Failure to prevent fraud: Getting operationally ready

2 December 2024 | UK & Europe | Articles

The UK Home Office has published guidance on its ‘failure to prevent fraud’ offence, aimed at enhancing corporate accountability in combating fraud. To avoid legal repercussions, firms have until the 1st of September 2025 to get their house in order when it comes to preventing and acting on fraud offences.

Introduced under the Economic Crime and Corporate Transparency Act 2023 (the “Act”), the failure to prevent fraud offence was brought in due to existing corporate liability laws being insufficient to hold companies accountable for failing to prevent economic crimes.

With fraud being the most common crime type in the UK, these measures have been introduced by the UK government as part of a wider initiative to protect potential victims, including those in business. The failure to prevent fraud offence will create criminal liability for companies if fraud is committed by an employee, agent, or others acting on behalf of the company, and if the company has failed to take reasonable steps to prevent it.

Who is in scope?

Legally binding on organisations incorporated or carrying out business in the UK who meet certain criteria, the offence focuses on cases of fraud that benefit the organisation. For example, this might include false accounting, dishonestly obtaining services, and making false representations.

The new offence applies to ‘large organisations’ who meet two out of these three criteria:

• More than 250 employees.
• More than £36 million turnover.
• More than £18 million in total assets.

Organisations found guilty could face unlimited fines, reputational damage, and potential exclusion from public procurement opportunities.

If in scope, you’ll be expected to have robust systems in place to detect, deter, and prevent fraudulent activities.

What is the employer’s defence?

The Act provides a defence to the failure to prevent fraud offence if an organisation can demonstrate that it had “reasonable procedures” in place to prevent fraud.

Formed of six key principles, the Home Office-issued guidance on reasonable fraud prevention procedures expects:

A top-level commitment: there must be effective communication and governance on fraud prevention, with senior management fostering an appropriate anti-fraud culture.

Effective risk assessment processes: the risk assessment process should be dynamic, documented, and continuously under review. It must also be proportionate to the nature, scale, and complexity of your organisation.

Proportionate risk-based prevention procedures: your fraud prevention procedures must be proportionate with the risks identified and include plans to test the effectiveness of your fraud prevention measures.

Due diligence: due diligence checks should be conducted on employees, agents, contractors, and third parties to detect potential risks.

Communication and training: employees must have awareness and understanding of fraud through communication of and training on your business’ fraud prevention policies and procedures.

Monitoring and review: ensure that you monitor, review, and evaluate your fraud detection and prevention procedures, focusing on continual improvement.

A practical implementation

When considering whether existing procedures are sufficiently “adequate”, you need to consider:

• the nature of your business
• the risks specific to the industry you’re operating in
• the size and resources of your organisation.

Application of the principles should be appropriate and proportionate to your risk exposure, whilst being commensurate with your size and services provided. Sectors like financial services, construction, and technology may face higher risks due to the nature of their operations, requiring more rigorous prevention measures.

Although smaller organisations, subject to the conditions above, are within scope, they can tailor their fraud prevention measures based on their size and risk exposure. The proportionality principle protects SMEs from being overburdened by compliance requirements.

The key element in your implementation is to ensure you document your compliance efforts thoroughly.

This means maintaining detailed records of:

• risk assessments
• fraud prevention policies and procedures
• training materials and attendance records
• internal audits and reviews
• actions taken in response to suspected or actual fraud incidents.

This documentation serves as evidence of compliance in the event of regulatory scrutiny or legal challenges.

How Bovill Newgate can help

Our specialist team has extensive anti-fraud experience and works alongside regulators to help clients to review and remediate their financial crime controls.

We offer support in a variety of relevant areas:

• Board and / or senior management advice and support to promote a strong, ethical culture.
• Staff briefings and interview simulations to help prepare your teams for regulatory interaction.
• Risk assessment development and support, including independent benchmarking.
• Tailored training programs for employees and third parties with different roles and responsibilities, focusing on high-risk areas like finance, procurement, and sales.
• Technology and advanced analytics advice and capability to help analyse transaction patterns, flag anomalies, and identify suspicious activities in real time.
• Fraud incident response planning to establish clear escalation processes for fraud-related incidents. This will help ensure a timely response, including investigation support where required.
• External review and audit of key processes and controls. This includes reviewing high-risk areas such as procurement or expense management, to ensure your prevention framework aligns with FCA and regulatory guidance.