After promises of a "Failure to Prevent Fraud" offence finally materialising within the Economic Crime and Corporate Transparency Act in 2023, the UK Home Office released long-awaited guidance in November last year on how firms should comply. The guidance covers several key areas:
Who is in scope – "Large organisations," defined as companies meeting two out of the following three criteria:
a) More than 250 employees
b) More than £36 million turnover
c) More than £18 million in total assetsThe implementation period – Organisations within scope have until 1st September 2025 to develop and implement their fraud prevention procedures.
An overview of the offence – This includes details on the types of fraud covered, territorial scope, investigations, penalties, and sanctions.
Reasonable fraud prevention procedures – The most important section, Chapter 3, outlines what constitutes an adequate defence in terms of controls and compliance measures.
Yes, we all thought we were "done" with fraud after the intense focus on APP scams in 2024. But with the implementation deadline looming on 1st September, the topic—albeit from a different perspective—is firmly back in the spotlight.
Read on for more insights into the new requirements and how we can support you in assessing your fraud prevention procedures.
What is the Failure to Prevent Fraud Offence?
The "Failure to Prevent Fraud" offence is a new legal measure within the UK, part of broader efforts to tackle corporate fraud and encourage ethical business practices. Under this offence, companies can be held liable if they fail to prevent specific fraud activities committed by employees or associated persons unless they can demonstrate that reasonable preventative procedures were in place.
The offence also extends to corporate liability, meaning that if an employee commits fraud as part of their role, the company could face penalties unless they can prove that robust fraud-prevention strategies were actively implemented. The high-level intent is to ensure firms take a proactive stance on fraud detection and deterrence, rather than relying solely on reactive measures.
While the title makes the scope sound bigger than it is, the offence certainly isn’t all encompassing when it comes to fraud; in fact, it only focusses on employees.
Why this legislation matters to financial services firms
For financial services firms, the implications of this offence are significant. Not only are the potential penalties substantial, but non-compliance could also damage a firm's reputation and shake customer trust. Financial crime is a top concern in the fintech and payments sectors, where rapid transactions and digital operations increase exposure to fraudulent activities. Fintechs and payment firms face unique fraud risks that may require more advanced prevention mechanisms than traditional financial institutions. As such, compliance teams must carefully assess how their current controls stack up against these new requirements and address any gaps.
In addition, many financial services firms operate across borders, subjecting them to varied regulatory standards. The "Failure to Prevent Fraud" legislation will likely influence expectations for fraud prevention in other jurisdictions.
What is a reasonable fraud prevention procedure?
An organisation has a defence against penalties and sanctions if they can demonstrate to a court they had reasonable fraud prevention procedures in place. What does that actually mean, though? Similar to the bribery or tax evasion offences, this can be informed by the six principles outlined in the guidance:
Top level commitment
Risk assessment
Proportionate risk-based prevention procedures
Due diligence
Communication (including training)
Monitoring and review
On pages 20- 37 of the guidance, you can find an overview of each principle alongside detailed questions positioned at organisations to ask themselves.
Practically, what does this mean for an organisation?
So, what should you be practically considering against these principles? Here are some steps:
Conduct an Anti-fraud Risk Assessment: Either enhance your existing business-wide risk assessment to include internal fraud or alternatively consider developing a standalone risk assessment which covers the corporate offence
Implement Clear Anti-Fraud Policies: Establish or review fraud prevention policies, detailing specific procedures employees should follow to prevent fraud in their roles. These policies should be frequently reviewed and updated to align with regulatory changes or new types of fraud that may emerge.
Schedule Regular Compliance Audits: Ensure your financial crime audits cover the failure to prevent as part of their scope and or conduct specific assurance reviews in the run up to the implementation date
Customise Training to Address Specific Risks: Bespoke training tailored to a firm’s unique fraud exposure—such as training for customer-facing roles or high-risk departments—ensures that employees are well-prepared to address relevant risks. This approach goes beyond general training to provide practical, role-specific guidance for detecting and mitigating fraud.
By taking these steps, financial services firms can strengthen their defences and reduce the risk of falling afoul of the new "Failure to Prevent Fraud" offence.
How FINTRAIL can support your compliance efforts
FINTRAIL specialises in anti-financial crime consultancy and bespoke training services, providing financial services firms with the expertise and support needed to navigate evolving regulatory landscapes. Our team works closely with fintechs and payment firms to develop tailored fraud prevention strategies, enhance internal controls, and deliver training that meets the unique needs of each organisation. Whether you’re looking to audit your current fraud controls or train your team to spot and prevent financial crime, our fraud support services can help you implement effective, compliant strategies.
For firms uncertain about the adequacy of their fraud prevention measures, FINTRAIL offers comprehensive reviews to help identify potential gaps and reinforce their compliance frameworks. From building in-house training programmes to consulting on fraud detection technology, our experts are committed to helping firms adapt and thrive within this new regulatory environment.
To find out more about, get in touch with our team.
Frequently Asked Questions (FAQ) on the Failure to Prevent Fraud Offence
Q: What types of fraud does the "Failure to Prevent Fraud" offence cover?
The offence typically includes various types of corporate fraud, such as false accounting, misleading statements, and other specified fraudulent activities. The specific frauds covered are defined in the legislation, focusing on areas where corporate negligence could enable fraud.
Q: How can a firm demonstrate it has "reasonable preventative procedures"?
Reasonable preventative procedures are actions or policies that reduce the likelihood of fraud occurring, such as employee training, regular risk assessments, and an established whistleblowing policy. The procedures should be proportionate to the risk level and specific to the firm’s operational structure.
Q: What happens if a firm fails to comply?
Firms that fail to meet the requirements of the "Failure to Prevent Fraud" offence could face penalties, including fines and legal action. Compliance with this offence not only mitigates legal risks but also helps preserve the company’s reputation and customer trust.
Conclusion
The "Failure to Prevent Fraud" offence underscores the growing responsibility on businesses to prevent fraud within their operations. For financial services firms, this means implementing robust, proactive anti-fraud measures and ensuring that employees are equipped to handle the challenges of modern financial crime. Taking these steps now will not only safeguard firms from potential legal consequences but also reinforce trust with customers and stakeholders. If you’re ready to bolster your fraud prevention framework, consider how FINTRAIL’s expert fraud support services can help you stay ahead of the curve.