By Marit Rødevand, CEO of Strise
WHEN the UK government confirmed the creation of a new “failure to prevent fraud” offence (effective as of 1 September 2025), much of the immediate commentary focused on domestic compliance and governance.
However, this largely neglected that the implications of the legislation stretch far beyond the UK’s borders. For multinational banks, the offence constitutes not merely another regulatory burden. It is also a structural stress test across jurisdictions, networks and increasingly sophisticated supervisory frameworks.
The “failure to prevent” offence is not an entirely novel one in UK law. It echoes earlier corporate liability standards introduced in the 2010 Bribery Act and 2017 Criminal Finances Act.
This new model applies the same underlying philosophy of those two prior laws to a broader economic crime category. At its core, the provision holds organizations criminally liable if they fail to prevent fraud. This can be committed by “employees” or “associated persons” acting on their behalf. Both of these categories bear wide definitional breadth. For example, it extends liability into the realm of contractors and intermediaries.
While the policy intent is to incentivize proactive prevention rather than simply increase penalties, multinational institutions face a uniquely challenging compliance landscape.
‘Failure to prevent fraud’ multinational implications
Perhaps most consequential for global banks is the statute’s explicit extraterritoriality. It is possible for activities conducted wholly outside the UK to be held liable if the organization is incorporated in, or carries out business through, a UK entity.
This is not dissimilar to the now paused US Foreign Corrupt Practices Act and some elements of the EU’s AML Directives. However, it means that banks will have to navigate a geographical patchwork of overlapping obligations.
Historical enforcement illustrates the risks of such jurisdictional conflicts and just how open to regulatory collision it is. Indeed, in 2014 BNP Paribas was fined $8.9 billion by US authorities for transactions that were legal under EU law at the time. This demonstrated how multinational banks can be penalised, despite acting within the bounds of one jurisdiction. The UK offence adds another layer. Institutions must now demonstrate that anti-fraud controls extend across borders and encompass the full spectrum of third-party relationships. Compliance complexity – and associated costs – will inevitably rise.
Third-party relationships remain the most acute vulnerability. Despite strengthened internal compliance frameworks under regulations such as the EU’s Fifth Anti-Money Laundering Directive (5AMLD), suppliers and IT vendors can introduce significant risks.
‘Tick the box’ approach
This was underscored most prominently in the 2018 Danske Bank scandal. In that instance, correspondent banking relationships facilitated a wide-ranging money laundering operation. Due diligence cannot remain a procedural checkbox. Continuous monitoring, enhanced scrutiny of high-risk suppliers, and integration of supplier risk into core compliance frameworks are essential. The FCA (Financial Conduct Authority) has already signalled that weak oversight of outsourcing and supply chain partners will be a supervisory focus area. This means that, for institutions, liability may arise not only from fraudulent conduct. But it could also be from a demonstrable failure to evidence adequate prevention and monitoring of external actors.
Multinational banks will no doubt face financial, structural and logistical pressures. They must align systems across jurisdictions, managing conflicting regulatory timelines, and monitoring third-party risk in real time. Investment in advanced compliance tools, including AI, real-time analytics, and automation, is likely to become standard practice. For larger banks, this may entail wholesale investment programmes. While for smaller/mid-tier institutions with UK exposure, the challenge will be resourcing. Companies must balance compliance financing against profitability.
Culture shift
Yet an equally underappreciated challenge will be revising a longstanding culture of apathy. Fraud prevention requires systems change. But, it also demands a shift in incentives and accountability across the organisation, whether that be the tone articulated by executives at the top, or employee training and performance metrics tied to risk awareness.
Regulators are increasingly looking for this evidence of cultural commitment, and boards will be expected to play a more hands-on role in fraud oversight.
This is not to say there are no opportunities. By embedding stronger integrity and resilience into operations, institutions can move beyond reactive compliance to proactive governance, enhancing public and regulatory trust.
The offence is raising the bar. However, forcing a more holistic approach to risk management is likely to genuinely yield long-lasting benefits. The critical question is whether institutions are prepared.
Simply bolting this requirement onto existing systems will be insufficient. It requires a comprehensive reassessment: how compliance functions operate across borders, how third-party suppliers are incorporated into risk frameworks, and how technology can deliver meaningful oversight in real time.
The UK’s ‘failure to prevent fraud’ offence will be a litmus test for multinational banks. Those that rise to the challenge will not only comply but can lead in setting standards for integrity and risk management in global banking.
We hope you enjoyed reading this article
If you would like unlimited access to AML Intelligence premium articles, newsletter delivered twice a week, access to our Global Bank Fines and Penalties database, free access to Boardroom Series events and much more, select one of our subscription options and become a subscriber!
