This new regulation means large organisations and their subsidiaries could face criminal charges if anyone associated with them commits fraud that benefits the organisation or its clients.
-
#1 The law applies to large organisations and their subsidiaries
The Failure to Prevent Fraud offence specifically targets large organisations, but its reach is extensive. To be classified as a "large organisation," a company must meet at least two out of the following three criteria:
- Employ more than 250 staff members
- Generate an annual turnover exceeding £36 million
- Hold assets totalling more than £18 million on its balance sheet
Importantly, even if a subsidiary does not meet these thresholds itself, it can still be caught under the law if its parent company does. Therefore, group structures must assess the risk across all their entities, not just the parent.
-
#2 Definition of Offence: underlying fraud committed by associated parties
For an organisation to be prosecuted under this law, an underlying fraud offence must have been committed by a person "associated" with the organisation. Employees, agents, subsidiaries, and any individual or entity providing services for or on behalf of the organisation fall within this definition. Fraud offences include, but are not limited to, false accounting, misrepresentation, or failing to disclose crucial information. Examples range from artificially inflating profits in financial reports to submitting false data to regulatory bodies such as the Environmental Agency. Organisations must therefore exercise vigilance not only within their internal workforce but also throughout their extended network of business partners and service providers.
-
#3 Very broad territorial scope
The jurisdictional reach of the Failure to Prevent Fraud offence is broad. A UK connection (or "nexus") triggers liability, regardless of where the organisation is incorporated. This means that if any aspect of the fraudulent act occurs in the UK, or if the financial gain or loss is realised within the UK, the law applies. As a result, multinational companies with even limited UK operations, such as Dutch companies with a UK branch or UK clients, are at risk and should take the law seriously.
-
#4 Penalties: Fines and potential reputational impact
The stakes for non-compliance are high. Companies found guilty of failing to prevent fraud face unlimited fines. Beyond financial penalties, there is a significant risk of reputational harm, which can damage relationships with clients, regulators, and the wider public. The negative publicity associated with a conviction could prove far more costly in the long run than any direct monetary sanction.
-
#5 Organisational defence: Reasonable prevention procedures
The only defence available to organisations is to demonstrate that they had procedures in place to prevent fraud. These procedures must reflect core principles, including:
- Top-level commitment
- Risk assessments
- Proportionate risk-based prevention procedures
- Due diligence
- Communication (including training)
- Monitoring and review
Many organisations may already have some form of fraud prevention policy; however, these should now be reviewed and enhanced to ensure they specifically address the requirements and risks outlined by the new offence.
Act now: Safeguard your business against fraud risks
With the introduction of the Failure to Prevent Fraud offence, it is imperative for all large organisations and their subsidiaries with UK links to scrutinise and upgrade their anti-fraud frameworks. Proactive compliance not only minimises legal and financial exposure but also preserves your organisation’s reputation and stakeholder trust.
Our Corporate Crime & Business Integrity team regularly advises corporations on robust fraud prevention and compliance measures. Contact us today for expert guidance on safeguarding your business against the risks posed by this new offence.
