From compliance to culture: how UK executives can lead on fraud prevention

From 1 September 2025, UK companies face a new corporate offence under the Economic Crime and Corporate Transparency Act 2023 (ECCTA): failure to prevent fraud. This development represents both a compliance obligation and a leadership challenge, as the legislation clearly expects organisations, and in particular senior leaders, to take proactive, reasonable steps to protect themselves.

It is hoped that this new corporate offence will encourage more companies to implement or improve prevention procedures, driving a significant shift in corporate culture to help reduce fraud. Many companies, of course, will have prevention measures in place; however, it will be necessary to revisit these, reinforce the principles around them, and provide information and training to ensure all employees are aware of their responsibilities.

Industry experts generally view the Economic Crime and Corporate Transparency Act 2023 (ECCTA) as a positive and necessary step toward improving corporate accountability and reducing economic crime in the UK. However, they also acknowledge the significant compliance burden it places on businesses.

This article highlights the implications for senior leaders, specifically those in the leadership teams of large organisations, not just in terms of legal risk, but also in terms of leadership, culture, and governance.

What has changed?

This goes far beyond duties as a company director or the fiduciary duties owed to an organisation. From 1 September 2025, large organisations will be criminally liable if they fail to prevent fraud committed by an ‘associated person’ (eg employee, agent or subsidiary) for the organisation’s benefit. The only defence is through demonstrating that ‘reasonable’ fraud prevention procedures were in place.

Failure to prevent fraud is a strict liability offence. Intent is irrelevant and no proof of knowledge is required. If fraud occurs and the organisation failed to take adequate steps to prevent it, the organisation (and potentially its senior managers) could face serious consequences, including large fines, as well as gross misconduct dismissal and career-ending reputational damage.

For assessing the accountability of senior management, the ‘directing mind’ test is gone. A senior manager does not need to have acted dishonestly. If they were complacent in their duty to prevent, they can now be personally exposed.

What this means for the C-suite and senior leadership

Senior leadership are responsible for fraud prevention and detection. Those charged with governance of a company need to foster and develop a culture in which fraud is never acceptable, through communication, leading by example, and clear governance of fraud prevention with appropriate training and resources.

Senior leaders can also be held accountable for fraud committed by employees, agents, or subsidiaries acting on the organisation’s behalf. Demonstrating leadership in this area is crucial. Focus on the following:

Set the tone at the top

The ECCTA represents a heightened focus on corporate criminal liability. The new offence is expected to drive cultural and procedural change across UK businesses. The aim is to hold organisations accountable for the actions of a wider range of people connected to them, including not only their employees, but also the employees of subsidiaries and agents who work on their behalf.

The importance of robust internal controls and compliance programmes to meet the new standards cannot be overstated.

• Make fraud prevention a board-level priority.
• Publicly commit to ethical leadership and transparency.
• Allocate resources to fraud risk management – this is not a box-ticking exercise.

Embed fraud risk into strategy

The ECCTA will reshape how companies manage fraud risk, especially through the expanded definition of ‘senior management’ and the new identity verification requirements.

• Integrate fraud risk into the organisation’s enterprise risk management framework.
• Use data analytics to monitor high-risk areas like procurement, sales incentives, and third-party relationships.
• Align fraud prevention with ESG and governance reporting.

A good example of how this can be implemented is revisiting the company’s bonus structure to prevent aggressive sales targets from resulting in invoice manipulation, or conducting due diligence into other risk areas that could be manipulated or are susceptible to fraudulent behaviour.

HR’s role: culture, conduct, and controls

HR will also have responsibilities that include communicating and enforcing the organisation’s position on fraud prevention, ensuring a comprehensive framework is in place, and encouraging an open reporting culture.

• Risk-based recruitment: enhanced vetting for high-risk roles.
• Training: role-specific fraud awareness training, using real-life case studies.
• Whistleblowing: ensure confidential, accessible reporting channels and a culture that supports speaking up.

A good example of how this can be implemented is by introducing regular and anonymous ethics surveys to detect fraud disclosures and areas of potential or significant risk.

Practical fraud prevention measures

Here are some actionable steps to consider:

• Board-endorsed anti-fraud policy and annual fraud statements.
• Mapping of associated persons (employees, agents, subsidiaries).
• Automated controls to flag anomalies in expenses, payments, or refunds.
• Mandatory conflict of interest declarations.
• Pulse surveys to assess ethical culture.
• Mock investigations to test incident response.

What happens if there is a failure to act?

• Criminal liability for the organisation and potentially dismissal for senior leaders.
• Fines and irreparable career/reputation damage.
• Regulatory scrutiny from Companies House and enforcement agencies.

Conclusion

The ECCTA is widely seen as a welcome and overdue reform that aligns the UK with global best practices in corporate governance and anti-fraud regulation. However, it also represents a major shift in expectations for senior leaders, compliance teams, and boards.

The ECCTA is not just about avoiding liability; it is about building a culture of integrity and resilience. Senior leaders have a unique opportunity to shape how their organisation responds to this challenge.