Clarke Willmott urges businesses to strengthen fraud prevention measures ahead of new law
National law firm Clarke Willmott LLP is urging businesses to strengthen fraud prevention measures ahead of new legislation introducing a corporate offence of “failing to prevent fraud.”
New business accountability rules under the Economic Crime and Corporate Transparency Act 2023 are starting to come into effect. In December 2023 the offence of corporate attribution was created, creating liability for a company where a senior manager acting within their role commits an offence. In September 2025 a further offence of failing to prevent fraud will take effect, carrying substantial financial penalties.
The failure to prevent fraud offence applies to large organisations meeting two or three of the following criteria: over 250 employees, £36 million turnover, or £18 million in assets.
Aidan Clucas, associate in the corporate team at Clarke Willmott in Birmingham, says firms should consider the Government’s guidance carefully and act now to reduce associated risk.
“An organisation may be held criminally liable for fraud committed by an employee, agent, or associated person if the fraud is intended to benefit the organisation.
“Encouragingly, the Government has published guidance to help companies understand the offence and take action to prevent fraud while safeguarding their businesses.”
The guidance outlines six principles for fraud prevention: top-level commitment, risk assessment, proportionate procedures, due diligence, communication (including training), and monitoring.
The advice outlines what prevention procedures could be deemed “reasonable in all the circumstances” to serve as a valid defence. To establish this, the company must show evidence of a proactive fraud prevention approach with procedures suited to the specific risks.
“In our experience, leaders in large organisations recognise their responsibility in setting policies and shaping the approach to fraud prevention,” says Aidan.
“Senior management will need to demonstrate how this top-level commitment is communicated across the business.
“Comprehensive records of risk assessments, prevention measures, training programs, and fraud prevention decisions should all be maintained. These records will help demonstrate compliance and reasonableness if the effectiveness of the measures is ever challenged.”
There are two possible defences for the offence of failing to prevent fraud.
The first applies if the organisation was the target or intended target of the fraud – for example, if a solicitor advising a client commits fraud against their law firm to benefit a client, the firm should not be both victim and defendant.
The second applies if the organisation has implemented “reasonable” fraud prevention procedures.
Aidan Clucas says: “A large organisation can defend itself by either proving it had reasonable procedures in place or showing that it was unreasonable to expect any such procedures.”
Looking forward, he says organisations should conduct a market review to identify external risks and assess internal business “pinch points.” Overseas businesses must assess territories where work is done on their behalf to avoid falling under the Act, while firms should review third-party contracts and employee onboarding processes.
Looking for guidance?
Check out Clarke Willmott’s ‘Managing Fraud Risk’ guide to help businesses prepare for upcoming changes and reduce associated risk.
Posted:
