UK's Failure to Prevent Fraud - comes into force on 1 September 2025

Introduction

The Economic Crime and Corporate Transparency Act (ECCT) introduces significant changes to corporate criminal liability in the UK, including a new “Failure to Prevent Fraud” offence. Coming into force on 1 September 2025, this law will require companies to take proactive steps to prevent fraud within their organisations, or face criminal liability.

One of the key compliance measures businesses must implement is a Fraud Risk Assessment. This assessment ensures firms understand their exposure to fraudulent activities and have adequate controls in place to mitigate risks.

What Is the ‘Failure to Prevent Fraud’ Offence?

Under the new legislation, an organisation can be held criminally liable if a person associated with it (e.g., employees, agents, or subsidiaries) commits fraud for the benefit of the organisation.

A company will have a defence if it can prove that it had reasonable procedures in place to prevent fraud from occurring.

Who Is Affected?

The law applies to large organisations, which meet at least two of the following criteria:

• Turnover exceeding £36 million

• Balance sheet total exceeding £18 million

• More than 250 employees

However, regulators have made it clear that smaller firms may also be expected to take proportionate anti-fraud measures.

Why Conduct a Fraud Risk Assessment?

A Fraud Risk Assessment is a key element in demonstrating compliance with the ECCT. It helps firms to:

• Identify areas of vulnerability where fraud risks exist.

• Assess the adequacy of existing controls and highlight any weaknesses.

• Develop and implement anti-fraud measures tailored to their risk profile.

• Demonstrate reasonable procedures to regulators, reducing liability in the event of an investigation.

Key Elements of a Fraud Risk Assessment

1. Mapping Fraud Risks: Identifying key fraud threats, including internal fraud, procurement fraud, invoice fraud, bribery, and financial statement manipulation.

2. Assessing Impact & Likelihood: Determining the severity and probability of identified risks.

3. Evaluating Existing Controls: Reviewing policies, whistleblowing procedures, transaction monitoring, and due diligence processes.

4. Remediation Planning: Addressing weaknesses by strengthening internal controls, training staff, and implementing fraud detection tools.

5. Ongoing Monitoring: Regularly updating the fraud risk assessment as new risks emerge.

   
   
   
   

How ComplyLens Can Help

ComplyLens has developed a dedicated Fraud Risk Assessment module, designed to help firms meet the requirements of the ECCT by:

• Automating the risk assessment process to ensure consistency and efficiency.

• Mapping fraud risks across different business functions.

• Generating regulator-ready reports to demonstrate compliance.

• Providing real-time risk insights to strengthen anti-fraud controls.

With the Failure to Prevent Fraud offence taking effect soon, now is the time for firms to ensure they are prepared, protected, and compliant.

Conclusion

The introduction of the Failure to Prevent Fraud offence under the Economic Crime and Corporate Transparency Act marks a significant shift in the UK’s corporate crime landscape.

Firms that fail to take proactive steps to prevent fraud may face criminal liability, hefty fines, and reputational damage.

Conducting a Fraud Risk Assessment is not just a compliance requirement, it is a fundamental part of good corporate governance.

To learn more about how ComplyLens can help your organisation prepare, contact us today.