The UK Home Office has confirmed that a new corporate fraud offence will come into force on 1 September 2025, signalling a major change in how companies are held accountable for fraud.
The offence of failure to prevent fraud, part of the Economic Crime and Corporate Transparency Act 2023, was outlined in official guidance released in November 2024, claims Moody’s.
The new offence will apply to large organisations operating in the UK, regardless of sector. It is designed to sit alongside existing law, meaning individuals can still be prosecuted for committing fraud while companies can be charged if they failed to prevent it.
The definition of “large organisation” is clearly set out in the guidance. Any business meeting at least two of the following criteria will fall within scope: more than 250 employees, turnover above £36m, or assets greater than £18m. These thresholds apply at the group level, including subsidiaries, no matter where they are based.
At the core of the new offence is the requirement for “reasonable procedures” to prevent fraud. The guidance stresses that a risk-based approach should underpin prevention strategies, ensuring measures are tailored to the size, structure and nature of each organisation. Six key principles are highlighted: top-level commitment, risk assessment, proportionate prevention procedures, due diligence, communication and training, and regular monitoring and review.
The scope of the offence is wide-ranging. It covers fraud under the Fraud Act 2006 as well as common law offences such as cheating the public revenue. Crucially, liability extends beyond direct employees to “associated persons” – including agents, subsidiaries, and third parties providing services for or on behalf of the organisation if the fraud was intended to benefit the company or its clients.
This places greater emphasis on third-party risk management. The guidance makes clear that supply chain partners could be considered “associated persons” if they are delivering services for the organisation. As such, large businesses will be expected to enhance their due diligence processes, making use of risk management tools, screening platforms and other technology to monitor suppliers, partners and contractors.
The recommendations also extend to monitoring the wellbeing of staff and agents to spot vulnerabilities that may increase fraud risk, such as stress or performance pressures. For mergers and acquisitions, businesses are encouraged to conduct comprehensive due diligence, assessing regulatory history, tax exposure and existing fraud controls before finalising deals.
Technology is expected to play a pivotal role. Artificial Intelligence and Machine Learning can support firms in analysing large data volumes, identifying suspicious patterns and reducing false positives that can slow investigations. For many businesses, the adoption of automated systems will be essential to meeting regulatory expectations.
While the offence presents challenges, it also creates an opportunity for firms to strengthen their fraud defences, compliance programmes and broader anti-money laundering frameworks. With fraud threats ranging from phishing and ransomware to insider risks, the legislation underscores the need for robust, dynamic risk management.
As September 2025 approaches, large organisations are being urged to review their fraud risk assessments and prevention strategies to ensure compliance. Industry voices stress that early action will not only help avoid liability but also protect customers, reputations and financial stability.
Additional resources are available, including an eBook on the Failure to Prevent Fraud offence and a paper titled Best Practices of the Best Fraud Prevention Teams, featuring contributions from ING Bank, the UK National Crime Agency and HMRC. These publications highlight the tools and strategies leading firms are adopting to stay ahead of regulatory and criminal threats.
Copyright © 2025 FinTech Global
Copyright © 2018 RegTech Analyst
