A new corporate offence called “failure to prevent fraud” came into force on Monday 1 September, putting large organisations squarely in the crosshairs of prosecutors. Under the law, companies can be held criminally liable if they profit from fraudulent activity committed by anyone connected to the business.
If charged, the burden will be on the organisation to prove it had “reasonable” anti-fraud procedures in place. The offence applies to businesses meeting at least two of three criteria: having more than 250 employees, turnover above £36m or assets of at least £18m.
This comes at a time when geopolitical tensions, market volatility and the rapid pace of technological advancement threaten to elevate behavioural risk inside organisations. Indeed, fraud rose 31% last year to its highest level since 2017, according to the Office for National Statistics.
Failure to comply with the new law could mean unlimited fines, long-lasting reputational damage and criminal investigation by the Serious Fraud Office (SFO) or Crown Prosecution Service (CPS) – highlighting the urgency for boards to take swift action.
Reporting lines under pressure
Companies without robust reporting channels risk being blindsided, potentially first learning of misconduct only when investigators arrive. While whistleblowing systems are not mandatory for every business, they are fast becoming a cornerstone of credible fraud, bribery and tax evasion prevention.
“Fraud differs from bribery or tax evasion in that it is intuitively recognisable to most employees,” says Patrick Doris, a partner in Gibson Dunn’s dispute resolution group. “That makes it a far more likely trigger for whistleblowing. If staff don’t know how to raise concerns, or don’t trust the system, a company may later find itself unable to rely on the reasonable procedures defence.”
Training, trusted reporting mechanisms and visible protections for whistleblowers are no longer optional, Doris adds, but “strategic necessities”.
Firms are ‘dangerously unprepared’
Organisations are already grappling with the implications of the new offence. One key challenge is the breadth of conduct captured under the definition of fraud, which extends beyond misrepresentation to cover false accounting and tax evasion. Another is its wide extraterritorial reach: overseas companies could be exposed if fraud with a UK connection is found to benefit their business.
Executives worry that existing compliance frameworks may fall short, particularly when it comes to managing third-party and supply chain risks.
In practice, some firms have begun reassessing their exposure. “Businesses are undertaking fresh risk assessments to gauge where fraud might occur,” says Neil Donovan, partner at Ashurst’s dispute resolution practice. “That has meant rolling out anti-fraud training across employees and subsidiaries, updating internal policies and strengthening compliance clauses in third-party contracts.”
But many businesses are lagging behind when it comes to introducing new training and controls. “Too many mid-sized organisations remain dangerously unprepared,” warns Nicole Spurling, associate director at Vistra, a financial services company. “There’s still a false assumption that existing fraud policies are sufficient or that the legislation won’t apply. Those excuses won’t stand.”
Having a fraud policy on paper will no longer be enough. Prosecutors will expect to see that procedures are active, tested and trusted across the workforce. A weak culture of compliance and ethics could be where many businesses run into legal trouble. Even where whistleblowing channels exist, for example, studies show employees are often hesitant to use them. A survey of 1,500 finance professionals by fraud-detection software company, Medius, found that while 52% had witnessed or suspected internal fraud, most of them (83%) stayed silent. Fear of retaliation and the consequences of false claims were the main reasons cited.
A test of leadership
Skimping on compliance and reporting processes could prove to be a very expensive error for British businesses going forward.
The CPS has already demonstrated its appetite for enforcement. In 2023, under a similar ‘failure to prevent bribery’ offence, it secured a £615m corporate settlement with the gambling company, Entain, for alleged bribery offenses in Turkey. This was the second-largest corporate criminal settlement in the UK and signals the CPS’s commitment to aggressively pursuing corporate wrongdoing.
Nick Ephgrave, the UK’s newest Serious Fraud Office director, has conveyed a bullish optimism for these reforms in recent months. He has outlined his plans to speed up the SFO’s notoriously slow handling of cases and has stated his intent to be the first to prosecute someone under the new failure to prevent fraud offence.
“There is no doubt they are keen to secure convictions,” warns Spurling. “It is reckless for businesses to treat this as a box-ticking exercise for legal teams to sort.”
Senior management must take action now and educate themselves on the impact of the legislation, their obligations and how they can set the right tone top-down across the business before it’s too late. Waiting until prosecutors come knocking is no longer an option.
A new corporate offence called "failure to prevent fraud” came into force on Monday 1 September, putting large organisations squarely in the crosshairs of prosecutors. Under the law, companies can be held criminally liable if they profit from fraudulent activity committed by anyone connected to the business.
If charged, the burden will be on the organisation to prove it had “reasonable” anti-fraud procedures in place. The offence applies to businesses meeting at least two of three criteria: having more than 250 employees, turnover above £36m or assets of at least £18m.
This comes at a time when geopolitical tensions, market volatility and the rapid pace of technological advancement threaten to elevate behavioural risk inside organisations. Indeed, fraud rose 31% last year to its highest level since 2017, according to the Office for National Statistics.
