms should take to ensure compliance.
Understanding the Offence
Under the new offence, a large organisation is criminally liable if an associated person i.e. an employee, agent, or subsidiary, commits a specified fraud offence with the intent to benefit the organisation or its clients.
Specified offences include:
- Fraud by false representation
- False accounting
- False statements by company directors
- Cheating the public revenue
Notably, this is a strict liability offence, meaning the organisation can be prosecuted without proof that senior management had knowledge of the fraud. However, organisations will not be liable where they are the victim of the fraud, rather than the beneficiary.
Who Does the Offence Apply to?
The offence targets large organisations, defined as those meeting at least two of the following criteria in the financial year preceding the fraud:
- More than 250 employees
- Turnover exceeding £36 million
- Total assets over £18 million
The scope includes incorporated bodies and partnerships formed under various legal frameworks, including the Companies Act 2006, Royal Charter, or the Limited Liability Partnerships Act 2000. Parent companies and their subsidiaries are also in scope if their combined resources meet these thresholds. Liability may attach to the parent company or the specific entity within the group responsible for failing to prevent fraud.
While smaller organisations fall outside the direct scope of this offence, they should be aware that they may act as associated persons (e.g. contractors or service providers) and could therefore be implicated indirectly. As a result, smaller firms may increasingly face contractual obligations to adhere to the fraud prevention standards of larger partners or clients.
Key Compliance Requirements
The government’s guidance outlines six principles for establishing a robust fraud prevention framework, aligned with existing “failure to prevent” offences (e.g., bribery and tax evasion):
- Top-Level Commitment: Senior management must foster a culture where fraud is unacceptable, rejecting profits derived from fraudulent activities.
- Risk Assessment: Organisations must conduct dynamic, documented fraud risk assessments to identify vulnerabilities, particularly for frauds benefiting the organisation.
- Proportionate Risk-Based Procedures: Fraud prevention measures should be practical, accessible and tailored to the organisation’s size, complexity and risk profile.
- Due Diligence: Implement risk-based due diligence to mitigate fraud risks posed by associated persons performing services for the organisation.
- Communication and Training: Ensure fraud prevention policies are embedded through internal and external communication, supported by regular staff training.
- Monitoring and Review: Continuously monitor and update procedures, learning from investigations, whistleblowing incidents, and sector-specific risks.
Collectively, these principles necessitate a shift in focus, not just to prevent fraud that harms the business, but also to detect and prevent fraud that benefits it.
Why Act Now?
With the offence coming into force on 1 September 2025, organisations have limited time left to ensure compliance. Existing fraud prevention measures may not suffice. A thorough fraud risk assessment, updated policies and enhanced controls are critical to building a defensible framework.
Key questions to address include:
- Does your organisation meet the “large organisation” criteria?
- Have you identified your associated persons?
- Is your fraud risk assessment tailored to the new offence?
- Are your policies and training programs up to date?
- Do you have a steering committee to oversee compliance?
Failure to act could lead to significant financial and reputational damage.
How Complyport Can Help
Complyport offers tailored solutions to strengthen AML and Fraud Systems and Controls and helping your organisation prepare for the new offence. Our services include:
- Fraud Risk Assessments and Gap Analyses
- AML Risk Assessments and Gap Analyses
- Financial Crime Systems & Controls review
- Policy Development
- Due Diligence support and assurance reviews
Book a Meeting with a Complyport SME
The failure to prevent fraud offence underscores the government’s commitment to tackling economic crime. With unlimited fines at stake, large organisations must prioritise compliance to avoid legal and reputational risks. Contact our experts today to schedule a consultation and strengthen your fraud prevention framework ahead of 1 September 2025.
Ask ViCA, your Virtual Compliance Assistant.
Access instant answers on regulatory changes.
Claim your complimentary 20 queries today! Register here: https://vica.chat
