The UK Home Office has released detailed guidance on the new offence of failure to prevent fraud (FTPF), which was introduced through the Economic Crime and Corporate Transparency Act 2023.
The rules will come into effect on 1 September 2025 and represent a significant shift in corporate accountability. Large organisations will now be directly responsible for ensuring effective measures are in place to prevent fraudulent activity, claims Moody’s.
The new offence sits alongside existing fraud law. While individuals who commit fraud can still be prosecuted, the legislation adds a parallel offence where an organisation can be held liable if it failed to prevent that fraud from occurring. The scope is broad, applying to companies across all sectors of the UK economy.
The legislation defines a “large organisation” as one that meets at least two of three thresholds: more than 250 employees, turnover above £36m, or assets exceeding £18m. These criteria apply to entire groups, including subsidiaries worldwide, ensuring accountability is not limited to UK operations alone.
At the core of the guidance is a requirement for “reasonable procedures” to prevent fraud. This means organisations must put in place tailored, risk-based safeguards that address their specific business circumstances. Six pillars form the backbone of compliance: top-level commitment, risk assessment, proportionate prevention procedures, due diligence, staff communication and training, and ongoing monitoring and review.
The offence covers a wide range of fraudulent activity, extending beyond the Fraud Act 2006 to common law offences such as cheating the public revenue. Notably, a business can be held liable for the actions of “associated persons”, including employees, subsidiaries, agents, or third parties providing services on its behalf, if the fraud benefits the organisation or its clients.
This has significant implications for supply chain oversight and third-party relationships. The guidance makes clear that suppliers may be classed as associated persons if they act on behalf of the organisation, meaning companies must strengthen due diligence, monitoring, and third-party risk management practices. This extends to the use of screening technology, third-party risk management tools, and internet searches. Organisations are also encouraged to consider employee wellbeing factors such as stress and workload, which may increase susceptibility to fraudulent behaviour.
In mergers and acquisitions, firms are advised to conduct deeper investigations into potential partners, including reviewing tax records, examining prior regulatory actions, and evaluating fraud prevention procedures. Technology, particularly Artificial Intelligence and Machine Learning, is highlighted as an important tool for analysing large datasets, detecting suspicious behaviour, and reducing false positives that can obstruct investigations.
The FTPF offence is seen as an opportunity as much as a challenge. While compliance may seem demanding, it provides a clear framework for organisations to strengthen governance, reinforce compliance, and protect both customers and reputation. As cyber threats, identity theft, and fraud scams continue to evolve, the new law underlines the need for proactive and continuous monitoring.
From September 2025, large organisations must be able to demonstrate that they have reviewed and adapted their risk assessments and controls in line with the new offence. Failure to do so could expose firms to prosecution and financial penalties. For many, this will require adopting advanced risk management tools, embedding a culture of integrity, and ensuring fraud prevention is seen as a core part of operational resilience.
Industry resources are already available to guide firms. An eBook on the failure to prevent fraud offence provides detailed information, while a separate paper, Best Practices of the Best Fraud Prevention Teams—featuring insights from ING Bank, the UK National Crime Agency and HMRC—can help firms benchmark their strategies.
The legislation could mark a turning point in how organisations manage fraud risk. With companies accountable for the actions of their employees and third parties, the UK is signalling a tougher stance on corporate responsibility. As the rules take effect, the focus will be on how quickly and effectively firms can adapt to meet the rising expectations of regulators.
Find more on RegTech Analyst.
Copyright © 2025 FinTech Global
