The Economic Crime and Corporate Transparency Act 2023 (ECCTA) introduce a significant new corporate offence: Failure to Prevent Fraud. Effective from 1 September 2025, this legislation has major implications for large UK businesses and organisations with a UK connection.
As scrutiny around fraud risk management intensifies, businesses are expected to take proactive steps to demonstrate strong prevention and governance practices. Understanding the new offence - and how to prepare for it - is essential.
Understanding the offence
Under the ECCTA, a large organisation can be held criminally liable if someone associated with it, such as an employee, agent, or subsidiary, commits a fraud offence for the organisation’s benefit and the organisation did not have reasonable procedures in place to prevent it.
This is a strict liability offence, meaning there is no need to prove intent or awareness by senior management. The only defence is being able to show that reasonable fraud prevention procedures were established and effectively implemented.
Who Is affected?
The offence applies to organisations meeting two out of three of the following criteria:
- more than 250 employees
- more than £36 million turnover
- more than £18 million in total assets
This scope covers UK companies and overseas entities with a UK connection. Many audit clients - particularly groups and listed entities - will be within range.
Why it matters
The new offence raises the bar for corporate accountability. Businesses will face greater scrutiny from auditors, regulators and investors on how they manage fraud risk. Boards and leadership teams must ensure that fraud prevention is not only discussed but actively embedded into governance and control frameworks.
A conviction could lead to unlimited fines, significant reputational damage, and broader regulatory consequences. Importantly, liability can also arise from fraudulent acts committed by subsidiaries, employees or agents - even when those acts occur outside the UK.
What we are looking for
As auditors, we are focused on evidence that management has thoroughly assessed fraud risks, implemented appropriate controls, and tested and documented their effectiveness in line with ECCTA requirements. We also review how boards and audit committees oversee these processes and how the business has responded to regulatory expectations. Engaging early with us helps identify potential gaps and demonstrates a proactive approach to compliance.
What counts as fraud
The scope of “fraud” under the ECCTA is deliberately broad. It covers false representation, failure to disclose information, abuse of position, dishonest selling practices, and market manipulation. In other words, it captures a wide range of conduct that could be seen as gaining a dishonest advantage.
What are “reasonable procedures”?
The Home Office has set out six guiding principles for what it considers reasonable procedures: top-level commitment, risk assessment, proportionate procedures, due diligence, communication and training and monitoring and review. These must be practical, tailored to the organisation’s operations and fully documented.
For example, a large manufacturing group may identify that its regional sales teams face higher exposure to fraud risk due to the nature of local markets. In response, the company could implement enhanced customer due diligence, mandatory fraud awareness training for sales managers and regular internal reviews of sales incentives and transactions. By documenting and testing these measures, the organisation can demonstrate it has taken proportionate and reasonable steps to prevent fraud.
Preparing for it
Businesses should begin reviewing their fraud risk frameworks now. This includes reassessing fraud risk exposure, strengthening internal controls, ensuring that whistleblowing mechanisms are effective, and providing targeted training to employees and third parties.
Engaging early with advisors and auditors can help identify potential gaps and demonstrate proactive governance - an important signal to regulators, investors and stakeholders alike.
Conclusion
The ECCTA’s Failure to Prevent Fraud offence represents a fundamental shift in how organisations are expected to manage financial crime risk. It is not just a legal compliance issue but a broader question of corporate integrity and accountability.
By acting now, businesses can reduce exposure, strengthen governance, and build greater trust with those who rely on their integrity - from investors to employees and regulators.
The next step
Please get in touch with Ziqi Zheng for any enquiries regarding the above.
