Failure to Prevent Fraud Offence: The long-awaited Government Guidance is published – companies have until September 2025 to implement "reasonable procedures"

On 6 November 2024, the Home Office published the long-awaited guidance (Guidance) to organisations on the failure to prevent fraud (FTP Fraud Offence) which was introduced by the Economic Crime and Corporate Transparency Act 2023 (ECCTA). Under ECCTA, in-scope organisations (ie. 'large organisations') may be liable for a criminal offence where:

• an 'associated person' commits a relevant 'fraud offence';
• intending to benefit (directly or indirectly) the in-scope organisation or any person to whom, or to whose subsidiary, the associate provides services on behalf of the organisation; and
• the in-scope organisation did not have in place reasonable fraud 'prevention procedures'.

The Guidance, which has been published one year after ECCTA received Royal Assent, provides clarity in particular around the meaning of reasonable fraud 'prevention procedures' and confirms that the new offence will come into effect on 1 September 2025. Organisations therefore have 9 months to digest the Guidance and implement any changes that may be required to their fraud prevention procedures before the offence comes into force.

The Guidance states that the FTP Fraud Offence will "make it easier to hold organisations to account for fraud committed by employees or other associated persons… [and] will also encourage more organisations to implement or improve prevention procedures, driving a major shift in corporate culture to help prevent fraud". Companies should therefore consider the Guidance carefully to ensure that they are well placed to cope with this significant shift in culture, and regulatory / law enforcement expectations.

We set out below a high level overview of the key elements of the Guidance, with a more detailed briefing and podcast to follow. For more information on the FTP Fraud Offence itself or other changes introduced by ECCTA, do have a listen to our podcast series and see our associated briefings on the topic.

Overview of the Guidance

The Guidance provides an overview of the FTP Fraud Offence (chapter 2) and provides clarity on a number of areas including territoriality and the necessary intention to benefit for an FTP Fraud Offence to be made out. It provides helpful commentary for organisations considering (i) how to implement procedural changes across a global organisation; (ii) what prevention procedures may be reasonable in the context of a supply chain; and (iii) brings the offence to life through a number of examples. It describes the general principles for organisations in developing or enhancing procedures to prevent fraud (chapter 3), which we outline below, and discusses overlaps with other regulatory requirements (chapter 4).

Organisations should remember that the Guidance is not prescriptive; it includes examples of good practice but departure from the Guidance will not necessarily mean that an organisation did not have reasonable fraud prevention procedures in place. When seeking to rely on the defence, the onus will be on organisations to prove to a Court why the procedures it had in place were reasonable, or why it was unreasonable to expect them to have had such procedures in place. Organisations are not bound by the Guidance, but the Court will use it as a benchmark to assess whether companies have adhered to it when considering the availability of the defence.

The Guidance is sector agnostic although it leaves open the possibility of industries developing sector-specific guidance provided it is aligned with the Guidance.

Although the FTP Fraud Offence only applies to "large organisations", the Guidance notes that the principles it contains represent good practice and may therefore also be helpful for smaller organisations.

Reasonable fraud prevention measures

The Guidance recommends that a fraud prevention framework should be informed by six principles:

• Top-Level Commitment: Demonstration by senior management of a commitment to preventing fraud, fostering a culture where fraud is unacceptable.
• Risk Assessment: Assessment of an organisation's exposure to fraud risks and keeping this assessment under regular review. Risk assessments should be dynamic, documented and kept under regular review. Whilst it may be deemed reasonable not to introduce measures in response to a particular risk, the Guidance states that "it will rarely be considered reasonable not to have even conducted a risk assessment".
• Proportionate Risk-based Prevention Procedures: Fraud prevention measures should be proportionate to the identified risks and to the nature, scale and complexity of the organisation’s activities. The procedures must also be clear, practical, accessible, effectively implemented and enforced. Should organisations' existing fraud prevention procedures be sufficient to prevent identified fraud risks, the Guidance helpfully stipulates that it is neither necessary nor desirable to duplicate existing work.  
• Due Diligence: Taking a proportionate and risk-based approach, organisations should conduct due diligence on associated persons to mitigate fraud risks.
• Communication (including Training): Ensuring that fraud prevention policies are communicated, embedded and understood throughout the organisation, through internal and external communication.
• Monitoring and Review: Regularly monitoring and reviewing fraud prevention procedures and making necessary improvements. This should include learning from investigations and whistleblowing incidents and considering what lessons can be taken from sector relevant trade bodies or organisations.

Although the subject matter of the offence has changed, these six principles are the same broad principles that govern the guidance to the failure to prevent bribery offence (Section 7 of the Bribery Act 2010) and the failure to prevent the facilitation of tax evasion offence (the Criminal Finances Act 2017).

As indicated above, we will be considering the Guidance in more detail in an upcoming podcast and accompanying briefing. In the meantime, should you wish to discuss the Guidance or have queries regarding the review of your organisation's fraud prevention procedures, please contact any of the below HSF team members to discuss further.