The UK Home Office has released guidance on the offence of failure to prevent fraud, as introduced by the Economic Crime and Corporate Transparency Act 2023.
This legislation is set to come into effect on September 1, 2025, and marks a significant shift in corporate accountability for fraud prevention. The guidance, published in November 2024, outlines the scope and requirements of the new offence, which applies to large organizations across all sectors of the UK economy.
The offence sits alongside existing law. So, the person who committed the fraud can be prosecuted individually for that fraud, while an organization may be prosecuted for failing to prevent it.
The offence of “failure to prevent fraud” applies to “large organizations”. These are defined as those meeting at least two of the following criteria:
These criteria apply to an entire organization, including any subsidiaries, regardless of their location.
The new legislation places a particular responsibility on large organizations to have robust fraud prevention measures in place—termed "reasonable procedures".
The guidance also emphasizes the importance of a risk-based approach to fraud prevention, tailored to each organization's specific circumstances.
There are 6 key elements outline for reasonable fraud prevention procedures, which include:
These requirements may mean businesses need to reconsider how they assess risk, and receive and process fraud-related risk alerts. For example, in relation to new fraud scams or different types of fraud, firms may need to consider how they are identified, managed, and reported. Businesses may also want to consider how they manage resources to help both automate and process fraud prevention activity.
The UK offence of failure to prevent fraud covers a wide range of fraud offences, including those under the Fraud Act 2006, as well as common law offences such as cheating the public revenue.
Importantly, the guidance clarifies that an organization can be held liable for fraud committed by an “associated person”. These people can include employees, agents, subsidiaries, or those providing services for or on behalf of an organization (if the fraud was intended to benefit the organization or its clients).
These changes broaden the scope of fraud-related accountability and exposure, which may require businesses to re-examine their fraud prevention strategies, internal controls, and also to conduct risk monitoring across a third-party network.
One important aspect of the guidance issued was the emphasis on supply chains and third-party risk management. While companies within an organization's supply chain are not automatically considered “associated persons”, they may fall under this category if providing services for or on behalf of the organization. This means large organizations should carefully consider their relationships with suppliers and service providers and have appropriate due diligence and monitoring procedures in place as part of their anti-fraud strategy.
In the UK guidance, due diligence is advised with regards to all associated persons, including new partners, using appropriate technology such as third-party risk management tools, screening tools, and internet searches.
Also within the guidance is information related to monitoring the wellbeing of staff and agents to identify persons who may be more likely to commit fraud due to stress, targets, or workload.
In the context of mergers and acquisitions, the guidance recommends conducting due diligence using third-party merger and acquisition tools, assessing any relevant criminal or regulatory charges, reviewing tax documentation, evaluating the firm's exposure to risk and assessing the firm's fraud detection and prevention measures.
Given the scope of the task to monitor fraudulent activities, organizations may also consider Artificial Intelligence and Machine Learning to process large amounts of data and detect patterns of suspicious activity. AI-led solutions can also help in the reduction of false positives, which may hamper fraud investigations.
The new UK guidance on failure to prevent fraud is a significant development in corporate accountability. The guidance places a clear responsibility on large organizations to take proactive steps in preventing fraud and mitigating risk, not only within their own operations but also among associations across a third-party network.
While the requirements may seem daunting, they also present an opportunity for organizations to strengthen their risk management, compliance, and anti-money laundering processes. By implementing robust fraud prevention measures, financial institutions and corporates can comply with the new legislation and better protect their customers, their reputation, and financial integrity.
With ongoing reports of ransomware and cybersecurity threats, phishing attacks, identity theft, and financial losses associated with new and merging types of fraud, this guidance provides a framework for organizations to develop and enhance procedures, emphasizing the importance of a risk-based approach and real-time monitoring and review.
In holding organizations accountable for fraud committed by associated persons, the legislation could create a significant shift in corporate culture. As organizations adapt to these requirements, the landscape of financial and corporate risk management in the UK is likely to alter, with the potential to influence new standards in fraud prevention more widely.
As of September 1, 2025, organizations will have needed to act in order to review and, if necessary, adapt their fraud risk assessment and prevention procedures. Making use of advanced risk management tools and conducting thorough due diligence is a key consideration for meeting these regulatory expectations and contributing to a culture of integrity and accountability.
Please access our eBook on the Failure to Prevent Fraud offence for more information on this topic.
You can also download this paper featuring input from the fraud prevention team at ING Bank, as well as the UK National Crime Agency and HMRC. The paper is called the Best Practices of the Best Fraud Prevention Teams and is available for download now.
Moody's offers a range of solutions designed to support Fraud risk management. These include our Shell Company Indicator, which can aid in identifying potentially fraudulent entities within an organization's business network.
To support thorough due diligence, Moody's also provides solutions to automate onboarding checks, conduct Entity Verification, and support ongoing risk monitoring, integrated with our extensive risk-relevant datasets on individuals and entities globally.
For enhanced risk monitoring and review that can form part of an anti-financial crime framework, Moody's has developed advanced, AI-driven adverse media screening that can help organizations identify changing risk flags associated with business partners, customers, or suppliers.
For help and support in automating due diligence activities and ongoing risk monitoring activities, please get in touch with the Moody's team—we would love to hear from you.