New corporate fraud offence to take effect in September—what firms must know
UK accountancy firms and their clients face a tightening of corporate liability rules from 1 September 2025, when the new offence of Failure to Prevent Fraud comes into force under the Economic Crime and Corporate Transparency Act (ECCTA).
Modelled on the UK Bribery Act 2010, the new law makes organisations criminally liable if an employee or agent commits fraud for the company’s benefit—unless the company can prove it had ‘reasonable fraud prevention procedures’ in place at the time.
The offence applies to large companies and partnerships that meet at least two of the following: more than 250 employees, over £36 million in turnover, or assets exceeding £18 million.
Prevention Procedures Must Go Beyond the Basics
Laurent Sarrat, co-founder and CEO of fraud prevention firm Sis ID, says the regulatory bar will require more than standard internal controls.
“Businesses with strong governance, compliance and fraud prevention processes will be best positioned for the regulatory changes ahead,” he said.
“But ‘reasonable procedures’ under Failure to Prevent Fraud requires more than internal controls—businesses must also be extending due diligence and responsibility to their entire ecosystem and supply chain to ensure no gaps exist.
“As, ultimately, the only effective way to tackle fraud is through collaboration.”
While some fraud risks are already well-known in the sector, including impersonation scams and invoice redirection fraud, the regulation shifts responsibility upward—placing legal consequences at the organisational level rather than solely with individuals.
Operational Readiness a Key Priority
Sarrat outlined several minimum steps businesses should already be working on:
- Conduct a comprehensive fraud risk assessment, including supply chain exposure
- Implement clear, documented anti-fraud policies
- Train staff in identifying and escalating suspicious activity
- Invest in automated fraud detection tools and processes
Although enforcement will begin in September, firms are expected to demonstrate that prevention procedures were embedded before any offence occurred.
This places additional pressure on governance, risk, and compliance teams to work closely with operational leaders.
Resources & Whitepapers
Accounting Software The power of customisation in accounting systems
Part of a Broader Regulatory Shift
The introduction of Failure to Prevent Fraud coincides with a wider raft of UK and EU-level regulation affecting cross-border financial operations.
These include the Digital Operational Resilience Act (DORA), Instant Payment Regulation (IPR), and PSD3—all of which will impact UK firms with EU clients or entities.
Despite the UK’s exit from the EU, regulatory alignment remains relevant, particularly for firms managing payments or client assets across jurisdictions.
From Risk to Resilience
The new fraud offence introduces significant reputational and financial risk, but it may also offer firms an opportunity to revisit outdated fraud processes.
By embedding compliance into broader operational planning, firms can move beyond reactive approaches and strengthen resilience against an increasingly sophisticated fraud environment.
Failure to act now could lead to more than just fines—it could also raise questions around client trust, professional standards, and regulatory scrutiny.
