News and Publications

Preparing for the new 'failure to prevent fraud' offence - HR's critical role

Posted: 08/08/2025

The new 'failure to prevent fraud' offence under the UK’s Economic Crime and Corporate Transparency Act 2023 will come into force on 1 September 2025. The act introduces a corporate criminal liability for large organisations if an 'associated person' commits a 'base fraud offence' intending to benefit the organisation or its clients. 

HR plays a crucial role in supporting a culture of compliance and fraud prevention, and will be instrumental in ensuring that organisations are ready to meet their new obligations. This article provides an overview of the new offence and the potential consequences of non-compliance, before taking a look at the practical steps that HR should be taking now in order to prepare for the new offence.

What is the new offence?

A wide range of fraudulent conduct is captured within the 'failure to prevent fraud' offence, namely:

Fraud Act 2006:

  • fraud by false representation;
  • fraud by failing to disclose information; and
  • fraud by abuse of position.

Theft Act 1968:

  • false accounting; and
  • obtaining services dishonestly

Companies Act 2006:

  • false statements by company directors.

Common law:

  • fraudulent trading; and
  • participating in fraudulent business.

Tax law:

  • cheating the public revenue.

The fraud must be deliberately committed to secure a gain (eg money, contracts, reputation) or to avoid a loss for the organisation or its client. The benefit does not need to be realised - the intention alone is sufficient. 

Potential liability

An organisation can be prosecuted even if senior management was unaware of the fraud. Liability arises solely from the failure to have reasonable fraud prevention procedures in place.

If an organisation is found guilty of the offence, it may face an unlimited financial penalty. The courts will determine the amount based on:

  • the severity and scale of the fraud;
  • the level of benefit obtained by the organisation;
  • the effectiveness (or absence) of fraud prevention procedures; and
  • the organisation’s cooperation with the investigation. 

The individual committing the fraud can also be prosecuted separately, while the organisation may be prosecuted for failing to prevent it.

Who is covered?

A 'large organisation' is any organisation that meets at least two of the following three criteria in the financial year preceding the fraud:

  • more than 250 employees;
  • more than £36 million in turnover; or
  • more than £18 million in total assets.

Smaller organisations are not in scope of the offence, but the government encourages them to adopt the same principles as good practice. Even without legal liability, clients, partners or investors may expect small organisations to demonstrate fraud prevention measures, and a failure to act could damage trust, especially in regulated sectors or supply chains with large organisations. It is anticipated that large organisations will expect compliance as part of procurement or partnership agreements.

Who is an 'associated person'?

An 'associated person' is defined intentionally broadly to ensure that organisations are held accountable for fraud committed by individuals or entities acting in a capacity that benefits the organisation, and includes:

  • employees;
  • agents;
  • subsidiaries;
  • contractors or consultants acting on behalf of the organisation; or
  • any person performing services for or on behalf of the organisation.

Extraterritorial reach

A non-UK organisation can be held liable if:

  • it has a UK subsidiary, branch, or office;
  • it carries on business in the UK;
  • the fraud involves a UK client, counterparty, or transaction; or
  • an associated person commits fraud that benefits the organisation and there is a UK nexus. 

For example, a non-UK shipping or technology company with UK clients or contracts could be caught if a fraud is committed by an agent or contractor acting on its behalf. 

Government guidance

The government's guidance on the new offence provides an overview of the offence and describes the general principles for organisations in developing or enhancing procedures to prevent fraud. When a court is considering a case, adherence to these principles will be taken into account.

HR should particularly note the point that organisations should demonstrate top-level commitment to the prevention and detection of fraud. The board of directors, partners and senior management of a relevant organisation should be committed to preventing associated persons from committing fraud. While the level and nature of their involvement will vary depending on the size and structure of the organisation, their role is likely to include:

  • communication and endorsement of the organisation’s stance on preventing fraud, including mission statements;
  • ensuring that there is clear governance across the organisation in respect of the fraud prevention framework;
  • commitment to training and resourcing; and
  • leading by example and fostering an open culture, where staff feel empowered to speak up if they encounter fraudulent practices.

Effective formal statements to demonstrate the commitment by senior managers may include:

  • a commitment to reject fraud, even if this results in short term business loss, missed opportunities or delays;
  • articulation of the business benefits of rejecting fraud (reputational, customer and business partner confidence);
  • articulation and endorsement of the relevant body’s policies or codes of practice on fraud prevention and its key fraud prevention procedures;
  • naming the key individuals and/or departments involved in the development and implementation of the organisation’s fraud prevention procedures;
  • articulation of the consequences for those associated with the relevant body of breaching the policy on fraud. This may include contractual clauses where appropriate; and
  • reference to any membership of collective action against fraud, for example, through initiatives undertaken by trade bodies etc.

Key actions for HR

It is anticipated that organisations will integrate fraud and bribery compliance into a unified framework. Existing anti-bribery, anti-money laundering (AML), and sanctions compliance programmes should serve as a foundation for fraud prevention, and shared tools (eg whistleblowing systems, training platforms, due diligence processes) can be leveraged. 

The main actions HR should be considering now include:

Policy and procedure updates

  • Review and update anti-fraud policies to align with the new offence.
  • Ensure policies clearly define fraud, outline reporting mechanisms, and set expectations for ethical conduct.
  • Integrate fraud prevention into employee handbooks, codes of conduct, and contracts of employment.

Training and awareness

  • Develop and deliver mandatory fraud awareness training for all staff, especially those in high-risk roles (eg sales, finance, procurement).
  • Include real-world examples of fraud and consequences under the new law.
  • Provide refresher training regularly and during onboarding.

Recruitment and vetting

  • Strengthen pre-employment screening and background checks, particularly for roles with access to financial systems or sensitive data.
  • Consider integrity assessments or fraud risk profiling for key positions.

Whistleblowing and reporting mechanisms

  • Ensure there is a confidential and accessible whistleblowing system in place.
  • Promote a culture where employees feel safe to report concerns without fear of retaliation.

Performance and incentives

  • Review incentive structures to ensure they do not inadvertently encourage fraudulent behaviour (eg aggressive sales targets).
  • Include ethical behaviour and compliance as part of performance evaluations.

Monitoring and auditing

  • Collaborate with compliance and internal audit teams to monitor fraud risks and employee conduct.
  • Use data analytics to detect anomalies or red flags in employee behaviour.

Governance and accountability

  • Assign clear ownership of fraud risk within HR and across the organisation.
  • Ensure HR is represented in fraud risk committees or compliance working groups.

Under the self-reporting guidance issued by the Serious Fraud Office (SFO) in April 2025, companies should self-report suspected fraud as soon as they become aware of it. The SFO Director Nick Ephgrave has emphasised that the SFO is looking to prosecute the new offence, and noted that organisations should ensure their procedures are in place by September 2025:

'Come September, if they haven’t sorted themselves out, we’re coming after them. That’s the message I’ll be delivering…I’m very, very keen to prosecute someone for that offence. We can’t sit with the statute books gathering dust, someone needs to feel the bite.'

A stark warning, if one were needed, that large organisations should be acting now to assess their fraud risk exposure and implement proportionate prevention procedures. This will not only mitigate legal liability but also strengthen ethical culture and stakeholder trust.

Arrow GIFReturn to news headlines

Contacts

Paul Mander
Paul Mander

Email Paul
+44 (0)20 7457 3019

Chris Syder
Chris Syder

Email Chris
+44 (0)20 7753 7559

Related expertise

Share the article

Legal 500 - Top Tier Firm Chambers Leading Firm European Law Group Multilaw

Useful links

Value

Contact an office

Sectors

Services for Business

Services for Individuals

Copyright

© 2025 Penningtons Manches Cooper LLP.
All rights reserved.
Website design by Frontmedia / Dynamic Pear

Penningtons Manches Cooper LLP

Penningtons Manches Cooper LLP is a limited liability partnership registered in England and Wales with registered number OC311575 and is authorised and regulated by the Solicitors Regulation Authority under number 419867.

Penningtons Manches Cooper LLP