11th Aug 2025

New fraud prevention laws: What the September 2025 ‘failure to prevent’ offence means for firms

When the UK’s Economic Crime and Corporate Transparency Act 2023 (ECCTA) was signed into law, it marked a major turning point in the way corporate fraud is tackled. With the new failure to prevent fraud offence coming into force on 1 September 2025, large organisations are facing a serious shift in accountability. This isn’t just another compliance box to tick – it’s a legal obligation that could bring hefty penalties if ignored.

 

Let’s take a look at what the new failure to prevent fraud offence means for your business, how to prepare, and what “reasonable procedures” actually look like in practice.

 

 

The ECCTA in a nutshell

The Economic Crime and Corporate Transparency Act 2023 aims to improve transparency, tackle economic crime, and modernise Companies House. But one of its standout features is the introduction of the failure to prevent fraud offence UK. Under this law, large companies can be held criminally liable if a person associated with them commits certain fraud-related offences for the benefit of the organisation.

 

That’s right: even if the company didn’t directly commit fraud, it can still be prosecuted, unless it can prove it had reasonable procedures in place to prevent it. This significant expansion of corporate criminal liability UK is designed to encourage firms to take fraud prevention more seriously. 

 

Read the official government guidance here. You can also view the full legislation text of the Economic Crime and Corporate Transparency Act 2023 to explore the law in detail.

 

 

Who’s in the firing line?

The failure to prevent fraud offence guidance applies to large organisations, which are defined as meeting at least two out of three of the following criteria:
  • More than 250 employees
  • More than £36 million in turnover
  • More than £18 million in total assets

 

If your business meets those thresholds, this law affects you.

 

It also covers any “associated person” who commits fraud. This could be an employee, agent, subsidiary, or even a contractor – basically, anyone performing services for or on behalf of the organisation. So even if the misconduct occurs in a part of the business you don’t directly oversee, the liability still lands at your door.

 

 

What types of fraud are covered?

The scope is broad. The UK failure to prevent fraud offence covers a range of criminal activities, including:

 

  • Fraud by false representation
  • Fraud by failing to disclose information
  • Fraud by abuse of position
  • Obtaining services dishonestly
  • Participation in a fraudulent business
  • False accounting
  • Cheating the public revenue

 

It’s all outlined in the economic crime and corporate transparency act 2023 summary, and while the list may evolve over time, the direction of travel is clear: regulators want organisations to get proactive.

 

What are reasonable procedures?

The one million pound question: what are the failure to prevent fraud reasonable procedures? While there is no prescriptive government template, the economic crime and corporate transparency act 2023 guidance suggests a risk-based approach. This means that companies should design fraud prevention procedures to suit their size, sector, and risk profile. The following are some principles to follow:

 

1. Conduct a fraud risk assessment

Map out where your weaknesses are. Is your business weakest in procurement? Sales? Cross-border transactions? Identify weak areas before criminals can.

 

2. Update internal controls

Strengthen policies and procedures to plug the gaps. This could mean tightening financial controls, improving segregation of duties, or updating whistleblowing policies.

 

3. Offer targeted training

Train personnel at all levels to recognise what fraud looks like, how to spot it, and how to report it. Make training realistic, not academic.

 

4. Review and monitor

Prevention is not a one-time task. Diarise regular reviews to ensure your systems keep up with your risks.

 

5. Senior buy-in and oversight

The board and senior management must be actively involved. Tone from the top matters.

 

It is not about perfection, but about being active. As long as you can show that you had reasonable steps in place to prevent fraud, you will have a defence under the ECCTA failure to prevent fraud offense.

 

 

What happens if you get it wrong?

If your organisation is found guilty under the failure to prevent fraud offence in force from September 2025, the consequences are serious. Penalties could include:

 

  • Unlimited fines
  • Reputational damage
  • Regulatory sanctions
  • Civil litigation from affected parties

 

And since the offence is criminal in nature, it also comes with the associated stigma and legal complexities. In short: it’s not a risk worth taking.

 

 

How to prepare for September 2025

The countdown is on. If you haven’t already started, now’s the time to act. Here’s how firms can get ahead of the ECCTA requirements:

 

1. Set up a cross-functional task force

Bring together compliance, legal, finance, HR, and IT. Fraud prevention touches every corner of the business.

 

2. Perform a gap analysis

Compare your existing fraud prevention framework against ECCTA expectations. Where are the blind spots?

 

3. Prioritise high-risk areas

Focus resources where they’ll have the biggest impact. You can’t fix everything at once, so target your most vulnerable operations.

 

4. Build or update your training programme

Training should be ongoing, job-specific, and easy to understand. Think short videos, workshops, and real-life case studies.

 

5. Document Everything

If you ever need to prove you had reasonable procedures in place, documentation is key. Keep records of training sessions, audits, policies, and disciplinary actions.

 

 

What AccessPay clients should know

At AccessPay, we understand the burden of increasing regulation. That’s why our platform is designed to help finance and compliance teams embed control, transparency, and automation into their payment processes. Whether you’re managing bulk payments, bank integrations or fraud prevention workflows, we can help reduce risk and strengthen oversight.

 

Explore our fraud and error prevention solutions or book a demo to see how AccessPay can support your compliance strategy.

 

 

Conclusion

The failure to prevent fraud offence UK is a wake-up call for large organisations. It flips the script from reactive to proactive. Instead of waiting for something to go wrong, businesses must now actively guard against fraud and prove they did everything they could to stop it.

 

The good news? There’s still time to get ready. With a sensible plan, cross-functional collaboration, and the right tools, you can build a fraud prevention framework that not only meets the ECCTA requirements but strengthens your organisation for the long term.

 

Need a hand? Get in touch with AccessPay to learn more about how we can help you stay ahead of the economic crime and corporate transparency act 2023 changes.

Request a demo

Related Content

How to strengthen your fraud controls before the September 2025 legislation takes effect

How to strengthen your fraud controls before the September 2025 legislation takes effect

From September 2025, a new legal duty will fall on organisations across the UK, the obligation to pr...

Preparing for the new “Failure to Prevent Fraud” offence

Preparing for the new “Failure to Prevent Fraud” offence

Understanding the New ‘Failure to Prevent Fraud’ Offence: What you ned to know Incoming legislat...

Fraud & Error Prevention in Payments: A Multi-Layered Approach

Webinar

Fraud & Error Prevention in Payments: A Multi-Layered Approach

Fraud & Error Prevention in Payments: A Multi-Layered Approach – Payment Screening, Confir...