The corporate offence of failure to prevent fraud (the FTPF offence) under the Economic Crime and Corporate Transparency Act 2023 (ECCTA 2023) came into force on 1 September 2025. The FTPF offence imposes criminal liability on organisations over a certain size if a person associated with them commits fraud intended to benefit the organisation or one of its clients. If an organisation is found guilty of the FTPF offence, it could be liable for an unlimited fine. However, there is a defence if the organisation had in place reasonable procedures to prevent fraud.
What is the FTPF offence?
ECCTA 2023 provides that a "large organisation" will be guilty of an offence if an "associated person" commits a "fraud offence" intending to benefit (directly or indirectly) either the organisation itself, or a person or entity to whom the associated person provides services on the organisation's behalf.
A large organisation is one that meets at least two of the following criteria in the financial year preceding that in which the fraud takes place:
- Turnover exceeds £36 million
- Total assets exceed £18 million
- Has more than 250 employees
Resources held across a parent undertaking and its subsidiaries can be considered cumulatively, i.e. a parent undertaking will be considered a large organisation where the aggregate resources of the group it heads meet at least two of the above criteria.
A subsidiary organisation that is not itself a large organisation will be guilty of the FTPF offence if one of its employees commits a fraud offence that is intended to benefit their employer (directly or indirectly), and the subsidiary's parent company meets the definition of a large organisation.
An "associated person" for these purposes is any:
- Employee, agent, or subsidiary of an organisation, or
- Person who performs services for or on behalf of the organisation
A "fraud offence" is one that is listed in Schedule 13 to ECCTA 2023. The list includes: cheating the public revenue; false accounting; false statements by company directors; fraudulent trading; participating in a fraudulent business; obtaining services dishonestly; and aiding, abetting, counselling or procuring the commission of any such offence. Offences can be added or removed to this list relatively easily by the secretary of state.
What is the reasonable prevention procedures defence?
The FTPF offence is a strict liability offence which is made out in the event that an associated person commits a fraud offence as explained above. However, in-scope organisations will have a defence if they:
- Have reasonable procedures in place to prevent fraud, or
- Can satisfy the court that it was not reasonable in all the circumstances to expect them to have any fraud prevention procedures in place
As the FTPF offence is targeted at preventing fraud by or benefiting the organisation, rather than against the organisation, existing anti-fraud measures that concentrate on protecting the organisation from becoming a victim of fraud will not automatically suffice.
The government has produced guidance for organisations, setting out six principles they should follow to establish reasonable prevention procedures: 1) top level commitment; 2) risk assessment; 3) proportionate risk-based prevention procedures; 4) due diligence; 5) communication (including training); and 6) monitoring and review. These principles are intended to be flexible and outcome-focussed. What will be appropriate and proportionate fraud prevention measures will vary significantly depending on the type of organisation and its risk of fraud. Organisations should therefore ensure that they have considered and addressed the specific risks of fraud that arise from the particular circumstances of their own operations, that the fraud prevention procedures implemented are reasonable and appropriate to that risk and that a record is maintained of this assessment.
What does this mean for employers?
The main responsibility for implementing reasonable prevention procedures is likely to sit with the organisation's senior management or a dedicated compliance team. HR should engage with whoever in their organisation is leading on this issue and implement any agreed measures. HR measures will vary depending on the organisation's particular circumstances and risk assessment, but based on the results of that assessment the following steps might be considered as part of a package of reasonable prevention measures to manage the risk of fraud:
- Amending relevant employment contracts – to highlight the organisation's approach to preventing fraud and obligations on employees to comply with relevant policies and report any suspected fraudulent activity
- Updating disciplinary policies – to specify that committing or assisting in the commission of fraud, and breach of any applicable anti-fraud policy, is considered an act of gross misconduct
- Updating whistleblowing policies – to make clear that all staff may report any suspected fraudulent activity using the organisation's whistleblowing procedures
- Reviewing and implementing anti-fraud contractual provisions in contractor and secondment agreements
If you have any questions about the FTPF offence and what reasonable prevention procedures you should have in place, please get in touch with your usual DACB contact, and we will work together with colleagues in our specialist business crime and regulatory team to advise you. We are able to assist companies to deliver training, review their risk assessments, systems and controls in order to implement the compliance groundwork to manage the liabilities created by this offence.
