The Economic Crime and Corporate Transparency Act 2023 (the Act) created the new corporate criminal offence of ‘failure to prevent fraud’ and encourages organisations to build an anti-fraud culture.
Under the offence, an organisation may be criminally liable where an employee, agent, subsidiary, or other ‘associated person’, commits a fraud intending to benefit the organisation and the organisation did not have reasonable fraud prevention procedures in place.
In certain circumstances, the offence will also apply where the fraud offence is committed with the intention of benefitting a client of the organisation. It does not need to be demonstrated that directors or senior managers ordered or knew about the fraud.
Who must comply?
The offence applies to large, incorporated bodies and partnerships across all sectors of the economy. This includes, but is not limited to incorporation by:
- the Companies Act 2006;
- Royal Charter;
- statute (for example NHS Trusts);
- the Limited Liability Partnerships Act 2000; and
- the Co-operative and Community Benefit Societies Act 2014.
The offence also applies to partnerships which are not bodies corporate (including Scottish partnerships and Limited Partnerships formed under the Limited Partnerships Act 1907). Unincorporated organisations (other than partnerships) are not in scope.
A ‘large organisation’ is defined in section 201 of the Act as meeting two or three out of the following criteria:
- more than 250 employees;
- more than £36 million turnover;
- more than £18 million in total assets.
These criteria apply to the whole organisation, including subsidiaries, regardless of where the organisation is headquartered or where its subsidiaries are located.
Who are 'persons associated'?
An employee, an agent or a subsidiary of the relevant body is automatically an ‘associated person’ for the purposes of this offence. A person who provides services for or on behalf of the relevant body is also an associated person while they are providing those services.
The term ‘providing services’ does not include providing goods. It is also important to note that ‘providing services for or on behalf of the relevant body’ does not include providing services to the relevant body. Thus, persons providing services to an organisation (for example, external lawyers, valuers, accountants or engineers) are not acting ‘for or on behalf’ of the organisation.
Small organisations should be aware that they may be ‘associated persons’ while they provide services for or on behalf of large organisations, even if they form part of a larger supply chain and do not contract directly with the relevant organisation.
The person who committed the fraud may be prosecuted individually for that fraud, while the organisation may be prosecuted for failing to prevent it
Reasonable fraud prevention measures
In the event of prosecution, an organisation would have to demonstrate to the court that it had reasonable fraud prevention measures in place at the time that the fraud was committed.
Public sector organisations are already required to implement the recommendations of the Public Sector Fraud Authority and the government counter-fraud profession. However, new Guidance issued by the Home Office also recommends that organisations:
- Demonstrate top-level commitment at Board level - fostering a culture in which fraud is never acceptable and should reject profit based on, or assisted by, fraud.
- Implement risk assessments that are dynamic, documented and kept under regular review.
- Draw up a fraud prevention plan - with procedures that are proportionate to the fraud risks and to the nature, scale and complexity of the organisation’s activities.
- Conduct due diligence on associated persons (including new partners) - using technical screening tools, carrying out contract reviews and monitoring of well-being of staff and agents to identify persons who may be more likely to commit fraud because of stress, targets or workload.
- Ensure awareness and understanding of policies amongst those who provide services for or on behalf of the organisation - through effective communication and training.
- Learn from investigations and whistleblowing incidents - to review and update their fraud detection and prevention procedures.
The full Guidance is available here and has been developed with input from the Crown Prosecution Service (CPS), Serious Fraud Office (SFO), HM Treasury, HMRC, Ministry of Justice, Cabinet Office, Attorney General’s Office and Financial Conduct Authority (FCA).
The offence will come into effect on 1 September 2025, to allow organisations to develop and implement their fraud prevention procedures. For support with developing, implementing or improving your fraud prevention procedures, please contact a member of the team.