Failure to Prevent Fraud: Why September 2025 is a Turning Point for Corporate Accountability

In September 2025, a new corporate offence will come into force under the Economic Crime and Corporate Transparency Act 2023: failure to prevent fraud. For many businesses, this will be the most significant fraud-related legal development since the UK Bribery Act.

The government’s recently published guidance sets out what “reasonable procedures” might look like. But make no mistake: this is not a box-ticking exercise. The offence fundamentally reshapes how boards, senior leaders, and compliance teams must think about fraud risk — both within their own operations and across supply chains.

What’s changing?

From 1 September 2025, large organisations (defined as meeting two of the following: 250+ employees, £36m+ turnover, £18m+ in assets) can be held criminally liable where:

1. An employee, agent, subsidiary, or other “associated person” commits fraud.

2. The fraud is intended to benefit the organisation or its clients.

3. The organisation did not have reasonable prevention procedures in place.

   
   

Notably:

• The benefit does not need to be realised. Intent alone is enough.

• The offence has extraterritorial reach: overseas firms can be prosecuted if UK victims are targeted.

• Liability extends beyond “classic” financial crime — mis-selling, greenwashing, and false statements could all fall within scope.

Why it matters

The law is designed to push organisations away from passive compliance and into active prevention. The government itself acknowledges this should drive a “major shift in corporate culture”.

For corporates, the risks go beyond fines:

• Reputational damage from a criminal conviction.

• Contractual risks, as counterparties may demand assurances that prevention procedures are in place.

• Regulatory overlaps, as activity previously dealt with under FCA or ASA scrutiny could now be treated as fraud.

Six principles for fraud prevention

The guidance is deliberately flexible, but six core principles stand out:

1. Top-level commitment – Boards must set the tone that fraud prevention outweighs short-term profit.

2. Risk assessment – Static assessments won’t do. Fraud risk must be reassessed regularly and embedded across business lines.

3. Proportionate prevention procedures – A single, generic fraud policy will not meet the threshold; procedures must be tailored to sector, structure, and geography.

4. Due diligence – M&A, supplier onboarding, and third-party partnerships now require enhanced scrutiny.

5. Communication & training – Staff, contractors, and partners must understand fraud risks relevant to their role.

6. Monitoring & review – Procedures must evolve. What is “reasonable” in 2025 will not be the same in 2027.

   
   

The practical challenges ahead

• Third-party oversight – multinationals must map and monitor sprawling supplier and partner networks.

• Global consistency – aligning fraud controls across jurisdictions with different legal frameworks.

• Documentation – having procedures is not enough; firms must be able to evidence their design, implementation, and effectiveness.

• Broader risk lens – conduct previously dismissed as “regulatory” must now be escalated to potential fraud.

What should firms do now?

With less than a year until go-live, time is short. The most effective organisations will:

• Run an urgent fraud risk assessment across all entities and jurisdictions.

• Review policies and procedures to ensure they meet the “reasonable procedures” test.

• Engage third parties, updating contracts to include fraud-prevention obligations.

• Educate boards and senior management, ensuring top-level commitment is visible and consistent.

• Build audit trails, documenting not just what procedures exist but how they are tested and improved.

Final thought

This offence is not about catching out “bad actors” alone — it is about reshaping corporate behaviour. Firms that wait until regulators knock on the door will find themselves on the back foot. Those that act now — embedding fraud prevention into governance, culture, and operations — will not only reduce liability risk but strengthen trust with clients, regulators, and counterparties.

At K2, we help organisations translate principles into practice — from risk assessments to third-party due diligence frameworks and fraud governance reviews. September 2025 will be a watershed moment. The question for boards is whether they are preparing for it as such.