On 1 September 2025, the new offence of ‘failure to prevent fraud’ under section 199 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA 2023) comes into force. The offence means some companies could be criminally liable in situations where an employee, agent, subsidiary, or other “associated person” commits fraud for the benefit of the organisation. To help businesses understand the new offence, the Government has published a 46-page guidance. In this article, we briefly cover what the crime of ‘failure to prevent fraud’ is and how organisations, especially large accountancy firms and others working in financial services, can mitigate the risk of criminal charges being brought against their company.

What is the Economic Crime and Corporate Transparency Act 2023?

The ECCTA 2023 is designed to tackle economic crime and improve business transparency. The explanatory notes set out the ECCTA 2023 three key objectives:

1. Prevent organised criminals, fraudsters, kleptocrats, and terrorists from using companies and other corporate entities to abuse the UK’s open economy.
2. Strengthen the UK’s broader response to economic crime by giving law enforcement new powers to seize cryptoassets and enabling businesses in the financial sector to share information more effectively to prevent and detect economic crime.
3. Support enterprise by enabling Companies House to deliver a better service to improve the reliability of its data, which will help inform business transactions and lending decisions across the economy.

The introduction of the offence of failure to prevent fraud is a tool created to help meet the above aims.

What is failure to prevent fraud?

Under section 199 of the ECCTA 2023, a company or large partnership that meets two out of three of the following conditions:

• more than 250 employees,
• more than £36 million turnover; or
• more than £18 million in total assets,

could be held criminally liable for fraud committed by an ‘associated person’. This could be an employee, agent or subsidiary of the company or someone who performs services for or on behalf of it. Suppliers, when they provide ancillary services, agents, distributors, advisers, brokers, contractors, consultants, and joint venture partners may also qualify.

The fraud must benefit:

• the company
• the parent company of a subsidiary
• another group company, client, or customer of the company to whom the associated person provides services as part of their employment.

What type of offences would trigger section 199?

The types of crimes that would be caught under section 199 are listed in Schedule 13 of the ECCTA 2023. They include:

• False accounting and false statements made by company directors, both offences under the Theft Act 1968.
• Fraudulent Trading under the Company Act 2006.
• Various offences under the Fraud Act 2006, including fraud under section 1 of the Act, false representation, abuse of position, failing to disclose information, and obtaining services dishonestly.
• Common law offences such as cheating the public revenue.
• Aiding, abetting, counselling, or procuring of any of the above offences.

Does management have to know about the fraud?

No, which puts directors in an extremely vulnerable position as their company could be prosecuted for an offence and face a significant fine and reputational damage when they had no clue as to what was going on. It is for this reason that individuals cannot be prosecuted under section 199. It was deemed unjust and unfair to hold directors responsible for a crime they may be completely unaware of, especially in large, multi-national organisations with many subsidiaries.

How can directors mitigate the risk of their company being charged with failure to prevent fraud?

In preparation for 1 September 2025, companies that fall into the scope of those to whom section 199 apply (see above) should take the following steps to mitigate their risk of being criminally liable for failing to prevent fraud:

• Map supply, agent, and distribution chains. It is impossible to mitigate the risk of fraud being committed for the benefit of the company if there is no centralised knowledge and records of ‘associated persons’.
• Implement a training and communications program across all subsidiaries, distributors, suppliers, etc, to ensure everyone who could be deemed an associated person understands the section 199 offence and how to recognise and report it.
• Regularly review the risk management measures put in place to ensure they remain fit for purpose in terms of the size and scope of the organisation and new fraud threats.

There is a statutory defence available, namely that the company had reasonable fraud prevention measures in place at the time that the fraud was committed. The Guidance sets out a fraud deterrence framework that companies can implement. The framework is based on the following six principles:

• Top level commitment
• Risk assessment
• Proportionate risk-based prevention procedures
• Due diligence
• Communication (including training)
• Monitoring and review.

Getting help and support for your in-house legal team

Working through the Guidance framework and managing the risk around the new offence of failure to prevent fraud will be challenging for many in-house legal teams already dealing with unstable US markets and a nervous EU. Having an independent advisor to manage the risk management process will ensure your in-house legal team is free to focus on other crucial tasks. Furthermore, your organisation will benefit from having an objective, holistic view of your business’s risks when it comes to fraud prevention.

At 43Legal, we have the knowledge and resources to undertake a comprehensive risk management process and will work proactively alongside your in-house team.

To find out more about any matters discussed in this article, please email us at [email protected] or phone 0121 249 2400.

The content of this article is for general information only.  It is not, and should not be taken as, legal advice.  If you require any further information in relation to this article, please contact 43Legal.

“Melissa Danks is the founder of 43Legal. She has over 20 years’ experience as a solicitor working within the legal sector dealing with issues relating to risk management, dispute resolution, and advising in-house counsel in SMEs and large companies. Melissa has extensive expertise in providing practical, valuable, modern legal advice on large commercial projects, joint ventures, data protection and GDPR compliance, franchises, and commercial contracts. She has worked with stakeholders in multiple market sectors, including IT, legal, manufacturing, retail, hospitality, logistics and construction. When not providing legal advice and growing her law firm, Melissa spends her time running, walking in the countryside, reading and enjoying downtime with close friends and family.”