New ‘Failure to Prevent Fraud’ Offence: How UK Firms Can Act Now to Protect Against Liability

Written By Gordon Spencer

By AnyAccount Ltd.
FinTech Advisory | www.anyaccount.org

A new era of corporate accountability is approaching. On 1 September 2025, a major provision of the Economic Crime and Corporate Transparency Act (ECCT) will come into force: the corporate criminal offence of failure to prevent fraud. For UK firms—particularly large organisations—this marks a pivotal moment to take stock of internal controls, governance frameworks, and fraud risk strategies.

At AnyAccount Ltd., we’re helping regulated firms across financial services and FinTech understand what this means and how to prepare. This isn't just another compliance exercise—it's a significant shift in criminal liability that demands urgent attention.

What Is the New Offence?

The new offence will hold large organisations criminally liable if a person associated with them—such as an employee, agent, or subsidiary—commits a fraud intending to benefit the organisation, and the organisation failed to put reasonable fraud prevention procedures in place.

Examples of in-scope behaviour may include:

  • Misleading sales practices

  • Concealing material information from customers or investors

  • Market manipulation or dishonest trading behaviours

Organisations do not need to have known about the fraud to be prosecuted. Liability is based on the failure to prevent—not knowledge or intent.

What Types of Firms Are Affected?

This offence applies to large organisations—defined using thresholds consistent with the Companies Act 2006, including:

  • More than 250 employees, or

  • Over £36 million turnover, and

  • £18 million or more in total assets

For smaller firms, this is a wake-up call too. With many FinTechs scaling rapidly, falling within scope may only be a matter of time.

What Firms Must Do: Reasonable Procedures

To avoid criminal liability, a firm must demonstrate that reasonable procedures to prevent fraud were in place at the time of the offence. These should be tailored to the organisation’s size, structure, and risk profile.

Key areas to address include:

  • Fraud risk assessments across business lines, customer types, and transaction flows

  • Clear roles and accountability for fraud risk ownership at Board and executive level

  • Internal controls and segregation of duties

  • Due diligence on third parties and agents

  • Whistleblowing and escalation protocols

  • Regular staff training and awareness

These requirements mirror the expectations introduced under the Bribery Act 2010 and later under anti-tax evasion facilitation offences—but now turn the spotlight directly on fraud.

When Does It Take Effect?

The failure to prevent fraud offence will take effect on 1 September 2025. That gives firms less than 12 months to assess their exposure and implement meaningful change.

The guidance published on 6 November 2024 provides further detail on how to apply the reasonable procedures defence and has been shaped in consultation with key regulatory and enforcement bodies, including the Crown Prosecution Service, SFO, FCA, HMRC, and HM Treasury.

Why This Matters: Enforcement Risk and Reputational Impact

According to the Home Office, fraud now accounts for over 40% of all crime in England and Wales. The Serious Fraud Office (SFO) has made it clear: organisations that don’t act face serious consequences.

As Director Nick Ephgrave warned:

“Time is running short for corporations to get their house in order or face criminal investigation.”

Beyond legal penalties, being linked to a failure to prevent fraud can bring significant reputational harm, investor scrutiny, and business disruption—particularly for financial services and consumer-facing platforms.

How AnyAccount Can Help

At AnyAccount Ltd., we work with FinTechs, payment firms, and financial institutions to build and implement fraud prevention frameworks aligned to regulatory expectations. We can support you to:

  • Conduct a gap analysis against ECCT expectations

  • Design or enhance your internal fraud prevention policies

  • Implement training programmes and monitoring systems

  • Integrate fraud controls into your wider Financial Crime Framework

Final Word: Time to Build a Fraud-Resilient Culture

The UK government’s direction is clear: corporate culture must shift from passive compliance to active prevention. If your firm is scaling, expanding internationally, or operating in high-risk sectors like financial services, your exposure to fraud liability is increasing.

Now is the time to act. Strengthening fraud defences isn't just about avoiding prosecution—it's about protecting your customers, your reputation, and the integrity of your business model.

Need help preparing for the new failure to prevent fraud offence?
Contact us at info@anyaccount.org to arrange a readiness assessment.

Gordon Spencer
Next

HM Treasury's Plan for Change: A Turning Point for FinTechs and Payment Institutions