Failure to Prevent Fraud Act: What Clients need to know

The new corporate offence of Failure to Prevent Fraud, introduced under the Economic Crime and Corporate Transparency Act 2023, marks a significant shift in corporate liability for businesses in the UK. From 1 September 2025, large organisations can be held criminally liable if an associated person (employee, agent, subsidiary) commits fraud intending to benefit the organisation — unless the organisation can demonstrate it had reasonable fraud prevention procedures in place. The goal is to encourage a higher level of corporate governance within the workplace by having proper safeguards in place.

Who is in scope?

Organisations are in scope if they meet two out of the three criteria below

•  > 250 employees
•  > £36m in annual turnover
•  > £18m in total assets

This applies to:

• Companies, partnerships, and corporate bodies.
• UK and non-UK entities with a UK nexus – i.e. if any part of the fraud occurred In the UK or the intended gain/loss was UK-based.

Smaller organisations are not legally required to comply with the FTPF offence. However, the Home Office guidance encourages them to adopt the same principles as best practice, especially if they operate in high-risk sectors or have complex supply chains

What should clients be thinking about?

Clients — those meeting the thresholds of at least two of the following: £36M turnover, £18M in assets, or 250+ employees — must now:

• Conduct thorough fraud risk assessments across all business units.
• Implement proportionate, risk-based procedures tailored to their operations.
• Ensure top-level commitment to anti-fraud culture.
• Train staff and communicate policies clearly and consistently.
• Monitor and review fraud controls regularly.
• Ensure they have adequate insurance in place.

This isn’t just about ticking boxes, it’s about embedding fraud prevention into the organisation’s DNA, becoming an important part of their culture. Leadership behaviours can directly influence how policies and procedures are adopted and embedded throughout the organisation..

Directors’ duties and Diligence

Whilst there is no personal liability imposed on directors, it raises the bar further in terms of governance expectations and failure may be seen as a breach of duties under the Companies’ Act 2006 (e.g. their duty to exercise reasonable care and skill): board minutes, internal documentation and whistleblower policies will become evidentiary tools.

The Underwriter Lens: Just some of the areas we are considering

Governance & Culture

• Is there board level oversight of fraud risk?
• Are the directors trained and engaged in fraud prevention?
• How do they vet and monitor associated persons?

Procedures and Control

• Has the client conducted a fraud risk assessment recently, how are they addressing and monitoring those higher risk categories?
• Is there a whistleblowing mechanism in place?

This new offence is more than a legal change – it’s a cultural shift that companies may wish to adopt to avoid liability.  Claims under Side A, B and C of D&O policies are expected to increase due to costs associated with regulatory investigations such as those brought by the Serious Fraud Office (SFO), criminal prosecutions leading to reputational damage and shareholder actions. Regulators, business partners and investors may be reassured that your company takes governance serious through proactive and transparent behaviours, by boards and leadership.