A significant shift in the UK’s corporate criminal landscape is approaching and Teal Compliance’s Fraud Team, headed up by Mark Heffer, is here to support you.
The new Failure to Prevent Fraud offence comes into force on 1 September 2025.
While the primary focus of this legislation is on large organisations, its implications extend further, touching upon the practices of smaller firms and their clients, particularly within the legal sector.
At Teal Compliance, our commitment lies in providing clear, authoritative guidance on evolving regulatory requirements. With Mark Heffer overseeing our fraud services, including comprehensive training, we aim to demystify these changes and equip you with the knowledge to navigate them effectively.
What is the New Failure to Prevent Fraud Offence?
Introduced by the Economic Crime and Corporate Transparency Act 2023 (ECCTA), the “Failure to Prevent Fraud” offence targets “large organisations” in the UK. An organisation falls into this category if it meets at least two of the following criteria in the financial year preceding the fraud:
- More than 250 employees
- More than £36 million turnover
- More than £18 million in total assets
The core of the offence is straightforward: a large organisation can be held criminally liable, facing an unlimited fine, if an “associated person” (such as an employee, agent, or even a subsidiary) commits a specified fraud offence with the intention of benefiting that organisation or its clients, and the organisation did not have “reasonable procedures” in place to prevent it. A crucial point to note is that liability does not require the organisation’s senior management to have known about or authorised the fraudulent activity.
The specified fraud offences covered by the legislation are broad, encompassing various sections of the Fraud Act 2006 (e.g., fraud by false representation, fraud by failing to disclose information, fraud by abuse of position), as well as other offences like false accounting and cheating the public revenue.
The Defence of "Reasonable Procedures"
The only defence for an organisation against this offence is to demonstrate that it had “reasonable procedures” in place to prevent the fraud. The government’s official guidance, published in November 2024, outlines six key principles for these procedures, drawing parallels with the established “failure to prevent bribery” offence under the UK Bribery Act 2010:
- Top-Level Commitment: A clear, demonstrable commitment from senior management to preventing fraud. This involves active leadership, clear messaging, and sufficient resourcing.
- Risk Assessment: A thorough and regular assessment to identify the specific fraud risks the organisation faces, considering opportunities, motives, and rationalisations for fraudulent behaviour. This assessment should be dynamic and documented.
- Proportionate Procedures: Implementing anti-fraud measures that are appropriate to the identified risks and the nature of the organisation’s business. These should be clear, practical, and effectively enforced.
- Due Diligence: Conducting proportionate and risk-based due diligence on all “associated persons,” including employees, agents, and third parties acting on behalf of the organisation.
- Communication (including Training): Ensuring that fraud prevention policies and procedures are clearly communicated throughout the organisation and that all staff receive adequate, ongoing training. This includes establishing effective whistleblowing mechanisms.
- Monitoring and Review: Regularly monitoring and reviewing the effectiveness of fraud prevention procedures, making adjustments as risks evolve or new information comes to light.
Why This Matters for All Law Firms (and their Clients)
While the legal obligation for this new offence rests with large organisations, the principles underpinning it represent sound governance and risk management for all businesses. For smaller law firms, the relevance is multi-faceted:
- Best Practice and Risk Mitigation: Adopting these principles, even if not legally mandated, strengthens your firm’s defences against fraud. Fraudulent activity can cause significant financial loss and reputational damage, irrespective of firm size. Proactive prevention is always more effective than reactive clean-up.
- Client Protection: As trusted advisors, law firms often handle significant client funds and sensitive information. Implementing robust fraud prevention procedures directly enhances the protection of your clients’ interests, fostering greater trust and confidence.
- “Associated Person” Implications: Smaller law firms and their clients could potentially fall within the definition of an “associated person” to a large organisation. If a small firm (or its client) provides services to a large organisation, and fraud is committed with the intention of benefiting that large organisation (or its clients), the large organisation could be liable if it lacked reasonable prevention procedures. This dynamic underscores the importance of clear communication and robust practices across the supply chain.
- Evolving Regulatory Landscape: The trend in economic crime legislation is towards broader corporate accountability. What begins as a requirement for “large organisations” can often influence expectations and future regulations for smaller entities. Preparing now positions your firm ahead of the curve.
- Operational Resilience: A comprehensive fraud prevention framework often involves a review of internal controls, processes, and governance. This can lead to broader improvements in operational efficiency and resilience.
Preparing for September 2025
The clock is ticking, and while the 1st September 2025 deadline might seem distant, establishing effective fraud prevention procedures requires dedicated effort.
Organisations, large or small, should be:
- Conducting thorough risk assessments: Identify specific fraud vulnerabilities relevant to your operations and client base.
- Reviewing existing policies: Assess whether current fraud prevention, anti-money laundering, and compliance procedures adequately address the risks highlighted by the new offence.
- Developing a proportionate prevention plan: Tailor procedures to your firm’s size, complexity, and risk profile.
- Investing in training: Ensure all staff, from partners to support teams, understand their role in preventing fraud and how to identify and report suspicious activities.
- Documenting everything: Maintain clear records of your risk assessments, procedures, training, and ongoing reviews.
At Teal, Mark Heffer brings considerable expertise in financial crime and fraud prevention. His insights are invaluable for understanding the nuances of this new offence and translating the statutory guidance into practical, effective measures.
Whether you’re a large organisation directly in scope, or a smaller firm seeking to enhance your resilience and client protection, proactive engagement with these principles is paramount.
For further detailed guidance, the Solicitors Regulation Authority (SRA) and UK Finance have both published helpful insights and resources, which we recommend consulting.
The new Failure to Prevent Fraud offence represents a critical step in strengthening the UK’s fight against economic crime. By embracing its core principles, firms of all sizes can not only contribute to this vital effort but also safeguard their own integrity and future success.
Our
Drop us an email or get in touch HERE for more information on the subject of Fraud Prevention.