National law firm Clarke Willmott LLP is urging businesses to enhance their fraud prevention measures in anticipation of new legislation introducing a corporate offence for “failing to prevent fraud.”
The Economic Crime and Corporate Transparency Act 2023 is gradually coming into effect, bringing significant changes to corporate accountability. As of December 2023, companies can now be held liable if a senior manager, acting within their role, commits an offence under the newly established corporate attribution rules.
Further tightening of regulations is set for September 2025, when the “failing to prevent fraud” offence will take effect—carrying the potential for severe financial penalties.
The failure to prevent fraud offence applies to large organisations meeting two or three of the following criteria: over 250 employees, £36 million turnover, or £18 million in assets.
Aidan Clucas, associate in the corporate team at Clarke Willmott in Birmingham, says firms should consider the Government’s guidance carefully and act now to reduce associated risk.
“An organisation may be held criminally liable for fraud committed by an employee, agent, or associated person if the fraud is intended to benefit the organisation.
“Encouragingly, the Government has published guidance to help companies understand the offence and take action to prevent fraud while safeguarding their businesses.”
The guidance outlines six principles: top-level commitment, risk assessment, proportionate procedures, due diligence, communication (including training), and monitoring.
The advice outlines what prevention procedures could be deemed “reasonable in all the circumstances” to serve as a valid defence. To establish this, the company must show evidence of a proactive fraud prevention approach with procedures suited to the specific risks.
“In our experience, leaders in large organisations recognise their responsibility in setting policies and shaping the approach to fraud prevention,” says Aidan Clucas.
“Senior management will need to demonstrate how this top-level commitment is communicated across the business.
“Comprehensive records of risk assessments, prevention measures, training programs, and fraud prevention decisions should all be maintained. These records will help demonstrate compliance and reasonableness if the effectiveness of the measures is ever challenged.”
There are two possible defences for the offence of failing to prevent fraud.
The first applies if the organisation was the target or intended target of the fraud – for example, if a solicitor advising a client commits fraud against their law firm to benefit a client, the firm should not be both victim and defendant.
The second applies if the organisation has implemented “reasonable” fraud prevention procedures.
Aidan Clucas says: “A large organisation can defend itself by either proving it had reasonable procedures in place or showing that it was unreasonable to expect any such procedures.”
Looking forward, he says organisations should conduct a market review to identify external risks and assess internal business “pinch points.” Overseas businesses must assess territories where work is done on their behalf to avoid falling under the Act, while firms should review third-party contracts and employee onboarding processes.