Failure to Prevent Fraud: What Businesses and Directors Need to Know

Failure to Prevent Fraud: What Businesses and Directors Need to Know

A single gap in your company’s fraud defences could lead to unlimited fines, a criminal record, or even the collapse of your business. The failure to prevent fraud offence - brought in by the Economic Crime and Corporate Transparency Act 2023 - creates serious new risks for UK businesses, directors, and senior managers. With prosecutors and regulators under pressure to clamp down on economic crime, you can now be held criminally liable for fraud committed by your staff, agents, or contractors, even if you knew nothing about it.

If you are a business owner, board member, in-house counsel, or compliance professional, this law changes everything. Strict liability means the prosecution does not have to prove intent. Unless you can demonstrate “adequate procedures” to prevent fraud, your company and leadership could face prosecution.

In this post, you will find:

• What the failure to prevent fraud offence is and how it works
• Who is covered by the law and real-world examples
• The key elements that trigger liability
• Penalties and consequences of non-compliance
• What counts as “adequate procedures”
• A practical checklist to prepare your business
• FAQs for directors and managers

Understanding these rules (and acting now) can protect your business, your reputation, and your future.

What Is the Failure to Prevent Fraud Offence?

The failure to prevent fraud offence is a new legal duty created by the Economic Crime and Corporate Transparency Act 2023. This offence means that a business or organisation can now be prosecuted if a person associated with it commits fraud for its benefit - and the organisation cannot show it had proper procedures in place to stop that fraud.

How Did This Law Come About?

This new offence was introduced as part of the UK government’s drive to fight economic crime and boost corporate responsibility. High-profile scandals and rising fraud losses highlighted that some companies did not do enough to prevent employees or agents from acting dishonestly. The new law aims to change corporate culture, making businesses directly accountable for preventing fraud within their operations.

What Does “Failure to Prevent Fraud” Mean in Practice?

If an associated person (such as an employee, agent, or contractor) commits a qualifying fraud offence intending to benefit the company or its clients, the company itself can be prosecuted. This is true even if senior management did not know about or approve the fraud.

This is known as a strict liability offence. The prosecution does not need to prove that directors or owners were involved or negligent. If fraud happens and “adequate procedures” to prevent it are not in place, the organisation is at risk.

Who Can Be Prosecuted?

The law applies to any “relevant body,” which includes:

• Companies of all sizes, from large PLCs to SMEs and micro-businesses
• Limited liability partnerships (LLPs)
• Partnerships, whether incorporated or not

There is no exemption for smaller businesses or charities.

How Does It Compare to the Bribery Act?

This new offence mirrors the approach used in the Bribery Act 2010, which also created a strict liability offence for companies failing to prevent bribery by associated persons. The same logic applies - businesses must actively guard against fraud, not just respond after it occurs.

Why Was This Offence Introduced?

The law is part of a wider anti-fraud agenda. It is designed to:

• Close loopholes that allowed companies to ignore fraud risk
• Encourage investment in strong compliance and internal controls
• Reassure customers, regulators, and investors that businesses are taking fraud prevention seriously

By making prevention a legal obligation, the law signals a new era of corporate accountability in the UK.

Who and What Does the Law Cover?

The failure to prevent fraud offence casts a wide net over UK businesses. It is not just aimed at large corporations or those in high-risk sectors. Nearly every type of commercial organisation can be caught by this new law, regardless of size or industry.

Who is a “relevant body”? A relevant body includes:

• Private limited companies (Ltd)
• Public limited companies (PLCs)
• Limited liability partnerships (LLPs)
• Traditional partnerships (including unincorporated)
• Charities and not-for-profit organisations if they have a corporate structure

Even small businesses, start-ups, and family-run companies fall within the law’s reach. There are no exemptions based on turnover, sector, or company size.

Who is an “associated person”? An associated person is anyone who performs services for or on behalf of the company. This includes:

• Employees at all levels
• Directors and senior managers
• Agents, consultants, and contractors
• Temporary staff, sub-contractors, or sometimes even suppliers

The law recognises that fraud can be committed by people both inside and outside the business, as long as there is a link to the organisation’s activities.

Key examples:

• An employee defrauds a customer by submitting false invoices. If the business did not have procedures in place to prevent such acts, it can be prosecuted.
• A contractor manipulates accounts or financial records for the benefit of the company. The company faces liability if it cannot show it took steps to guard against this.

No business is too small or “low risk”The clear message is that every business, whether local or global, must take fraud prevention seriously. Ignoring the risk or assuming your sector is not a target will not protect you from prosecution under this law. Every organisation must act now to understand and address its responsibilities.

Key Elements of the Offence

Understanding the failure to prevent fraud offence means breaking down its legal components. Here’s what triggers liability under the new law, explained in straightforward terms.

1. Fraud Committed by an Associated Person

The first element is that a fraud offence must be committed by someone connected to the business - an “associated person.” This could be an employee, director, agent, consultant, or contractor. The fraud must be carried out with the intention of benefiting the company or one of its customers. It doesn’t matter if the benefit is financial or reputational, or if the company actually receives the benefit.

Examples of fraudulent acts that could trigger prosecution include:

• False accounting: An employee manipulates accounts to hide losses or inflate profits.
• Invoice fraud: A contractor submits fake invoices for work that was never done.
• Misrepresentation to clients: A manager provides false information to win a contract or investment.
• Expense fraud: Staff members claim for costs that were not actually incurred.

2. The Business Lacked “Adequate Procedures” to Prevent Fraud

To be held liable, the organisation must have failed to put “adequate procedures” in place to prevent fraud. There is no set definition of what counts as adequate; it depends on the company’s size, risks, and activities. What matters is that a reasonable effort was made to stop fraud happening - simple box-ticking or paperwork will not be enough.

If a business can show it took genuine, proportionate steps to prevent fraud, it can avoid prosecution even if a crime does occur.

3. Strict Liability: No Intent or Knowledge Needed

Perhaps the most significant change is that this is a strict liability offence. The prosecution does not have to prove that directors, owners, or senior management intended for the fraud to happen, or even that they knew about it. If an associated person commits fraud and the company cannot show adequate prevention measures, the company is automatically at risk.

This “strict liability” approach mirrors the Bribery Act and is designed to force all businesses to take active responsibility for their culture and controls.

Penalties for Failure to Prevent Fraud

The penalties for failing to prevent fraud are severe, and understanding these risks is crucial for every business leader. The most significant consequence is the threat of unlimited fines. There is no upper limit to the financial penalty a court can impose if your organisation is found guilty under this offence. This can cripple even large companies and easily destroy smaller businesses.

A conviction also means a criminal record for the business. For directors and senior managers, this can lead to disqualification from holding company office, not to mention the lasting damage to your personal and corporate reputation. Reputational harm may affect customer trust, investor confidence, and employee morale long after any penalty is paid.

For many firms, especially those operating in regulated sectors such as finance, insurance, or law, a conviction could result in being barred from holding public contracts or losing important licences with the Financial Conduct Authority (FCA) or other regulators. In some cases, this could mean the end of your business entirely.

The Serious Fraud Office (SFO) and Crown Prosecution Service (CPS) have made clear their intention to enforce this law rigorously. Their approach will be shaped by previous enforcement of the Bribery Act, where multi-million-pound fines and damaging publicity were commonplace.

Although this is a new offence, Bribery Act prosecutions offer a clear warning: companies have faced fines in the tens of millions, alongside director bans and business collapse. The cost of non-compliance far outweighs the effort required to put effective anti-fraud procedures in place.

“Adequate Procedures” - The Only Defence

The law provides one main safeguard for businesses: the ability to defend themselves by proving they had “adequate procedures” in place to prevent fraud. This defence is vital and requires more than simply adopting a policy - it demands a living, active approach to risk management and compliance.

What Are “Adequate Procedures”?

Government guidance (expected to mirror the Bribery Act 2010) highlights six core principles that define effective fraud prevention:

1. Proportionate procedures: Controls must match the size, complexity, and risk profile of your business.
2. Top-level commitment: Senior management must set the tone, making clear that fraud will not be tolerated.
3. Risk assessment: Regular, thorough analysis of where and how your business could be vulnerable to fraud.
4. Due diligence: Checking the backgrounds and integrity of employees, contractors, and business partners.
5. Communication and training: Ensuring all staff and associated persons understand anti-fraud policies and know what is expected of them.
6. Monitoring and review: Continually testing, updating, and improving procedures as risks change.

Practical Examples

• Conducting regular fraud risk assessments and reviewing findings at board level.
• Setting up a whistleblowing policy that allows staff to report concerns in confidence.
• Providing staff training on recognising and reporting suspicious activity.
• Performing thorough background checks before hiring or engaging key suppliers.
• Keeping all policies and procedures up to date, rather than relying on outdated documents.

Living Documents, Not Box-Ticking

“Adequate procedures” must be more than a paper exercise. Outdated or generic policies copied from elsewhere are unlikely to be enough. The courts and regulators expect to see genuine, ongoing commitment and a culture of integrity - starting from the top and reaching every level of the business.

Preparing Your Business – Steps to Take Now

Proactive compliance is essential in the new era of strict corporate liability for fraud. Whether your business is a major PLC or a growing SME, taking these steps now will reduce risk, build a culture of integrity, and help you stand up to scrutiny from prosecutors or regulators.

1. Conduct a Fraud Risk Assessment

Start by identifying where and how fraud could happen in your business. Consider every level, from front-line staff to senior managers and external contractors. Map out your processes for payments, invoicing, procurement, and customer interactions. Use real-life examples and look at past incidents—both inside your organisation and within your sector.

2. Audit and Update Internal Policies

Review your anti-fraud and compliance policies in detail. Are they up to date with the latest legal requirements, including the Economic Crime and Corporate Transparency Act 2023? Check whether your procedures are specific to your risks or simply generic templates. Update or replace documents where necessary and make sure they are easy to understand and accessible for all staff.

3. Train Staff and Associated Persons

Education is a powerful defence against fraud. Deliver regular, tailored training to employees, managers, agents, and contractors. Make sure everyone understands their obligations, how to spot red flags, and how to report suspicions. Senior management should set the tone by actively promoting a zero-tolerance culture.

4. Set Up Reporting and Investigation Mechanisms

Create clear channels for reporting suspected fraud or unethical behaviour—such as a whistleblowing hotline or email. Make it easy and safe for staff to raise concerns in confidence. Have a documented process for investigating allegations promptly and fairly, and for acting on findings.

5. Document Everything

Keep thorough records of your risk assessments, policy reviews, training sessions, and investigations. Well-kept documentation will be your evidence of “adequate procedures” if the business is ever challenged by the SFO, CPS, or FCA. Do not rely on verbal assurances or informal practices.

6. Arrange for External Legal Review

Ask an independent legal expert, such as our fraud solicitors at MMA Law, to review your compliance framework. External review helps identify gaps, blind spots, or risks you may have missed internally. It also demonstrates your commitment to robust governance and sends a positive message to regulators.

Mistakes to Avoid

• Ignoring the risks posed by third parties or “associated persons” outside your direct control
• Assuming that written policies alone are enough
• Treating compliance as a one-off project, not an ongoing process

MMA Law works with organisations across the UK to deliver compliance audits, draft practical policies, provide board-level guidance, and support crisis response. Taking these steps now will put your business in the strongest position to prevent fraud—and to defend itself if the worst happens.

Frequently Asked Questions – Failure to Prevent Fraud

What is the “failure to prevent fraud” offence?

The “failure to prevent fraud” offence is a new legal duty under the Economic Crime and Corporate Transparency Act 2023. It makes companies and other relevant bodies criminally liable if someone associated with them—such as an employee or agent—commits fraud for the organisation’s benefit, and the business did not have “adequate procedures” in place to stop it. This law is designed to force companies to take fraud prevention seriously, closing loopholes that previously allowed businesses to avoid responsibility for dishonest acts carried out on their behalf.

Who is liable under the new law?

Any business that qualifies as a “relevant body” can be liable under the failure to prevent fraud offence. This includes private and public companies, limited liability partnerships (LLPs), and partnerships of any size. Charities and not-for-profit organisations with a corporate structure can also be affected. Directors and senior managers can face disqualification or reputational harm if the company is prosecuted, even if they were not personally involved in the fraud.

What are “adequate procedures”?

“Adequate procedures” are robust, practical steps that a business must put in place to prevent fraud. According to anticipated government guidance, these include:

• Tailored anti-fraud policies and controls
• Top-level commitment from leadership
• Regular fraud risk assessments
• Due diligence on employees and partners
• Ongoing staff training and clear communication
• Monitoring, reviewing, and improving procedures

Can small businesses be prosecuted?

Yes, small businesses can be prosecuted for failure to prevent fraud. The law does not exempt organisations based on their size or turnover. All companies (whether large or small) must have proportionate procedures in place to prevent fraud, tailored to their own risks and activities. Small businesses should avoid assuming the law only applies to big corporates, as any gap in controls could put them at risk.

How is this different from failing to prevent bribery?

The failure to prevent fraud offence is similar in approach to the Bribery Act 2010’s “failure to prevent bribery” offence. Both laws create strict liability for companies whose associated persons commit wrongdoing. However, the new fraud offence specifically targets a wider range of fraudulent activities—such as false accounting, misrepresentation, and tax fraud - rather than just bribery and corruption. The principles of compliance are similar, but the types of offence and risks are broader under the new law.

What are the penalties?

Penalties for failure to prevent fraud are severe. Courts can impose unlimited fines on businesses convicted under the law. A conviction may also result in a criminal record, director disqualification, and serious reputational harm. Regulated businesses could lose licences, face restrictions on public contracts, or even risk closure. The Serious Fraud Office (SFO) and Crown Prosecution Service (CPS) will take breaches very seriously.

What should I do if I discover fraud in my business?

If you discover fraud, act quickly and follow these steps:

1. Secure evidence—preserve emails, documents, and digital records.
2. Report your concerns internally using established procedures or whistleblowing channels.
3. Do not attempt to cover up or minimise the issue.
4. Seek legal advice as soon as possible to protect your business and your own position.

Prompt, transparent action and early legal support are crucial for minimising risks and meeting regulatory expectations.

Is intent or knowledge required?

No, intent or knowledge from senior management is not required for liability under the failure to prevent fraud offence. This is a strict liability law. This means your business can be prosecuted even if directors and owners were unaware of the fraud, provided there were no adequate procedures in place to prevent it. The law shifts responsibility to the company itself, making prevention and compliance absolutely vital.

When does the law come into force?

The failure to prevent fraud offence is part of the Economic Crime and Corporate Transparency Act 2023. The government has announced that it will come into force once guidance on “adequate procedures” is published, which is expected in 2024. Businesses should act now to prepare and update their anti-fraud measures before enforcement begins.

How MMA Law Can Help

MMA Law supports businesses of all sizes in creating, reviewing, and updating anti-fraud controls. Our team can:

• Audit your existing policies and identify weaknesses
• Draft tailored compliance procedures for your risk profile
• Deliver staff training and board-level briefings
• Advise on practical responses to incidents or regulatory scrutiny

Taking action now to implement robust, well-communicated procedures is the best defence your business can have against prosecution under this tough new law. Contact our Middlesbrough Solicitors Office, or book your free 30 minute legal consultation today.