7 min read

The UK government has released its long-awaited Guidance on the new corporate offence of failure to prevent fraud, outlining the key elements of the offence and offering practical advice on designing and implementing reasonable fraud prevention procedures. The new offence will come into force on 1 September 2025, giving organisations a significant implementation period of nearly 10 months.

How significant is this?

The Government has stated that it envisions the new offence will drive a significant shift in corporate culture around fraud prevention, akin to the changes prompted by the introduction of the failure to prevent bribery offence in the UK Bribery Act 2010 (UKBA). However, the response by companies to the new offence has, in our view, been calmer than was the case in 2010, likely because the compliance culture and processes of many (although not all) organisations has significantly matured over the past decade and more. Today, organisations are well-versed in possible corporate criminal liability for ‘failure to prevent’ offences, and compliance practices have become increasingly sophisticated.

The Serious Fraud Office (SFO) has endorsed the new offence, with Director Nick Ephgrave urging organisations to "get their houses in order" to avoid potential criminal investigation. However, this aggressive language may be somewhat overstated. The new offence does not stem from a sudden surge in fraud committed by corporates, many of which already have strong compliance frameworks in place. For many, the new Guidance will build upon their existing compliance ecosystem, rather than requiring an overhaul.

Nevertheless, even organisations with strong compliance frameworks will need to make significant preparations before the offence takes effect. The new offence is undoubtedly broad, as a wide range of misconduct by employees and others, could be captured under the definition of ‘fraud’ used in the legislation. Implementing procedures to prevent these behaviours will require more nuanced changes than those needed for more easily identifiable offences like bribery, tax evasion or cartel activities. The lengthy implementation period is an acknowledgment that organisations will need to, at least, undertake a process to assess whether their existing processes align with the expectations set out in the new Guidance, in light of the fraud risk profile of their particular business.