Detailed Failure to Prevent Fraud Offence Guidance under the New UK Law

Published by Talha Zubair posted in Resources on 24 September 2025

If you are a company director, business owner, or part of senior management, the UK’s new fraud laws may have already caught your attention. With the introduction of the failure to prevent fraud offence under the Economic Crime and Corporate Transparency Act 2023 (ECCTA), many businesses are now seeking clear failure to prevent fraud guidance to understand what it means for them.

From 1 September, a major change in the UK’s new fraud laws 2025 will affect how companies deal with fraud. This law means large organisations can be held criminally liable if someone connected to them commits fraud to benefit their business and the company does not have proper safeguards in place.

Business leaders are asking a key question: does this mean directors are personally liable if fraud occurs? The short answer is no—but companies cannot ignore the new rules. The focus is firmly on whether the organisation has a strong and regularly reviewed anti-fraud framework.

At Apex Accountants, we believe this shift is one of the most important legal changes for UK businesses recently. In this article, we explain what the law means, which organisations are affected, the types of fraud it covers, and the practical steps companies should now take to prepare.

Are directors personally liable if fraud occurs?

No. Directors are not personally liable for the new offence of failure to prevent fraud. The responsibility falls on the organisation itself. If an employee, agent, or subsidiary commits fraud to benefit the company, the business could face prosecution. The individuals directly involved in the fraud can still be charged under existing criminal law, but the new rules do not extend personal liability to directors.

What does “failure to prevent fraud offence” mean?

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) introduces this offence, which comes into force on 1 September 2025. It is a strict-liability offence. That means:

If someone linked to the company commits fraud to benefit the business or its clients, the company is liable.
Prosecutors do not need to show that directors or senior managers ordered or knew about the fraud.
The test is whether the company had reasonable anti-fraud procedures in place.

This strategy makes sure businesses concentrate on prevention rather than responding after the damage has already occurred.

Which organisations are affected?

The offence only applies to large organisations. A business is considered large if it meets at least two of the following:

More than 250 employees
Turnover above £36 million
Assets over £18 million

These thresholds apply to groups as a whole, not just individual subsidiaries. Overseas companies are also caught if the fraud is carried out in the UK or harms UK victims.

What types of fraud are covered?

The law applies to a broad range of fraud offences. These include:

Fraud by false representation, failing to disclose information, or abuse of position.
False accounting.
Fraudulent trading.
Assisting or encouraging any of the above.

This wide coverage reflects the government’s aim to tackle corporate fraud in all its forms.

Do directors face any risk at all?

While directors are not personally liable under this specific offence, they still carry responsibility for oversight. Other laws, such as those against fraudulent trading and making false statements, can apply directly to individuals. This means governance and transparency remain essential. A robust compliance culture is the safest protection for both companies and their leaders.

What defences are available for companies?

A business can avoid conviction if it can prove:

It had reasonable procedures in place to prevent fraud; however,
It was not reasonable to expect such procedures given the nature of the organisation.

The cornerstone of this defence is a fraud risk assessment. Organisations are expected to:

Identify where they are vulnerable to fraud.
Document why certain procedures were adopted or rejected.
Review the risk assessment regularly.

If assessments are not kept up to date, courts may decide that procedures were not reasonable.

What counts as reasonable procedures?

To defend against the failure-to-prevent fraud offence, companies must show they had reasonable procedures in place. Government guidance highlights six principles that every organisation should follow:

Leadership commitment
Senior management must set the tone by promoting a culture of zero tolerance towards fraud. A clear message from the top builds confidence across the organisation.
Regular risk assessment
Businesses should identify potential fraud risks, assess their likelihood and impact, and keep these assessments up to date as circumstances change.
Proportionate policies and controls
Organisations need clear, practical anti-fraud policies supported by robust financial controls and internal reporting systems that match the size and nature of the business.
Training and communication
Staff, contractors, and agents must be trained to spot warning signs of fraud and understand how to report concerns quickly and safely.
Monitoring and review
Procedures must not remain static. Companies should monitor their effectiveness and adapt them as new risks emerge.
Third-party management
Due diligence on suppliers, partners, and agents is vital. Contracts should include fraud-prevention clauses to make expectations clear.

By applying these principles, organisations put themselves in the strongest possible position to demonstrate that their prevention measures are both reasonable and effective.

What steps should businesses take now?

Apex Accountants recommends that organisations prepare before the offence takes effect.

Check if you qualify under the large organization’s thresholds.
Carry out a fraud risk assessment and keep it under regular review.
Update anti-fraud policies across your group.
Train employees, contractors, and agents on fraud awareness and reporting.
Review contracts with partners to include anti-fraud clauses.
Keep records showing how procedures were designed, applied, and monitored.

How Apex Accountants’ Failure To Prevent Fraud Guidance Can Help

Adapting to a failure to prevent fraud offences requires more than just policies on paper. It demands a clear, practical framework that proves a business takes fraud prevention seriously. At Apex Accountants, we provide hands-on support to help organisations prepare for this legal change.

Fraud Risk Assessments

We work with companies to identify their fraud risks, from internal controls to third-party exposure. To maintain their credibility in the eyes of regulators and courts, our team regularly reviews assessments and documents findings.

Policy and Procedure Design

We help draft proportionate anti-fraud policies, financial controls, and reporting systems tailored to your organization’s size and complexity.

Training and Awareness

Our training programs give employees and agents the knowledge they need to identify fraud risks and report concerns. This builds a culture of accountability across the business.

Monitoring and Review

We provide ongoing support to test and improve procedures, ensuring your fraud framework stays strong as your business grows and risks change.

Group and Third-Party Support

For groups with subsidiaries or overseas partners, we help implement consistent policies across all operations. We also review contracts to add the right fraud-prevention clauses.

Key takeaway on New Fraud Laws 2025

From 1 September 2025, large organisations will be liable for failing to prevent fraud committed by employees or associates. Directors are not personally liable, but the company itself could face prosecution and heavy fines.

At Apex Accountants, we work with businesses to design fraud-resilient systems, carry out risk assessments, and train teams. Contact Apex Accountants today to discuss how we can help your organisation prepare. Acting now will protect your organisation and show that you are ready for the new law.