A vibrant and dynamic corporate sector is a cornerstone of any successful economy, but some UK companies have been misused by criminals to commit fraud, money laundering and other forms of economic crime.
The Economic Crime and Corporate Transparency Act (ECCTA) was passed by Parliament in 2023 and on 1st September 2025, one of its major provisions is coming into force – one that will affect large organisations.
The problem
Fraud is the most common offence in the UK. A government report in November 2024 confirmed that it accounted for around 40% of all crime.
Businesses can be affected by fraud in a number of ways. Their directors and employees can commit fraud by dishonest sales practices, hiding important information from consumers or investors, or dishonest practices in financial markets.
The new offence
The ECCTA creates a new offence of failure to prevent fraud, which is intended to hold organisations to account if they profit from fraud carried out by their employees.
Some powers to fine and prosecute organisations and their employees for fraud already exist, but the new offence will strengthen these powers, as well as closing loopholes that have – on occasion – let organisations avoid prosecution.
What does the new offence cover?
Under the new offence, an organisation will be liable where a specified fraud offence is committed by employees, agents, subsidiaries or other persons for the organisation’s benefit, and the organisation did not have reasonable fraud prevention procedures in place. The prosecution will not have to show that the company’s senior individuals ordered or knew about the fraud.
It’s hoped that by introducing the new offence, companies and other organisations will be incentivised to adopt, implement, review and improve their fraud prevention procedures.
Which organisations will be affected?
The offence applies to all large bodies corporate (an entity which is not an individual or a partnership) and partnerships. This means that in addition to businesses, large not-for-profit organisations such as charities are also covered by the offence, as well as incorporated public bodies.
Although the offence applies to all sectors, only large organisations are covered by it – “large” is defined as organisations which meet two of the following criteria:
- more than 250 employees,
- more than £36 million turnover and
- more than £18 million in total assets.
How can organisations avoid prosecution?
Government guidance published in November 2024 https://www.gov.uk/government/news/new-failure-to-prevent-fraud-guidance-published says that “organisations will have a defence if they have reasonable procedures in place to prevent fraud, or if they can demonstrate to the satisfaction of the court that it was not reasonable in all the circumstances to expect the organisation to have any prevention procedures in place.”
In order to ensure that a fraud prevention framework can be classed as “reasonable”, it should be informed by the following six principles:
- Top-level commitment
- Risk assessment
- Proportionate risk-based prevention procedures
- Due diligence
- Communication (including training)
- Monitoring and review
It’s intended that the principles should be sufficiently flexible and outcome-focussed that they can be applied effectively to the wide variety of companies and organisations that the Act will cover.
Penalties
If convicted, an organisation can receive an unlimited fine. Courts will take account of all the circumstances in deciding the appropriate level for a particular case.
Individual liability under the new offence
Individuals within companies can already be prosecuted for committing, encouraging or assisting fraud but the government has no plans to introduce individual liability for failure to prevent fraud.
What offences are included?
The failure to prevent fraud offence covers the fraud and false accounting offences most likely to be relevant to corporations:
- Fraud by false representation (Section 2 Fraud Act 2006)
- Fraud by failing to disclose information (Section 3 Fraud Act 2006)
- Fraud by abuse of position (Section 4 Fraud Act 2006)
- Obtaining services dishonestly (Section 11, Fraud Act 2006)
- Participation in a fraudulent business (Section 9, Fraud Act 2006)
- False statements by company directors (Section 19, Theft Act 1968)
- False accounting (Section 17, Theft Act 1968)
- Fraudulent trading (Section 993, Companies Act 2006)
- Cheating the public revenue (common law)
The offence list can be updated through secondary legislation in future, although any new offences added would be limited to economic crime.
Where will the offence apply?
It will apply across the UK. Equivalent offences in Scotland and Northern Ireland will be included in the base offence list, with a power for the relevant Minister in Scotland or Northern Ireland to amend the list with regards to offences for which they are responsible.
How does the offence apply outside the UK?
If an employee commits fraud under UK law, or targeting UK victims, their employer could be prosecuted, even if the organisation (and the employee) are based overseas.
What to bear in mind
Top-level commitment will extend further than merely drafting and publishing a tick-list; if an organisation wants to use a reasonable procedures defence, it will need to show that senior figures were fully aware of the risks of fraud and how important it was to deal with those risks. Evidence will need to be presented of their involvement in pinpointing what those risks were, drafting and implementing measures to tackle those risks and verifying company-wide compliance with those measures.
But even once those measures have been implemented, that’s not the end of the matter. The measures will need to be communicated to staff and a training programme introduced so that everyone is aware of the risks, how those risks might be identified and what they should do if they discover such indicator, including a reporting procedure and nominated individuals within that procedure.
