A new law – that came into effect on 1st September 2025 – will see large companies facing a new criminal offence if they fail to prevent fraud.
From this date, an organisation can be found criminally liable if someone connected to the organisation (e.g. an employee, worker, agent, subsidiary and their employees, or other people who are “associated” with it because they provide services for or on behalf of the organisation) commits fraud (e.g. fraudulent trading, fraud) that is intended to benefit the organisation or any person the organisation provides its services too.
The offence of “failure to prevent fraud” will be committed unless the organisation can show that (at the time the fraud was committed):
- it had reasonable procedures in place to prevent fraud, or
- it was not reasonable in the circumstances for the organisation to have any such procedures in place.
Organisations can still be liable for this offence even if their senior management were unaware that fraud was being committed. Organisations that are found guilty of this offence can be subject to a large, unlimited, fine. Organisations do not actually have to receive any benefit from the fraud for the offence to be committed and the ‘benefit’ can be financial or non-financial.
This new offence only applies to ‘large’ organisations, i.e those that meet two of the following three criteria (in the financial year preceeding the year of the fraud offence):
- their turnover is more than £36 million
- their total balance sheet is more than £18 million
- the organisation has more than 250 employees.
These criteria apply across corporate group structures, and to associated companies outside of the UK.
The UK Government have issued guidance on what ‘reasonable’ procedures are and on other aspects of the legislation which you can read here and here.