Future Regulation: holding organisations to account for failure to prevent fraud by employees

1st November 2023

The Government has introduced a new offence whereby organisations will be potentially accountable for fraud committed by employees or agents. We look into what organisations should be aware of when it comes to failure to prevent fraud.

Failure to prevent fraud

The Economic Crime and Corporate Transparency Act 2023 (“the Act”) will introduce a new offence of failing to prevent fraud.

Under the Act, organisations of a certain size will be potentially liable when a fraud offence is committed by an employee or agent, for the organisation’s benefit, and the organisation did not have reasonable fraud prevention measures in place.

It does not need to be demonstrated that the company, via its directors/senior managers, ordered or knew about the fraudulent act.

If an organisation is convicted of an offence, they can be sentenced to an unlimited fine.

The Government has stated that this will:

discourage organisations from turning a blind eye to fraud by employees which may benefit them. The offence will encourage more companies to implement or improve prevention measures, driving a major shift in corporate culture to help reduce fraud.

Applies to 'large' organisations

Section 199 of the Act states:

  • (1)  A relevant body which is a large organisation is guilty of an offence if, in a financial year of the body (“the year of the fraud offence”), a person who is associated with the body (“the associate”) commits a fraud offence intending to benefit (whether directly or indirectly)—
    • (a)  the relevant body, or
    • (b)  any person to whom, or to whose subsidiary undertaking, the associate provides services on behalf of the relevant body.
  • (2)  A relevant body is also guilty of an offence under subsection (1) if—
    • (a)  an employee of the relevant body commits a fraud offence intending to benefit (whether directly or indirectly) the relevant body,
    • (b)  the fraud offence is committed in a financial year of a parent undertaking of which the relevant body is a subsidiary undertaking (“the year of the fraud offence”), and
    • (c)  the parent undertaking is a relevant body which is a large organisation.
  • (3)  But the relevant body is not guilty of an offence under subsection (1)(b) if the body itself was, or was intended to be, a victim of the fraud offence.
  • (4)  It is a defence for the relevant body to prove that, at the time the fraud offence was committed—
    • (a)  the body had in place such prevention procedures as it was reasonable in all the circumstances to expect the body to have in place, or
    • (b)  it was not reasonable in all the circumstances to expect the body to have any prevention procedures in place.

Section 201 of the Act provides that a relevant body is a ‘large organisation’ if it satisfies two or more of the following conditions in the financial year preceding the offence:

  • A turnover of more than £36 million;
  • A balance sheet total of more than £18 million;
  • More than 250 employees.

Section 202 of the Act also provides that, for the purposes of section 199, a relevant body which is a parent undertaking is a ‘large organisation’ only if certain conditions are met.

It follows that the act will not result in an increased burden on SMEs, who may ultimately benefit from greater protection as victims of fraud.

What constitutes a 'fraud offence'?

Section 199(6) provides that a fraud offence is an act which constitutes:

  • (a)  an offence listed in Schedule 13 (a “listed offence”), or
  • (b)  aiding, abetting, counselling or procuring the commission of a listed offence.

Schedule 13 sets out that that the following are listed offences:

  • Cheating the public revenue;
  • False accounting, under section 17 of the Theft Act 1968;
  • False statements by company directors, under section 19 of the Theft Act 1968;
  • Fraudulent trading, under s933 of the Companies Act 2006;
  • Fraud, under section 1 of the Fraud Act 2006;
  • Participating in fraudulent business carried on by a sole trader, under section 9 of the Fraud Act 2006; and
  • Obtaining services dishonestly, under section 11of the Fraud Act 2006.

Who is a ‘person associated with a relevant body’?

Section 199(7) of the Act states that if the person is an employee, agent or subsidiary undertaking of the relevant body or if the person otherwise performs services for, or on behalf of, the body, they are a person associated with a relevant body.

When will the new failure to prevent fraud offence come into force?

The Act has now received Royal Assent and it is anticipated that it will come into force once the Government has published guidance addressing what amounts to reasonable fraud prevention procedures. If you need legal advice on this topic, contact our regulatory lawyers.

If you would like advice on anything from this article

Speak to a member of our regulatory law team

Arrange a call

Enjoy That? You Might Like These:


26 October -
The General Medical Council (GMC) has updated its Good Medical Practice guidance to address sexual harassment in the workplace. Read More


16 October -
In a series of forthcoming articles, lawyers from Blake Morgan will examine how law will keep pace with the latest technological developments – follow us #FutureRegulation. The first in the... Read More


11 October -
We take a look at what is understood to be the first case involving a solicitor being struck off for non-criminal sexual conduct in the workplace. Read More