From 1st September 2025, the new failure to prevent fraud (FTPF) offence takes effect. It marks a shift: fraud prevention is no longer just about protecting your business from being a victim. It is about preventing fraud committed for your benefit.
Under section 199 of the Economic Crime and Corporate Transparency Act 2023, a large organisation will be criminally liable if an ‘associated person’ commits one of nine fraud offences intending to benefit the organisation or a client it serves.
The only defence? Showing your organisation had ‘reasonable procedures’ to prevent it.
Who counts as an ‘associated person’?
Not just employees. The definition extends to contractors, temporary hires, subsidiaries, and third parties acting on the organisation’s behalf.
That means a sales agent, outsourced onboarding provider, or overseas subsidiary could put your organisation in the frame. Leaders cannot assume fraud risk sits neatly inside the payroll boundary.
What are leaders’ responsibilities?
The Home Office guidance outlines six key principles: top-level commitment, risk assessment, proportionate procedures, due diligence, effective communication/training, and regular monitoring/review. Each requires board-level oversight, not just compliance box-ticking:
- Top-level commitment: regulators will look at whether leaders visibly backed the fraud prevention agenda. In resources, messaging and incentives.
- Risk assessment: fraud risk is not confined to finance. Hiring, sales practices, procurement, and overseas operations all need scrutiny. Documented decisions matter.
- Policies and procedures: anti-fraud measures should appear throughout the organisation’s rulebook, from disciplinary codes to onboarding suppliers.
- Due diligence: third parties acting on your behalf are in scope. Contracts, monitoring and vetting must reflect that.
- Communication and training: leaders set the tone, but middle managers carry the message. Training must be role-specific and credible.
- Monitoring and review: fraud evolves. You should review your procedures regularly, with board-level visibility of findings.
Do you have blind spots?
- Delegating it away: FTPF is not just compliance’s problem. It will test leadership accountability.
- Third-party risk: contractors, agents and subsidiaries may be your weakest link.
- Cultural drift: a ‘win at all costs’ environment, plus weak whistleblowing processes, is an open invitation.
- Extraterritorial reach: overseas staff and operations can still trigger UK liability.
Are you working across functions?
Fraud risk will not be solved in silos. Boards should mandate cross-functional working groups. Compliance, finance, human resources (HR), legal and operations each own a piece of the puzzle.
- Compliance designs frameworks and monitoring.
- Finance aligns incentives and financial controls.
- HR vets, trains and shapes culture.
- Legal ensures contracts and governance reflect FTPF risk.
- Operations manages third-party exposure.
If any function is absent, the ‘reasonable procedures’ defence weakens.
What about whistleblowing?
Policies on paper will not satisfy the Serious Fraud Office. Culture is the test. Ask:
- Do our people believe it is safe to blow the whistle and that we will do something about it?
- Do our leaders talk about preventing fraud as part of performance, not compliance jargon?
- Do our reward systems balance results with integrity?
If the answers are weak, so is the defence.
Communication without legalese
Executives do not need to terrify managers with ‘criminal liability’ slides. The point is simpler:
- We want to win business the right way.
- This protects the organisation and its people.
- If in doubt, speak up early.
Leaders must model this language and ensure it is consistently cascaded.
How would you cope in these situations?
- Sales: a high-performing sales representative inflates pipeline numbers to hit targets. Would your controls catch it?
- Third-party onboarding: a contractor cuts corners on client checks, exposing you to fraud risk. Is oversight in place?
- Remote staff: an overseas employee misleads a UK customer. FTPF still bites if there is a UK link. Are you checking?
What is the takeaway?
FTPF shifts liability from ‘bad apples’ to the organisation. For senior leaders, the message is clear: preventing fraud must be woven into governance, culture and operations.
The law is blunt: if you do not prevent it, you own it.
