As fraudsters deploy ever more sophisticated tactics—from payment and identity theft to targeted cyber scams—organisations face mounting challenges in safeguarding their operations. We examine the new legislation around the failure to prevent fraud and what it means for UK firms.
The Economic Crime and Corporate Transparency Act (ECCTA) 2023 tackles the increased sophistication of fraud head-on by introducing a new corporate offence of “failure to prevent fraud”, coming into force on 1 September 2025.
Under this regime, large UK companies can be held criminally liable if an “associated person” (employee, agent, subsidiary, or similar) commits fraud to benefit the organisation unless the company can demonstrate it had reasonable fraud prevention procedures in place.
A large UK company is defined as one that meets two of the following:
Chapter 3 of the ECCTA guidance lays out six interlocking components of “reasonable” fraud prevention procedures:
Visible endorsement from the board and senior management, embedding anti-fraud responsibilities into governance. Senior management plays a pivotal role by allocating appropriate resources and training as well as modelling ethical behaviour. By fostering an open culture where employees feel empowered to report suspicious activity, leaders ensure that fraud is neither accepted nor concealed at any level of the organisation.
Organisations must continually assess and document their exposure to fraud risks posed by employees, agents, and other “associated persons,” maintaining a dynamic risk assessment that is regularly reviewed. Rather than creating a separate process, firms can extend existing fraud and economic crime assessments to cover offences under the ECCTA.
This dynamic, fraud-specific evaluation helps firms identify areas where they are most vulnerable - for example, payment flows, customer onboarding, and third-party intermediaries - and then quantify the potential impact.
Based on its dynamic risk assessment, the organisation should develop a fraud-prevention plan with measures proportionate both to the likelihood and potential impact of each risk and to the degree of control it can exert over different associated persons (for example, employees versus outsourced contractors).
Any decision to forgo particular controls must be formally documented and periodically reviewed. While existing compliance frameworks - such as financial reporting or health-and-safety processes - can help mitigate related fraud risks, they cannot be assumed to satisfy the “reasonable procedures” requirement under the ECCTA without specific adaptation to address fraud prevention.
An organisation must implement proportionate, risk-based due diligence on all individuals and entities acting for or on its behalf to address its specific fraud exposures. Vetting “associated persons” (especially third parties) before and during engagement, with contractual fraud-prevention clauses where appropriate is particularly important.
While many firms already perform extensive checks for high-risk sectors or transactions, these existing processes must be explicitly tailored to the corporate “failure to prevent fraud” offence. Simply relying on generic due diligence for other risks is insufficient; organisations should clearly define and document fraud-focused vetting procedures to ensure they effectively mitigate the relevant threats.
An effective fraud-prevention framework relies on clear, organisation-wide communication and ongoing training. Senior and middle management should consistently articulate and endorse a zero-tolerance policy - reinforcing it in internal and external messaging - so that everyone providing services for the organisation understands the rules and repercussions of fraudulent conduct.
It might be useful for firms to require fraud-specific training for employees and third parties, ensuring they can spot warning signs, escalate concerns, and follow whistleblowing procedures. Integrating fraud reminders into existing policies (e.g. sales targets) and sharing investigation outcomes and sanctions further embeds awareness and highlights the real consequences of non-compliance.
The organisation should continuously monitor and review its fraud detection and prevention procedures - drawing on insights from investigations, whistleblowing incidents, and sector-wide developments - to identify weaknesses and implement targeted improvements. This ensures that controls evolve in line with emerging risks and best practices.
A robust fraud risk assessment is the cornerstone of compliance. It forces organisations to pinpoint:
Without an up-to-date assessment, procedures become stale - document dust on a shelf rather than a living defence.
Advanced analytics and AI can supercharge your financial crime and fraud-detection functions. Machine-learning models (like HSBC’s risk-advisory tool) adapt to novel fraud patterns, reducing false positives and freeing up investigators. However, keep in mind:
Too often, anti-fraud training and policy attestation are “sheep-dip” exercises—one-size-fits-all e-learning modules and generic memos that employees ignore. To make procedures stick:
The ECCTA requires “reasonable measures” in both controls and training. Effective programmes:
Culture isn’t just boardroom rhetoric. During onboarding, assess cultural fit - and remind long-standing staff that fraud is a crime, not a commercial quirk. As “fraud-as-a-service” tools proliferate on the dark web, and insider fraud grows more prevalent, no organisation can afford complacency. Embedding a culture of awareness can be the difference between a firm falling victim to fraud and standing up against it.
With fraud accounting for nearly 40% of all crime in England and Wales, ECCTA’s “failure to prevent fraud” offence represents a watershed moment. Companies must act now - review risk assessments, refresh training, harness technology responsibly and, above all, cultivate a culture that treats every employee as a vital gatekeeper in the fight against financial crime.
We’ve created a comprehensive AML & CTF roadmap to help you navigate the compliance landscape, supported by several financial crime prevention courses in our Essentials Library.
We also have additional free resources such as e-learning modules, microlearning modules, and more.
Explore our collection