For decades it was hard to hold a large company criminally responsible for fraud committed in its name — prosecutors had to pin the wrongdoing on a "directing mind" at the top. The Economic Crime and Corporate Transparency Act 2023 (ECCTA) changed that. Since 1 September 2025, a large organisation can be guilty of a new offence: failure to prevent fraud. If an employee or associate commits a fraud intending to benefit the organisation, the organisation itself is liable — unless it had reasonable procedures in place to prevent it.
What the offence actually is
The offence catches an organisation when a person associated with it (an employee, agent, subsidiary or other person performing services for it) commits a specified fraud offence intending to benefit the organisation (or its clients). The organisation does not need to have known.
- An associated person commits a specified fraudintending to benefit the organisation
- The organisation had no reasonable prevention proceduresThe organisation is guilty
- The organisation HAD reasonable proceduresDefence available
Who it applies to: the large-organisation test
The offence currently applies only to large organisations, defined by meeting at least two of three thresholds in the relevant financial year.
| Criterion | Threshold |
|---|---|
| Turnover | More than £36 million |
| Balance sheet total | More than £18 million |
| Employees | More than 250 |
The reasonable-procedures defence
The defence is that the organisation had reasonable procedures to prevent the fraud (or that it was not reasonable to expect any in the circumstances). The Home Office guidance frames this around six familiar principles — deliberately echoing the Bribery Act's "adequate procedures".
- Top-level commitmentSenior leadership owns and is seen to own fraud prevention.
- Risk assessmentA documented assessment of the fraud risks the organisation faces.
- Proportionate proceduresControls proportionate to the risk and the organisation's nature.
- Due diligenceDiligence on associated persons who could commit fraud for the organisation.
- Communication and trainingStaff understand the risks and the procedures, including training.
- Monitoring and reviewProcedures are tested, monitored and updated over time.
Test your understanding
Decide whether each situation could expose the organisation to the failure-to-prevent-fraud offence.
A large company's agent commits fraud against a customer, intending to benefit the company.
Why enforcement matters in 2026
The Serious Fraud Office has signalled it intends to make early use of the new offence, and corporate fraud enforcement is expected to intensify through 2026, with faster timelines and incentives for self-reporting. This sits alongside broader corporate-liability reform (see the Crime and Policing Act 2026). The practical message: fraud prevention is now a documented, board-level discipline, not an afterthought.
Where Probitas fits
The "due diligence" principle expects you to know and check the associated persons who could commit fraud for your organisation. A Probitas check screens individuals and companies against sanctions, PEP and adverse media sources and surfaces the public record, each finding anchored to its source — evidence that supports the diligence the defence requires. The procedures and decisions remain the organisation's own.
Failure
When did the failure to prevent fraud offence come into force?
1 September 2025, under the Economic Crime and Corporate Transparency Act 2023. Home Office guidance on reasonable procedures was published ahead of that date.
Which organisations does it apply to?
Large organisations — those meeting at least two of three thresholds: turnover over £36 million, balance sheet total over £18 million, or more than 250 employees. Group-wide figures can bring smaller entities within scope.
What is the defence?
That the organisation had reasonable procedures in place to prevent the fraud, or that it was not reasonable in the circumstances to expect any. The Home Office guidance sets out six principles for what reasonable procedures look like.
How is this different from existing fraud law?
It removes the need to prove a senior "directing mind" was culpable. If an associated person commits a specified fraud intending to benefit the organisation, the organisation is liable unless it had reasonable procedures — shifting the focus to prevention.
Does the fraud have to succeed for the offence to apply?
The offence concerns the commission of a specified fraud offence by an associated person intending to benefit the organisation. Organisations should focus on preventing the underlying fraudulent conduct, not on whether a particular fraud ultimately paid off.
Sources
This guide is written from primary sources. Each is linked below; claims in the text link to the specific reference they rely on.