The new ‘failure to prevent fraud’ offence came into force on 1 September 2025. Hailed as the most significant shift in corporate fraud legislation since the Bribery Act, it places direct responsibility on organisations to stop fraud before it happens. For UK businesses, this means urgent action is needed to ensure compliance, avoid prosecution, and protect reputation. Join us as we explore what the legislation entails, why it matters, and how your organisation can prepare.
Understanding the New Failure to Prevent Fraud Offence
What the offence is and when it applies
The ‘failure to prevent fraud’ offence is part of the UK government’s broader crackdown on economic crime. It makes large organisations criminally liable if an employee, agent, or associated third party commits fraud for the company’s benefit, and the business did not have adequate procedures in place to prevent it. Put simply, it’s not enough to react after the fact. Businesses must demonstrate they have taken proactive measures to prevent fraud across their operations.
The scope of organisations affected (large firms and their supply chains)
The legislation applies directly to large businesses meeting at least two of these criteria:- More than 250 employees
- Over £36 million in turnover
- Holding assets worth more than £18 million
How it links to the Economic Crime and Corporate Transparency Act (ECCTA)
The new offence sits within the Economic Crime and Corporate Transparency Act. The Act strengthens corporate accountability, reflecting the fact that fraud now represents a significant share of UK crime. As part of the economic crime and corporate transparency act, organisations must be able to show they have robust procedures in place or face severe consequences.
Why This Matters for UK Businesses
Fraud now accounts for 40% of all UK crime
Fraud has become the most common crime type in the UK. With one fraud filed into the Cifas database every two minutes, organisations of every size and sector are at risk. It’s not just about financial loss; reputational damage and regulatory penalties can follow.
The risks for boards, CFOs and senior managers
Senior leaders cannot afford to treat this as a box-ticking exercise. Under the corporate fraud offence, responsibility sits with those charged with governance. CFOs, risk officers, and boards must lead the charge on compliance. The Serious Fraud Office (SFO) has already indicated it will pursue early prosecutions to set legal precedent.
The cultural shift needed: from policy to proactive prevention
This situation is a “perfect storm” of digitisation, disconnection, and desperation. To combat it, businesses must go beyond static policies. Fraud awareness, accountability, and empowered reporting must become part of organisational culture.
What Reasonable Procedures Actually Look Like
The six pillars
To defend against prosecution, firms must show they avoided ‘failure to prevent fraud’ with reasonable procedures in place. These typically include:- Risk assessment: A whole-organisation view of fraud vulnerabilities.
- Commitment: Clear tone from the top; leadership prioritising fraud prevention.
- Due diligence: Vetting of suppliers, partners, and staff.
- Monitoring & review: Regular checks and audits of fraud controls.
- Communication: Clear, accessible policies communicated across teams.
- Training: Regular awareness and practical education for all staff.
Building a fraud-aware culture (not just buying tech)
Technology plays a role in detection, but culture is the foundation. A fraud-aware workforce that feels safe to speak up is critical. As experts note, culture will “eat controls for breakfast” if organisations fail to take it seriously.
Embedding fraud prevention into everyday processes
Fraud prevention must be embedded across core processes: procurement, payments, supplier onboarding, and reporting. This ensures that controls are not just policy documents but live safeguards in daily operations.
How to Get Your Organisation Ready
Assessing your exposure and mapping risks across the supply chain
A structured fraud risk assessment is the first step. Map fraud vulnerabilities across business units, subsidiaries, and suppliers. This helps identify weak links, especially in outsourced or regional operations.
Strengthening internal controls in payments and procurement
Payment fraud remains one of the most common threats. Strengthening controls in financial systems is essential to reduce corporate payment fraud. Automated payment screening and embedded account name verification, sanctions checks, and approval workflows can significantly reduce exposure.
Documenting and auditing your actions to prove compliance
If the SFO investigates, it will not be satisfied with a nicely worded policy. Leaders must be ready to show risk assessments, training logs, and decision audit trails. Being able to prove financial fraud prevention and detection actions have been considered carefully and taken place is your best defence.
Common Pitfalls and Misconceptions
Thinking this is just a finance or fraud team issue
Fraud prevention is not just the responsibility of finance or compliance teams. It’s an organisation-wide issue that touches procurement, HR, IT, and operations.
Assuming policies alone are enough
Policies and procedures are not sufficient if they are not embedded. A policy sitting on a shelf does not equate to prevention of financial fraud.
Neglecting training and cultural change
Firms often invest in technology but overlook training. Yet, fraud prevention in financial institutions depends as much on people as on systems. Staff awareness training and leadership buy-in are non-negotiable.
Support Available to Help You Comply
How Cifas can help
Cifas provides tailored training through its Academy, including foundation-level courses and advanced professional qualifications. Their insider threat database also helps identify bad actors before they pose a risk.
Using due diligence tools and analytics to monitor risks
Analytics and screening tools support financial crime and fraud prevention by monitoring payments and identifying suspicious activity. These tools are most effective when combined with strong governance and culture.
Where to find further guidance
Businesses can consult the ‘failure to prevent fraud’ offence guidance published alongside the legislation, as well as practical resources from organisations like AccessPay and Cifas. These provide templates, training resources, and implementation strategies.
Key Takeaways for Leaders
- The UK’s ‘failure to prevent fraud’ offence is a boardroom issue, not just operational.
- Culture change is essential, policies alone will not protect you.
- Early preparation reduces the risk of prosecution and reputational damage.
- Fraud prevention is as much about people as it is about systems.
Next Steps
- Review and refresh your organisation’s fraud risk assessments.
- Launch training programmes and ensure senior leadership sets the tone.
- Implement due diligence, monitoring, and communication measures.
- Strengthen payment processes to protect against corporate financial fraud and fraud prevention in financial services.
- Document and audit all procedures to demonstrate compliance with the new ‘failure to prevent fraud’ offence.
