ICAEW.com works better with JavaScript enabled.

Failure to prevent fraud: who's liable

Author: ICAEW Insights

Published: 15 Oct 2025

Contents
The failure to prevent fraud offence, part of the Economic Crime and Corporate Transparency Act 2023 (ECCTA), came into force in September 2025.

Large businesses, corporations and partnerships will now be held liable if it’s found the offence was committed with the ‘intention of benefiting the organisation or their clients’ and they did not take reasonable steps to prevent fraud, according to official government guidance.

Crucially, the organisation will still be liable even if senior management were unaware of the fraud.

Under the new law, an organisation is classed as a ‘large business’ if it meets two of three criteria: more than 250 employees, at least £36m turnover and/or more than £18m in total assets.

New offence objectives

The failure to prevent fraud offence places the onus on businesses to proactively prevent fraud through risk assessments, robust policies and frameworks. 

The new offence is designed to ‘drive good behaviour and culture’ and encourage an anti-fraud culture rather than just prosecuting hundreds of companies.

Examples of fraud

Fraud under the scope of ECCTA can take many guises. It might involve:

  • failing to declare revenue;
  • artificially altering invoices to suppress revenue recognition;
  • artificially altering payroll;
  • accepting bribes from third parties to award contracts;
  • falsifying accounts; and
  • awarding contracts to those secretly owned by the company or management.

It can also involve activities which would affect customers or clients, such as misrepresenting products or services or even overstating green credentials of products to generate sales.

Businesses, including accountancy practices, therefore need to be aware of their obligations and liabilities. ‘Not being aware’ or ‘having no idea’, is no longer an excuse – if it ever was.

Liability in criminal prosecutions

Individuals who commit fraud for their own gain are liable under The Fraud Act 2006 Act. But where individuals or ‘associated persons’ carry out fraudulent activity to intentionally benefit the business, this then falls under the scope of the ECCTA. The business is therefore liable, especially if they did not take reasonable steps to prevent fraud.

It becomes much more complicated for businesses operating across different geographic jurisdictions or parent and subsidiary companies. The law won’t just look at one subsidiary in isolation when deciding liability – liability extends to the entire corporate group. This means that a parent company, even outside the UK, could be liable.

Liability under ECCTA therefore includes:

  • Large businesses, corporations and partnerships that meet two of the following criteria:
    - more than 250 employees,
    - more than £36m turnover, and
    - more than £18m in total assets.
  • Parent companies of subsidiaries.
  • Non-UK multinationals, if fraud has impacted UK customers/clients.

This reflects the broad impacts of fraud offences, across economies and borders. The impact can be felt among thousands – sometimes millions – of people at any one time.

If fraud occurs in a UK subsidiary of a multinational organisation that affects UK customers and clients, that would be enough to claim jurisdictional nexus. All acts of fraud that occur abroad and have effects felt in the UK mean that UK law applies.

Penalties and sanctions

If a business or organisation is convicted of a failure to prevent fraud offence, it will receive an unlimited fine in England or Wales, or a fine that doesn’t exceed the statutory maximum in Scotland or Northern Ireland.

When it comes to charities or public sector bodies that provide some sort of public service, the impact on the public must be considered when setting the fine. 

Failure to prevent fraud: reasonable defence

There really is just one defence for a business facing a failure to prevent fraud charge. The organisation must demonstrate they had reasonable compliance processes in place at the time of fraud.

Help to prevent fraud

The Fraud Advisory Panel, in partnership with Barclays, has launched Business Fraud Alliance to share resources and research prevention. 

Access support Take the survey
Business Fraud Alliance an initiative from the Fraud Advisory Panel supported by Barclays
  1. Five steps to more inclusive communication
  2. Your membership: Christmas shopping discounts from BenefitsPlus
  3. Chart of the week: Budget 2025 debt blues
  4. Budget expected to have negative impact on businesses, says ICAEW
  5. Your membership: Network with your peers
  1. Budget 25: where’s the growth?
  2. Budget 25: Do the tax changes meet the tenets?
  3. How should audit firms use AI?
  4. The latest on MTD income tax
  5. LLMs and spreadsheets, Companies House IDV, and the OBR’s role

You may also be interested in

Resources
A hand pointing at a graph on a screen
Economic crime

In these articles and videos, we explore the latest trends and perspectives on economic crime from around the world, and look at how chartered accountants can help prevent it happening.

See more
Guidance
Dark close-up of hands typing on a laptop
Fraud

Fraud is usually taken to mean the gaining of an illicit advantage through deception and in particular the manipulation of financial information or accounting records.

ICAEW support
A group of people in a meeting room with their laptops, woman at the whiteboard with sticky notes
Training and events

Browse upcoming and on-demand ICAEW events and webinars offering support on technical areas, such as assurance, reporting and tax, as well as personal development.

Events and webinars A-Z of courses
Open AddCPD icon