Legal Eye advises firms to strengthen controls as ‘Failure to Prevent Fraud’ law takes effect

On 1 September 2025, a new corporate offence of ‘Failing to Prevent Fraud’ came into force under the Economic Crime and Corporate Transparency Act 2023 (ECCTA). The offence places a duty on organisations to prevent fraud carried out by employees, agents, subsidiaries or other associated persons for the benefit of the organisation or its clients.

The new law currently applies only to large organisations – those meeting at least two of the following criteria:

• turnover of more than £36 million
• balance sheet total of more than £18 million
• more than 250 employees.

However, the Government has indicated that it may review the scope of the offence in future, potentially extending the duty to a wider range of organisations.

Building a proactive anti-fraud culture

The Home Secretary published statutory guidance in November 2024, confirming that the new offence is designed to foster an anti-fraud culture, mirroring the shift seen following the introduction of “failure to prevent bribery” legislation in 2010.

Importantly, an organisation can be criminally liable even if senior management were unaware of the fraud, and even where no financial benefit was ultimately received. The mere intention to benefit the organisation or its clients is sufficient, and that intention need not be the sole or dominant motive.

Examples of conduct that could fall under the offence include:

• dishonest sales or marketing practices
• concealment of key information from consumers or investors
• dishonest behaviour in financial markets.

Conviction carries an unlimited fine, with potential implications for professional authorisations and accreditations.

What law firms should do now

To defend against prosecution, organisations must demonstrate that they had reasonable fraud-prevention procedures in place at the time the fraud occurred. What is considered “reasonable” will be assessed case-by-case but must be proportionate to the level of risk and to the degree of control the organisation has over the associated person.

Legal Eye recommends that firms:

• Review the Home Office guidance (November 2024) and updates from the SRA, Law Society and CLC
• Audit existing risk management frameworks and fraud-related policies to ensure they reflect ECCTA requirements
• Incorporate “Failure to Prevent Fraud” sections into policies such as Financial Crime, AML, and Supplier Due Diligence
• Consider whether Client and Matter Risk Assessment forms and supplier due diligence need to be updated to reflect fraud vulnerabilities
• Extend contractual terms with outsourced providers to include fraud prevention obligations
• Conduct audits of internal and external procedures – including accounts, billing, client communications, supplier relationships and data controls – to identify potential exposure points
• Review staff screening and ongoing monitoring processes; reliance on trust alone will not be a defence
• Deliver training to ensure all staff understand the implications of the new offence and their responsibilities under the ECCTA.

Support from Legal Eye

Paul Saunders, Managing Director at Legal Eye, commented:

“This is a significant development in corporate accountability. The ‘Failure to Prevent Fraud’ offence sets a clear expectation that organisations must take proactive, proportionate steps to prevent fraud – not simply react to it. Even though the offence currently applies only to large organisations, regulators are already signalling that all firms should be embedding strong anti-fraud procedures as a matter of best practice.”

Legal Eye’s team of compliance experts can support firms to review and update their policies, controls and staff training to ensure compliance with the new duty.

For more information or to discuss how Legal Eye can help your firm meet the requirements of the new Failure to Prevent Fraud offence, please contact bestpractice@legal-eye.co.uk or call 020 3051 2049.