Economic crime remains one of the most pressing threats to the UK economy, undermining public trust, damaging reputations, and facilitating corruption. The Economic Crime and Corporate Transparency Act 2023 (“ECCTA”) represents the UK Government’s most significant step to hold organisations accountable and strengthen corporate integrity. Under the Economic Crime and Corporate Transparency Act 2023, economic crime includes a wide range of offences, such as:
- Fraud
- Money laundering
- Bribery and corruption
- Tax evasion
- Terrorist financing
- False accounting
- Financial services misconduct
It also covers attempts, conspiracies, and assistance in committing these offences, even if the conduct occurs outside the UK but would be considered criminal if done here.
A new corporate criminal offence, failure to prevent fraud, came into force on 1 September 2025 under the ECCTA, designed to drive a cultural shift in how large organisations approach fraud prevention, placing legal responsibility on them to take proactive steps to prevent fraud committed by individuals acting on their behalf.
Under the offence, which has cross-Parliament support, large organisations may be held criminally liable where an employee, agent, subsidiary, or other “associated person”, commits a fraud intending to benefit the organisation. I.e., an organisation can be held criminally liable if a person associated with it, such as an employee, agent, or subsidiary, commits a specified fraud offence intended to benefit the organisation, and the organisation did not have reasonable fraud prevention procedures in place. Importantly, senior management does not need to have ordered or been aware of the fraud for liability to apply. Something similar to AML offences, where a party can be accused of a crime they are not aware of.
Section 199, Failure to prevent fraud confirms
(1) A relevant body which is a large organisation (see sections 201 and 202) is guilty of an offence if, in a financial year of the body (“the year of the fraud offence”), a person who is associated with the body (“the associate”) commits a fraud offence intending to benefit (whether directly or indirectly)—
(a) the relevant body, or
(b) any person to whom, or to whose subsidiary undertaking, the associate provides services on behalf of the relevant body.
You can see that this provision expands corporate liability beyond direct wrongdoing, embedding a duty of vigilance throughout organisational structures.
To defend against prosecution, organisations must demonstrate that they had reasonable procedures in place to prevent fraud. The UK Government has outlined six guiding principles to help organisations meet this standard:
- Top-level commitment: Senior leadership must actively support and promote anti-fraud measures.
- Risk assessment: Identify and evaluate fraud risks across all areas of the business.
- Proportionate procedures: Implement controls that are appropriate to the level and nature of risk.
- Due diligence: Know who you’re working with and assess their risk profile.
- Communication and training: Ensure staff and associated persons understand fraud risks and reporting procedures.
- Monitoring and review: Regularly assess and improve fraud prevention systems.
However, the Economic Crime and Corporate Transparency Act 2023 does not expect businesses to eliminate fraud risk entirely but to take reasonable and proportionate measures to prevent it. The legislation introduces a compliance-based defence in Section 199(4) that rewards diligence and governance. This means that liability arises not from the fraud itself but from inadequate prevention procedures. The law, therefore, incentivises companies to embed a proactive culture of risk management, regular review, and ethical leadership across all levels of the organisation.
Section 199 (4) states:
(4) It is a defence for the relevant body to prove that, at the time the fraud offence was committed—
- The body had in place such prevention procedures as it was reasonable in all the circumstances to expect the body to have in place, or
- It was not reasonable in all the circumstances to expect the body to have any prevention procedures in place.
It can be seen that the offence is intended to discourage passive oversight and encourage active governance. It applies to large organisations, defined as those meeting two or more of the following criteria in the financial year prior to the fraud. These thresholds apply to each legal entity, including subsidiaries and parent companies:
- More than 250 employees
- More than £36 million in turnover
- More than £18 million in total assets
Fraud now accounts for over 40% of all recorded crime in the United Kingdom. The new Failure to Prevent Fraud offence seeks to protect victims and the wider economy by holding organisations accountable for preventing financial misconduct within their operations. It compels businesses to strengthen internal controls, embed a culture of compliance, and ensure that ethical conduct is not merely aspirational but operational. The measure also levels the playing field for businesses that already take fraud prevention seriously.
Organisations are therefore encouraged to act now by reviewing their internal frameworks, including:
- Fraud risk assessments to identify potential vulnerabilities across business functions.
- Staff training programmes to build awareness and accountability at all organisational levels.
- Oversight of third-party relationships to ensure external agents and suppliers meet equivalent compliance standards.
At AIO Legal Services, we help organisations navigate the complex landscape of corporate governance, compliance, and financial crime prevention. Our cross-jurisdictional team advises on the design and implementation of fraud prevention frameworks, AML and CTF compliance programmes, and board-level risk management systems aligned with the Economic Crime and Corporate Transparency Act 2023. Whether you are reviewing internal procedures, conducting a fraud risk assessment, or seeking to demonstrate “reasonable procedures” under Section 199, we can provide tailored guidance, policy drafting, and staff training to ensure full compliance and corporate resilience.
Please feel free to contact us: