Anti-Financial Crime & Financial Crime Compliance
Regulatory Intelligence Leadership | Insight | Network

Financial Crime, Fraud, UK

INSIGHT: Why the UK’s ‘failure to prevent fraud’ offence will redefine corporate liability

Ted Datta, Senior Director - Head of Industry Practice Group for Moody’s Compliance (Europe & Africa)

By Ted Datta, Senior Director – Head of Industry Practice Group for Moody’s Compliance (Europe & Africa)

IN In 2010, the UK Bribery Act redefined how companies operating within its jurisdiction approached anti-corruption compliance, shifting expectations toward greater corporate responsibility.

Now, the UK’s new Failure to Prevent Fraud offence could do the same, but for fraud prevention.

With fraud accounting for nearly 40% of all crime in the UK, and financial services firms losing over £1.17 billion to fraud in 2024 alone, the legislation comes at a time of increasing risk.

It’s made all the more relevant as compliance practices evolve: fraud has gone digital, cross-border, and industrial in scale, and the legal framework is now catching up.

A shift in corporate liability Operating as part of the Economic Crime and Corporate Transparency Act, the Failure to Prevent Fraud offence is scheduled to come into force on 1 September 2025. It will apply to all large firms operating in the UK that meet two of the following criteria: (1) more than 250 employees, (2) a turnover above £36 million, or (3) assets exceeding £18 million.

Fraud liability

The law makes organisations strictly liable if they benefit from fraud committed by their employees or third-party partners. It applies even if the fraud takes place outside the UK, so long as the offence falls under UK law or affects UK victims. That means, for example, a recruiter in Singapore or a software vendor in New York could now be a source of liability for a UK-headquartered firm.

A parallel to the bribery act When the Bribery Act 2010 was passed, it set a new standard of practice for corporate compliance departments. The ‘Failure to Prevent Fraud Act’ could demand a similar transformation, particularly given the breadth of the fraud risk landscape.

This includes false accounting, fraudulent trading, misrepresentation, abuse of position, dishonest services, and even tax fraud; as such, the scope of compliance teams will need to evolve in line with this.

Enforcement

In many ways, it may prove more complex to enforce the Failure to Prevent Fraud Act due to factors such as a broader spectrum of offences, distributed third-party ecosystems, a hybrid and remote workforce, and an AI-powered fraud economy. To adapt, teams will need to adopt a new perpetual compliance approach.

While there is no single template for this, several core principles are clear:

  • Enterprise-wide fraud risk assessments, conducted and updated regularly to reflect changes in operational, market, and regulatory conditions.
  • Enhanced due diligence processes for all suppliers, contractors, and service providers – not just at onboarding but throughout the lifecycle of the relationship.
  • IT system access controls and monitoring frameworks, designed to identify and flag risks from both internal employees and third-party personnel.
  • Proactive third-party risk management programmes that combine automation, structured data, and human intelligence to surface red flags and assess counterparty integrity.

While some parallels can be drawn from the principles established under the Bribery Act, the implementation burden is likely to be heavier.

The technology needed for real-time monitoring represents a significant step up, and AI and data analytics tools will significantly assist compliance teams manage this added operational burden.

Regulatory risks

There is no single regulator responsible for enforcing the new fraud offence. Instead, cases may initially be triggered by victims themselves, before being escalated to full investigations by agencies such as the Serious Fraud Office (SFO).

The SFO has already made public its intent to investigate violations of this law and has invested in upgraded data and IT systems to support its mandate. Meanwhile, the UK government is encouraging companies to self-report fraud or suspected fraud. Doing so is expected to be a significant mitigating factor should enforcement action occur.

The scale of potential penalties is significant. Fines under the new offence are unlimited. In some cases, firms may avoid criminal prosecution but still enter into Deferred Prosecution Agreements (DPAs) — negotiated settlements that can involve years of scrutiny, mandated improvements, and public reporting.

But the financial cost is only part of the risk. Allegations of fraud can quickly damage a firm’s reputation, leading to lost business, reduced investor confidence, and strained stakeholder relationships.

Complete transparency and accountability are key to preserving stakeholder trust and sustaining long-term competitive advantage.

This regulation arrives at a pivotal moment. Fraud has evolved, now faster, digital, and often driven by AI. The old compliance playbook, built for static risk, likely no longer provides effective and perpetual oversight.

This new offence will shape the next decade of fraud defence. In the era of exponential risk, prevention is the only defence that scales. That’s why firms that embrace this shift early, invest in due diligence technologies, and build a culture of transparency and resilience will lead.

AML Intelligence
We hope you enjoyed reading this article

If you would like unlimited access to AML Intelligence premium articles, newsletter delivered twice a week, access to our Global Bank Fines and Penalties database, free access to Boardroom Series events and much more, select one of our subscription options and become a subscriber!