What the Failure to Prevent Fraud Offence means for UK businesses

What the Failure to Prevent Fraud Offence means for UK businesses

21 April 2025 Consultancy.uk
What the Failure to Prevent Fraud Offence means for UK businesses

From September 2025, the new Failure to Prevent Fraud Offence will require large companies to show a top-level commitment to fraud prevention. Toby Thomas and Mario Levin of S-RM explore the implications of the legislation, and the practical steps firms can take to ensure effective compliance ahead of the deadline.

The Failure to Prevent Fraud offence (FPF) marks a significant regulatory shift for the companies that fall within its scope. Forming part of the Economic Crime and Corporate Transparency Act (ECCTA), it has been compared to the UK Bribery Act in terms of reach and compliance burden. In fact, its reach extends further than this. The legislation takes an expansive view of what constitutes a UK footprint and is one of the most significant pieces of anti-fraud legislation in decades.

The FPF applies to organisations – including corporates and partnerships - that meet two of the following criteria: more than 250 employees, more than £36 million turnover or more than £18 million in total assets.

Businesses that fall under its remit must demonstrate a clear and robust commitment to preventing fraud, necessitating a thorough review of existing safeguards and corrective action where needed. This includes, but is not limited to, conducting comprehensive risk assessments, implementing risk-based prevention measures and carrying out due diligence on associated persons. At its core, the FPF aims to improve corporate transparency and increase liability for fraudulent activities.

The core impact

Companies should already have robust safeguards against fraudulent activity as part of standard best practices. However, the new legislation mandates that incorporated companies demonstrate a proactive and tangible approach to fraud prevention. But what does this mean?

In simple terms, organisations must implement a comprehensive strategy to identify, safeguard against and report fraudulent activities, introducing new or revised prevention measures where necessary. It shouldn’t be taken lightly by decision makers, with non-compliance penalties under the FPF reaching up to 10% of global turnover.

The burden of proof is now very much on companies to demonstrate they have done everything they can to prevent fraud, where previously it was on prosecutors. The changes reflect a broader trend towards holding corporations more accountable for economic crimes.

A critical aspect of the legislation is the requirement for companies to conduct due diligence on associated persons. The ECCTA’s definition of associated persons extends liability to fraud committed by employees, agents, subsidiaries, and any third party performing services for the organisation, provided there is intent to benefit the company or its clients.

This notably extends beyond the principle of limiting corporate liability to the small group of individuals closely associated with an organisation’s decision making, such as board members and managing directors.

When onboarding agents, suppliers or other third-parties acting “on their behalf”, will be expected to include historical fraud exposure in their due diligence. Scrutinising records for past incidents of fraud, regulatory infractions, and criminal charges is key to demonstrating compliance with the FPF.

While smaller firms and acquisition targets may fall outside the official scope of the FPF, this doesn’t remove the risk they pose for firms under the regulatory microscope. Many of these smaller firms use weaker fraud prevention measures, which will be expected in bigger organisations, and would therefore need to be thoroughly vetted by those bound by the FPF.

Of course, the concept of due diligence is not new – and businesses are already reviewing their counterparts as part of compliance with anti-bribery, corruption and ESG requirements; but the added focus on fraud will slightly adjust the emphasis and focus of such due diligence.

Preparing for compliance: Key steps

With September approaching, many businesses have already begun acting to ensure compliance with the new legislation. Several critical steps will help establish a robust compliance framework.

As a first step, businesses should conduct a tailored fraud risk assessment to identify areas of vulnerability, considering risks posed by employees, subsidiaries, agents and third parties acting on their behalf.

Using the risk assessment results, organisations must prioritise improving existing compliance frameworks. This could be updating anti-bribery, anti-money laundering and governing policies to explicitly address fraud. Internal audits and enhanced internal controls will ensure that proportionate risk-based procedures exist across the organisation.

The work doesn’t stop here. Affected companies must ensure that their teams understand and adhere to fraud prevention measures. Consistent and targeted training promotes awareness of fraud risks and compliance responsibilities at the individual level.

Businesses will also be expected to continuously assess the effectiveness of their fraud prevention measures to maintain ongoing compliance with the legislation. By adopting a comprehensive approach to fraud prevention, organisations can mitigate risk and foster a culture of ethical business practices, demonstrating implementation of the “reasonable prevention procedures” clause referenced in the ECCTA.

The FPF represents a major shift in corporate responsibility, placing the onus on businesses to prevent fraud or face serious consequences. Prosecutors are expected to take firm action against those without robust prevention measures, making inaction a costly risk. A key challenge is the expanded liability for associated persons, adding complexity and potential exposure that may require additional resources or external support. However, by acting early, organisations can not only ensure compliance but also enhance their integrity and governance—turning this regulatory change into an opportunity for more transparent operations and better public image.

More on: S-RM
United Kingdom
Company profile
S-RM
S-RM is not a United Kingdom partner of Consultancy.org
Partnership information »
Partnership information

Consultancy.org works with three partnership levels: Local, Regional and Global.

S-RM is a not a partner of Consultancy.org.

Upgrade or more information? Get in touch with our team for details.

Send
Two-thirds of digital and telecoms deals collapsing due to cyber risk
United Kingdom
Two-thirds of digital and telecoms deals collapsing due to cyber risk While digital and telecommunications infrastructure is said to have become essential to the economic success of whole industries, a large number of deals in the space are falling through – with a num
01 April 2026
Why traditional due diligence models are struggling to keep up with scale
United Kingdom
Why traditional due diligence models are struggling to keep up with scale AI is rapidly making its way into the world of due diligence – including in the risks landscape.
24 March 2026
Half of investors see energy and environment deals collapse amid sustainability risks
United Kingdom
Half of investors see energy and environment deals collapse amid sustainability risks With marked policy shifts and regulatory uncertainty impacting the energy and environment sectors, many deals have fallen through – particularly when pertaining to sustainability companies.
18 December 2025
S-RM appoints Casey O’Brien as global head of incident response
United Kingdom
S-RM appoints Casey O’Brien as global head of incident response Global intelligence and cyber security consultancy S-RM has promoted Casey O’Brien to global head of incident response.
28 November 2025
S-RM expands US investigations team with hiring of Yannine Robledo
United States
S-RM expands US investigations team with hiring of Yannine Robledo S-RM, a London-headquartered corporate intelligence and cybersecurity consulting firm, has hired Yannine Robledo as a New York-based director in its disputes and investigations practice.
20 November 2025
Biggest companies most at risk from new hacking collectives
United Kingdom
Biggest companies most at risk from new hacking collectives With a spree of cyber-attacks wrong-footing large companies around the world, firms need to take stock of their cyber-defences.
22 September 2025
5 steps to strengthen cyber defences against third-party risk
United Kingdom
5 steps to strengthen cyber defences against third-party risk Following a wave of high-profile cyber-attacks on major UK retailers including M&S, Co-op and Harrods, cyber security experts from around the country are urging companies to tighten supply chain secu
26 May 2025
Ana Pereu joins S-RM to help lead UK disputes and investigations practice
United Kingdom
Ana Pereu joins S-RM to help lead UK disputes and investigations practice Leading global intelligence and cyber security consultancy S-RM has appointed of Ana Pereu as an associate director.
14 January 2025

Fraud news

More Fraud

Risk & Compliance news

Risk & Compliance consulting firms Risk & Compliance consulting services