Failure To Prevent Fraud Rules: Everything You Need To Know

From 1 September 2025, the Economic Crime and Corporate Transparency Act 2023 introduced the new corporate offence of Failure to Prevent Fraud. This represents a major shift in how UK organisations are held criminally accountable for fraud committed for their benefit — and it places whistleblowing firmly at the heart of compliance.

With fraud now representing the largest category of crime in the UK, organisations must move beyond minimum compliance and invest in robust, independent reporting mechanisms to enhance their existing fraud detection and prevention methods.

‘Failure to prevent fraud’ and other key changes introduced by the Economic Crime Act

The new offence applies to large organisations, defined as those meeting two of the following three criteria in the preceding financial year:

• More than 250 employees
• Turnover exceeding £36 million
• £18 million in total assets

Similar to the Bribery Act, the new liability model makes it easier to prosecute companies by focusing on the failure to have “reasonable procedures” in place, rather than proving direct involvement by senior staff. An organisation can be prosecuted if a fraud offence is committed by an “associated person” intending to benefit the organisation or its clients, and the organisation did not have reasonable fraud prevention procedures in place.

“Associated persons” is defined broadly and includes:

• Employees
• Agents
• Subsidiaries
• Contractors
• Any person performing services for or on behalf of the organisation

Crucially, senior management does not need to have known about or authorised the fraud for liability to arise.

How does the Economic Crime and Corporate Transparency Act affect smaller businesses?

Although the offence formally applies only to large organisations, the Home Office guidance explicitly states that the principles are relevant to smaller organisations as good practice and for supply‑chain assurance.

In practice, the change in the laws is likely to mean that:

• Large organisations will impose contractual fraud prevention obligations throughout their value chains.
• SMEs and third‑sector organisations will increasingly need to evidence their own fraud prevention and anti-fraud controls to satisfy due diligence and tender requirements.

Businesses unable to demonstrate effective whistleblowing arrangements risk exclusion from contracts, partnerships, and funding opportunities. Failure to comply with the Failure to Prevent Fraud offence may also result in:

• Unlimited fines
• Criminal prosecution
• Severe reputational damage
• Director scrutiny and governance failings
• Increased regulatory intervention

The Scale of the UK Corporate Fraud Threat

Fraud is not a low‑probability risk — it is a systemic threat to UK businesses and public services. It accounts for over 40% of all recorded crime in England and Wales, making it the single most prevalent offence category (Source – Crime Survey for England and Wales (CSEW))

The Annual Fraud Indicator produced by Crowe, Peters & Peters, and the University of Portsmouth in 2013 estimated that fraud costs the UK £219 billion per year. This is broken down as:

• £157.8 billion to the private sector
• £50.2 billion to the public sector
• £8.3 billion lost directly by individuals

The Cifas Fraudscape 2025 report reported 421,000 fraud cases were raised to the National Fraud Database in 2024, representing a 13% increase from 2023, the highest level on record. (Cifas’s Fraudscape report covering calendar year 2024)

In their 2024 Report to the Nations, The Association of Certified Fraud Examiners estimate that organisations globally lose 5% of annual turnover to fraud, with 43% of fraud detected via whistleblowing. The report highlights that whistleblowing is over three times more common than the next closest method for fraud detection.

6 controls businesses should have in place to prevent fraud

The Home Office Failure to Prevent Fraud Guidance identifies six core principles for reasonable fraud prevention procedures, including:

1. Top‑level commitment to an ethical culture
2. Risk assessment
3. Proportionate controls
4. Due diligence
5. Communication (including training)
6. Monitoring and review

Effective speak‑up and whistleblowing arrangements sit squarely within the Communication principle. As such, organisations should ensure that fraud prevention policies and procedures are effectively communicated and embedded, including mechanisms for staff and others to report concerns.

Sexual Harassment Reform

From 6 April 2026, sexual harassment disclosures are explicitly classified as protected disclosures under UK whistleblowing law, strengthening worker protections.

From October 2026, in accordance with the Employment Rights Act 2025, organisations will face:

• A heightened duty to take “all reasonable steps” to prevent sexual harassment
• Direct liability for sexual harassment by third parties, such as customers, suppliers, and contractors

These reforms significantly extend a business’s duty of care beyond its direct workforce — aligning closely with the “associated persons” concept in Failure to Prevent Fraud.

Independent whistleblowing services support compliance with these changes by:

• Enabling confidential and anonymous reporting from employees and third parties
• Demonstrating proactive prevention rather than reactive remediation
• Providing defensible evidence of “reasonable steps” across multiple legal regimes

Why is this important now?

To remain legally compliant and commercially credible, organisations should invest in an independent, external whistleblowing service provider to:

1. Demonstrate reasonable fraud prevention procedures
2. Strengthen corporate governance frameworks
3. Support compliance with recent fraud, whistleblowing, and Sexual harassment laws
4. Enable early detection of misconduct before harm escalates

Organisations also need to consider broadening the scope of who can report concerns under their whistleblowing policy, with the inclusion of contractors, suppliers, agents, and customers. By doing so, this demonstrates compliance with both:

• The “associated persons” test under the new Failure to Prevent Fraud laws, and
• The October 2026 duty to prevent sexual harassment by third parties

Whistleblowing is no longer a peripheral HR tool; it is a core legal, governance and risk management control. Organisations that act now will not only comply with the law but build trust, resilience, and long‑term organisational integrity.

HOW AAB CAN HELP

At AAB, our Whistleblowing team supports businesses to stay ahead of fraud. Our experts combine to ensure you’re able to meet the new Fraud and Sexual Harassment laws with confidence.

If you have any queries about the guidance, or how our team can help, please do not hesitate to get in contact with Sean McAuley, a member of our people team or your usual AAB contact.