August 28, 2025 Failure to prevent fraud
The Economic Crime and Corporate Transparency Act 2023 has impacted companies, other organisations and their directorships in many ways, including the requirement to verify the identities of directors and PSCs. Another section of the Act is now due to come into force on 1 September 2025; the offence of ‘failure to prevent fraud’.
The new offence only applies to large companies and their equivalents including subsidiary organisations. However, the Government guidance in respect of the ‘failure to prevent fraud’ offence comments that the guidance represents good practice which smaller organisations may find helpful to follow.
How does the ‘failure to prevent fraud’ offence differ from the more established fraud offences? Specifically, this new offence occurs when the fraudulent act is carried out with the intention of benefitting the organisation. In certain circumstances it can also apply to acts carried out to benefit a client of the organisation. The individual committing the fraud could be an employee, agent, subsidiary body or other associated person or the organisation; and it is the organisations itself which faces prosecution.
Crucially, to prove the offence has taken place, prosecutors won’t have to demonstrate that directors or senior managers knew about the fraud; merely that the organisation did not have reasonable fraud prevention processes in place. If proven the organisation will be liable for an unlimited fine, with the exact amount to be determined by the courts.
The list of potential offences which is set out in the Act includes false representation, failing to disclose information, abuse of position, and false accounting. The offence can still be proved even if the individual who committed the fraudulent act is not prosecuted.
So how do organisations prove that there were reasonable fraud prevention processes in place? Well, the guidance sets out six top level principles which organisations should follow when setting their fraud awareness and prevention procedures. These are:
- top level commitment,
- risk assessment,
- proportionate risk-based prevention procedures,
- due diligence,
- communication (including training),
- monitoring and review.
The associated guidance stresses the importance of good corporate governance and culture as key to successful implementation of anti-fraud measures. It also highlights the need to be aware of and avoid the three elements of the fraud triangle; namely opportunity, motivation, and rationalisation.
As with other areas of corporate reporting the principles and associated guidance are to be viewed as flexible, practical, and outcome focussed. One example given is that processes in an overseas subsidiary may have to differ from those set up in the parent company due to differing legislation in the two countries. It is also expected that risk appraisals and mitigations will differ depending on the business sector and that in certain circumstances existing compliance processes may provide the defence a company needs. Elemental’s governance review offering includes a review of risk management policies, procedures and controls to help organisations to effectively manage risk and comply with legislation.
