Uncovering ECCTA Part 2: Preventing Fraud

In the second part of our series on ‘Uncovering ECCTA’, we’ll explain a new law aimed at preventing fraud. We’ll cover what this new offence means, who it affects, and how you can ensure your organisation is compliant.

What Is The New ‘Failure To Prevent Fraud’ Offence?

Starting September 1, 2025, a new ‘failure to prevent fraud’ (FTPF) offence will close a loophole in existing law. Previously, organisations could avoid prosecution for fraudulent activities that benefited them, especially if the fraud was committed by lower-level employees without the knowledge of senior management.

The new law holds large organisations criminally liable if two criteria are met:

• an employee or other ‘associated person’ commits fraud to benefit the organisation.
• the organisation didn’t have reasonable fraud prevention procedures in place.

The key takeaway for directors and owners is that your organisation can now be held accountable even if you were unaware of the fraud. The only defence is to prove that your company has reasonable fraud prevention procedures in place.

Who Does This Law Apply To?

The FTPF offense applies to any incorporated company or partnership (including incorporated charities and public bodies) that meets at least two of the following criteria in its preceding financial year:

• More than 250 employees
• Turnover exceeding £36 million
• Total assets exceeding £18 million

This law isn’t just for commercial businesses. It also applies to large, incorporated charities and public bodies. Non-UK companies can also be prosecuted if the fraud has a UK connection, such as being committed in the UK or targeting UK victims, or where the fraud occurs in the overseas offices of a UK Headquartered business and the fraud has a UK nexus.

How Can Your Organisation Stay Compliant?

This new law is a major change. Instead of just being a victim of fraud, organisations can now be prosecuted for fraud committed for their own benefit. To avoid this, you must take proactive steps to prevent fraud.

The government has outlined six key principles for creating a strong anti-fraud framework:

• Top-level Commitment: Senior leaders must actively support and promote a culture that is against fraud. This includes providing resources, setting the right ‘tone from the top’ and making fraud prevention a core part of the organisation’s governance.
• Risk Assessment: Organisations must regularly and thoroughly assess their exposure to fraud. This assessment should be specific to their business and consider both internal and external threats, including those posed by your ‘associated persons’.
• Proportionate Prevention Procedures: Fraud prevention measures should be customised to the risks identified. This might involve implementing stronger controls, updating policies or improving whistleblowing channels.
• Due Diligence: It’s critical to know who your organisation is dealing with. Conduct risk-based background checks on ‘associated persons’ like employees, contractors and third-party suppliers, especially those in high-risk roles.
• Communication: Clearly communicate your anti-fraud policies and procedures both inside and outside the organisation. Regular, tailored training is essential to make sure everyone understands their role in preventing fraud.
• Monitoring and Review: Fraud risks are always changing. Your prevention procedures must be monitored and reviewed regularly. Keep a log of fraud incidents and whistleblowing reports and adapt your policies as needed to address new risks.

Gavin Ball, Counter Fraud Specialist and Director of financial crime prevention consultancy, GDB Consulting, has seen an increase in fraud risk assessment work and training requests from clients ahead of this new offence.

Gavin said “In some limited circumstances, it may be deemed reasonable not to introduce all of the above measures in response to the particular risks. However, it will rarely be considered reasonable not to have even conducted a risk assessment and as such the starting point should always be to undertake a fraud risk assessment of your organisation to understand what other reasonable procedures you may need to put in place.”

“A fraud risk assessment is a useful tool to help protect your business from the risk of both internal and external fraud and should be undertaken by specialist fraud consultants, where possible.”

Don’t delay! The FTPF offense takes effect on September 1, 2025. To be able to use the ‘reasonable procedures’ defence, your organisation must have these measures in place by this date.

If you have any questions in the meantime about what this means for you and your company, please contact us on contact@prosec-cosec.com