A major shake-up in corporate crime law has now taken effect, placing large businesses at risk of prosecution if they fail to prevent fraud by employees or others acting on their behalf – even if senior managers knew nothing about the wrongdoing.
The new corporate offence of ‘failure to prevent fraud’ came into force on 1 September 2025, as part of the Economic Crime and Corporate Transparency Act 2023. It aims to plug gaps in accountability that have allowed companies to distance themselves from fraud committed by individuals within or connected to the business.
Under the new offence, a company can be held liable if a person associated with it – such as an employee, agent, or subsidiary – commits a fraud intending to benefit the company or one of its clients. The benefit can be indirect or incidental and there’s no need to prove senior executives were aware or involved.
For example, an independent agent might exaggerate details in a prospectus to attract investor funding, enhancing their own sales figures but also boosting the company’s income. Or an employee might falsify invoices to disguise unauthorised spending, believing it protects the company’s image or financial performance. Even where there’s an element of self-interest, if part of the motivation was to benefit the business, the company may still be liable.
While the new rules apply only to large organisations, smaller businesses may still feel the effects, particularly if they perform outsourced services for or on behalf of those organisations. This could mean tighter due diligence or the introduction of new contractual compliance clauses.
External firms that supply goods or provide services to a company, rather than on its behalf, are not classed as associated persons under the legislation. However, they may still be affected by tougher supply chain controls and should be ready to demonstrate their own anti-fraud processes, according to corporate crime experts.
The new law is part of the Government’s broader strategy to crack down on corporate financial crime, and enforcement is expected to ramp up quickly. Serious Fraud Office Director Nick Ephgrave has already warned companies to “get their houses in order” or risk investigation.
Many organisations already have anti-fraud procedures to protect themselves from being defrauded, but that may not be enough. This new law flips the focus and it’s about whether you had systems in place to prevent fraud against others by someone associated with your company. If not, you could be criminally liable.
The offence applies to any large organisation, defined as one that meets at least two of three thresholds: over 250 employees, £36 million turnover, or £18 million in assets. It covers a wide range of fraud offences, including:
- Fraud by false representation, failure to disclose, or abuse of position
- False accounting or misleading company statements
- Fraudulent trading or obtaining services dishonestly
- Cheating on any taxes and duties levied by HMRC
Conviction can result in unlimited fines, reputational damage, and restrictions on bidding for public contracts. The only statutory defence is if the organisation had ‘reasonable procedures’ in place to prevent fraud, or if the nature of the business means it was not reasonable to expect procedures.
The Government’s guidance outlines six key areas that companies should address, including top-level commitment from leadership combined with risk assessments and prevention procedures, combined with regular communication and training.
These align with best practice from similar regimes, such as the Bribery Act, but companies need to dig deeper to ensure processes are genuinely fit for purpose in their specific context.
That’s because following the guidance isn’t a guaranteed defence – courts will still assess whether a company’s procedures were reasonable based on its own circumstances and risk profile. So don’t wait for a fraud to happen or for a regulator to knock – if you’re in scope, prevention is your legal responsibility. And while smaller companies will not be subject to the legislation, if you provide services to a large organisation, you should expect demands for stricter fraud prevention safeguards. We recommend all businesses review their fraud risk and training, regardless of size.
To speak with us about any aspect of Commercial & Corporate law please call 01483 887766, email info@hartbrown.co.uk or start a live chat today.
*This is not legal advice; it is intended to provide information of general interest about current legal issues.
