
Forthcoming legislation – “the failure to prevent fraud” law
Published Jul 24, 2025
On 1 September 2025, organisations in the UK need to be ready to demonstrate that they are taking all reasonable steps to prevent fraud by their employees and all other “associated” people.
This is because the government is taking action to address fraud by implementing the Economic Crime and Corporate Transparency Act 2023 (ECCTA) driven in no small part by the fact that a staggering 41% of all crime in England and Wales is fraud, making it one of the most common crimes in the UK.
The new corporate criminal offence is referred to as the “failure to prevent fraud” law and applies to larger organisations that meet at least two of the following criteria:
More than 250 employees
More than £36m annual turnover
More than 18m in total assets
The law will make an organisation criminally liable for fraud committed by an employee or “associated person” who intended to benefit the company. Organisations will be required to demonstrate that they had suitable fraud prevention measures in place at the time an offence occurs.
Impact on SMEs
Although you may be a smaller employer, meaning the law will not directly apply, as we have seen with other legislation there will be a trickle-down impact.
SMEs can expect that when tendering for work with a larger organisation or when completing an accreditation application to be asked what steps they are taking to prevent fraud and what is the evidence of their actions.
Reasonable fraud prevention procedures
Under the new legislation organisations will be able to defend against prosecution if they can prove they have taken practical steps to prevent fraud.
The government has set out the following six principles to guide employers on establishing fraud prevention procedures:
Top-level commitment - Senior management foster a culture that rejects fraud and encourages employees to speak up about concerns.
Risk assessment - Identify specific fraud risks relevant to the organisation's operations and develop controls and procedures to address those risks.
Risk based prevention procedures – Develop a fraud prevention plan including implementing clear and comprehensive anti-fraud policies and procedures.
Due diligence – Establish and maintain strong internal controls (e.g. segregation of duties and access controls).
Communication (including training) - Providing regular fraud awareness training to employees and issuing relevant policies.
Monitoring and review - Regularly monitor and review the effectiveness of fraud prevention procedures.
These six principles are intended to be flexible and adaptable so that organisations can take action to prevent fraud that is proportionate to the risks within their business.
Relevant organisations that fail to actively prevent fraud can expect to face substantial fines.
If you need further advice on this subject please contact your HR advisor.
Source: Gavin Parrot