Businesses need to take action on new ‘failure to prevent fraud’ rules – here’s how

Large organisations found guilty under these new laws will face substantial fines, on top of likely reputational damage. The next nine months are therefore crucial for large organisations to implement robust fraud prevention procedures in line with the Government’s guidance.

Under this new offence, large organisations can be held criminally liable if an employee, agent, subsidiary, or other associated person commits fraud intending to benefit the organisation or its client, and that organisation lacks reasonable fraud prevention procedures. The introduction of a specific “failure to prevent” offence puts businesses in a risky position, and it is broader scope than the UK Bribery Act.

Senior figures risk accountability regardless of whether the benefit of the fraud is direct or indirect, actual or intended.

New guidance issued by the Government outlines six flexible, outcome-focused principles for developing or enhancing fraud prevention procedures.

First, it emphasises that senior management, including boards of directors, partners and key decision-makers, are responsible for preventing and detecting fraud.

Second, there is a minimum requirement for businesses to undertake regular risk assessments taking into account the nature and extent of employees, agents and other associated persons’ exposure to fraud risk. It will rarely be considered reasonable not to have done so.

Third, organisations should implement a fraud prevention plan tailored to their specific needs and proportionate to potential fraud risk.

Fourth, due diligence should be applied to associated persons, including new partners, and in the context of mergers and acquisitions. Existing due diligence procedures may not suffice.

Fifth, effective internal communication of fraud prevention policies and procedures is crucial.

This includes ensuring policies are embedded throughout the organisation, understood, and implemented at all levels.

Sixth and finally, monitoring arrangements should cover fraud which could benefit the organisation or its clients and take necessary actions to address any gaps.

The newly introduced laws are only relevant to large organisations that meet at least two of the following criteria in the financial year preceding the offence: more than 250 employees; a turnover over £36m; and/or assets exceeding £18m. That said, the principles of the guidance are also intended to act as best practice for smaller businesses and organisations, especially those acting as associated persons for larger entities.

The guidance is also directly relevant more broadly as large organisations may require smaller partners to confirm they have minimum fraud prevention measures before engaging in business.

Businesses should note that the new guidance is a starting point, and they should not treat it as a one-size-fits-all checklist. Each organisation must tailor its approach to meet the standard of what is considered reasonable for its specific potential risks.

In the event of a Home Office investigation, an organisation is more likely to avoid penalty if it can demonstrate that reasonable procedures were in place to prevent fraud, or that it was unreasonable to expect such procedures given the circumstances.

Management teams across all businesses therefore need to collaborate with their compliance teams to review and update fraud policies, addressing any gaps before September 2025. Where any serious issues are identified, specialist legal advice should be sought.

Andrew Robson is a Senior Associate and Ronak Mahdavi Jovainy an Associate at Stewarts Law LLP