The Government has recently published statutory guidance on the new Failure to Prevent Fraud Offence (“the Offence”), which comes into effect on 1 September 2025.
The Offence
Under section 199 of the Economic Crime and Corporate Transparency Act 2023 (“ECCTA”), an organisation will be criminally liable if fraud is committed by its employees, agents, subsidiaries, or other “associated persons” who provides services for or on behalf of the organisation, where the fraud was committed with the intention of benefiting the organisation or its clients.
Applies to large organisations only
The Offence applies only to large organisations. Under the definition provided in section 201 of the ECCTA, an organisation will be considered “large” if it meets two or three of the following criteria:
- More than 250 employees
- More than £36 million turnover
- More than £18 million in total assets
These criteria apply to the whole organisation, including subsidiaries, regardless of where the organisation is headquartered or where its subsidiaries are located.
The term “associated person” applies to employees, agents, subsidiaries, and any persons providing services on behalf of the organisation. However, franchisees and entities within an organisation’s supply chain will not be “associated persons”, so long as they are not providing services for or on behalf of the organisation.
Types of fraud covered
Large organisations will be liable if fraud is committed and, in this context, the “fraud” includes a number of specific fraud offences, which are called the “Base Fraud Offences”.
The Base Fraud Offences are listed in Schedule 13 to the Economic Crime and Corporate Transparency Act 2023 and, in England and Wales, are:
- Fraud offences under section 1 of the Fraud Act 2006, including:
- Fraud by false representation (section 2 Fraud Act 2006)
- Fraud by failing to disclose information (section 3 Fraud Act 2006)
- Fraud by abuse of position (section 4 Fraud Act 2006)
- Participation in a fraudulent business (section 9, Fraud Act 2006)
- Obtaining services dishonestly (section 11 Fraud Act 2006)
- Cheating the public revenue (common law)
- False accounting (section 17 Theft Act 1968)
- False statements by company directors (section 19 Theft Act 1968)
- Fraudulent trading (section 993 Companies Act 2006).
Aiding, abetting, counselling or procuring the commission of any these offences will also qualify.
Territoriality
The Failure to Prevent Fraud Offence will only apply where the employee, agent, or associated person commits the Base Fraud Offence under UK law. This requires a UK nexus, meaning that one of the acts must have taken place in the UK or that the gain or loss occurred in the UK.
Defence of reasonable fraud prevention procedures
Large organisations will have a defence if they have reasonable procedures in place to prevent fraud, or if they can demonstrate to the satisfaction of the Court that it was not reasonable, in all the circumstances, to expect the organisation to have any prevention procedures in place. The standard of proof is the balance of probabilities.
The Guidance outlines what will be considered “reasonable”, which is based on six key principles:
- Top-level commitment: Senior management should lead by example and cultivate a culture in which fraud is never deemed acceptable.
- Risk assessment: Organisations should evaluate their exposure to the risk of fraud, focussing on employees, agents, and other associated persons. These assessments should be dynamic and remain under review.
- Proportionate risk-based prevention procedures: Organisations should devise fraud prevention plans, with procedures being proportionate to the risk identified in the risk assessment.
- Due diligence: Organisations should routinely conduct risk-based due diligence. These procedures should be examined to ensure that they appropriately address risks.
- Communication (including training): Organisations should educate employees and other associated persons on fraud risks. Prevention measures (such as whistleblowing procures) should also be implemented.
- Monitoring and review: Organisations should establish systems to ensure regular monitoring and review of fraud prevention measures.
Penalties and sanctions
If an organisation is convicted on indictment, it can receive a fine. If convicted on summary conviction, the organisation will receive a fine. As set out in Sentencing Guidelines, courts will consider all the circumstances in deciding the appropriate level of fine for a particular case.
Conclusion
Both Nick Ephgrave, Director of the Serious Fraud Office, and Stephen Parkinson, Director of Public Prosecutions, have broadcast their intention to use the new Offence to its full effect. Large organisations should, therefore, make use of the nine-month transition period before the new Offence comes into effect to ensure that they have robust and reasonable fraud prevention procedures in place.
December 2024
