Out-Law / Your Daily Need-To-Know

Out-Law News 2 min. read

ECCTA failure to prevent fraud guidance published


The long-awaited guidance for the new corporate criminal offence of “failure to prevent fraud” has been published by the UK government, marking a significant step in the ongoing efforts to combat economic crime. 

Hinesh Shah, forensic accountant at Pinsent Masons, said: “The newly published guidance on the failure to prevent fraud offence represents a pivotal moment in the fight against economic crime. Notably, the guidance is very broad and non-prescriptive which allows organisations the flexibility to tailor their fraud prevention measures to their specific needs. Financial reporting measures are specifically highlighted under principle 3, proportionate risk-based prevention procedures.”

Released on 6 November, the guidance provides organisations with important information on the “failure to prevent fraud” offence, introduced as part of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) (376 pages / 3.7 MB) , which aims to hold large organisations accountable if they benefit, or there is an intention to benefit, from fraudulent activities conducted by their employees, agents, subsidiaries, or other associated persons. The offence was designed to encourage larger businesses to take proactive measures to prevent frauds by or connected with their business activities.

The new guidance is intended to help organisations put in place reasonable procedures to prevent fraud by having in place reasonable procedures to provide a defence to criminal liability for failing to prevent fraud and other economic crimes by associated persons. 

The guidance outlines several important aspects of the new “failure to prevent” offence. This includes the scope, with the guidance highlighting that the offence applies to all large incorporated bodies, subsidiaries, partnerships, and large not-for-profit organisations such as charities if they are incorporated. An organisation will be criminally liable if an associated person commits fraud intending to benefit the organisation such as through dishonest sales or commercial practices, hiding important information from consumers or investors, or dishonest practices in financial markets.

To avoid criminal liability, organisations must demonstrate that they had reasonable fraud prevention procedures in place at the time a fraud was committed. 

The guidance sets out six principles that should inform fraud prevention frameworks put in place by organisations in order to comply with the law - top level commitment, risk assessment, proportionate risk-based prevention procedures, due diligence, communication (including training), and ongoing monitoring and reviews. 

Risk assessments must fully consider the potential for relevant economic crimes to be committed. These include but are not limited to fraud. Onboarding of employees and ‘associates’ must be reviewed too and mitigation measures put in place. Sufficiency of training which is properly tailored to the particular employees involved is increasingly an area of regulatory focus and must also be part of the policies and procedures put in place here. 

Tom Stocker, corporate crime expert at Pinsent Masons, said: “Assessing fraud risk and identifying outward fraud risk is challenging because the risks are wide and varied. The guidance states that the application of fraud prevention procedures by organisations is of significant interest to those investigating fraud.”

The offence will come into effect on 1 September 2025, providing organisations with a period to enable risk assessments to be conducted and procedures prepared and rolled out. 

“The implementation period of 10 months should be used wisely with a plan of attack developed and resources allocated to take forward the exercise in a structured manner. If not previously started, organisations should act now to develop, review and implement their fraud prevention procedures,” said Stocker. 

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.