With the failure to prevent fraud offence now fully in force, organisations must adopt a proactive, structured, and well-documented approach to fraud prevention. For ICAEW members, the responsibility is clear: to lead by example, bring professional scepticism to their work, and ensure that their organisations or clients are protected against both the risk of fraud itself and the legal consequences of failing to prevent it.
Fraud prevention is not a one-off project but a continuous journey. By combining robust governance, thoughtful risk assessment, effective controls and a culture of integrity, accountants can ensure that the profession remains at the forefront of corporate responsibility and public trust.
With the offence effective, it is now a matter of legal compliance, professional ethics, and, in many cases, corporate survival.
For chartered accountants, the impact is twofold.
- Firms and members operating in business are exposed to the risk of liability if employees, agents, or other associated persons commit fraud for the firm’s benefit and the firm cannot show it had reasonable prevention procedures in place.
- Accountants in practice and business are increasingly called upon to guide boards, audit committees and management teams through the complexities of compliance.
Fraud is not a victimless crime. Beyond financial loss, it erodes trust in markets, undermines public confidence, and damages the reputation of organisations and individuals alike. The law now places responsibility squarely on the shoulders of those who lead and govern organisations to ensure fraud risks are identified, addressed, and monitored. For accountants, this presents not only an obligation but also an opportunity: to lead the way in promoting integrity, trust, and good governance.
Home Office guidance
Home Office official guidance is the only guidance with statutory weighting. While ICAEW provides practical advice on fraud prevention, it is for information purposes only. ICAEW will not be liable for any reliance you place on the information in this material. Home Office guidance and independent advice should always be consulted.
The legal framework
The corporate offence of “failure to prevent fraud” is contained within the Economic Crime and Corporate Transparency Act 2023 (ECCTA). This Act is part of a broader legislative push by the UK government to combat economic crime, improve transparency, and strengthen the integrity of the financial system.
At its core, the offence creates liability for a “large organisation” where a person associated with it commits fraud for its benefit, and the organisation did not have reasonable prevention procedures in place. Crucially, it is not necessary for senior management to have been involved in, or even aware of, the fraud. The offence is one of strict liability: if fraud for the benefit of the company occurs and reasonable procedures cannot be demonstrated, the organisation is at risk.
This reflects a wider trend in corporate criminal law. Similar offences were created by the Bribery Act 2010 (“failure to prevent bribery”) and the Criminal Finances Act 2017 (“failure to prevent facilitation of tax evasion”). In each case, Parliament recognised the difficulty prosecutors face in proving that the “directing mind and will” of a company was complicit in wrongdoing. By introducing a corporate duty to prevent certain offences, the law encourages organisations to take proactive steps in risk management rather than leaving matters to chance.
Enforcement responsibility is shared between the Serious Fraud Office (SFO), the Crown Prosecution Service (CPS), and, in regulated sectors, the Financial Conduct Authority (FCA) and HM Revenue & Customs (HMRC). Each has a strong interest in ensuring that large organisations are held accountable where fraud prevention is lacking. Organisations must demonstrate that they have a living, evolving framework of fraud prevention procedures that is proportionate, risk-based, and embedded in daily operations.
The scope of the offence
Fraud, in this context, is defined broadly and draws on the main offences contained in the Fraud Act 2006 and related legislation. The following types of conduct are included:
- Fraud by false representation – where a person dishonestly makes a false statement, intending to make a gain or cause a loss.
- Fraud by failing to disclose information – where there is a legal duty to disclose and failure to do so results in a gain or loss.
- Fraud by abuse of position – where someone in a position of trust acts dishonestly for personal gain or to cause a loss.
- False accounting – the manipulation of records to misrepresent financial position.
- Fraudulent trading – dishonestly carrying on a business with intent to defraud creditors or for any fraudulent purpose.
- Participation in fraudulent arrangements – such as schemes designed to mislead investors or creditors.
The concept of an “associated person” is deliberately wide. It includes employees, agents, subsidiaries, contractors, and third parties who perform services for or on behalf of the organisation. This breadth ensures that liability cannot be avoided simply by outsourcing high-risk activities.
The offence applies to “large organisations.” Under ECCTA, an entity is large if it meets two of the following three thresholds:
- turnover above £36m;
- total assets above £18m; and/or
- more than 250 employees.
This captures a significant proportion of medium and large businesses in the UK, as well as many professional services firms. Small entities are exempt from direct liability but may face indirect pressure, as larger clients and counterparties demand assurance that their supply chains meet equivalent standards.
A framework for reasonable procedures – the six principles
The cornerstone of compliance with the corporate offence of failure to prevent fraud is the ability to demonstrate that an organisation had reasonable procedures in place at the time any fraud occurred.
The Home Office guidance, designed to support organisations in this area, sets out six principles which underpin what constitutes reasonable procedures. For chartered accountants, these principles provide both a framework and a practical roadmap for advising clients or embedding controls within their own firms.
-
Principle 1: Proportionality of procedures
Procedures must be proportionate to the size, complexity, and nature of the organisation. A multinational bank with complex operations will require sophisticated IT monitoring, layered approval processes, and detailed reporting lines, while a mid-sized accountancy firm may focus on client onboarding, internal approval workflows, and periodic internal audit checks. In both cases, the essential consideration is whether the measures appropriately address the organisation’s risk exposure. Excessive bureaucracy may dilute effectiveness, while insufficient controls leave the organisation vulnerable. Chartered accountants play a key role in guiding boards to strike this balance, ensuring that procedures are tailored yet robust.
-
Principle 2: Top-level commitment
Equally critical is top-level commitment. Leadership must actively support fraud prevention, embedding a tone from the top that misconduct will not be tolerated. Beyond endorsing policies, boards and senior management must demonstrate ethical behaviour, allocate sufficient resources, and actively engage in oversight. Chartered accountants frequently act as the link between technical risk assessment and board-level understanding, helping leaders grasp the practical implications of fraud prevention and their statutory responsibilities.
-
Principle 3: Risk assessment
Organisations must systematically identify and evaluate potential fraud risks, documenting both likelihood and impact. Sector-specific risks must be considered: professional services firms might focus on billing irregularities, client fund mismanagement, and conflicts of interest, while manufacturers or retailers may prioritise procurement or supply chain vulnerabilities. Accountants are often called upon to lead these assessments, providing structure and professional judgement to quantify and rank risks.
-
Principle 4: Due diligence
The guidance stresses the need for rigorous vetting of staff, contractors, and third parties. Pre-employment checks, supplier verification, and ongoing monitoring of agents are all critical. High-value transactions, overseas dealings, and opaque intermediaries require enhanced scrutiny. Chartered accountants can help organisations design due diligence frameworks that are both proportionate and effective, balancing compliance requirements with operational feasibility.
-
Principle 5: Communication and training
Policies and procedures only work if staff understand their responsibilities. Organisations should implement training programmes for all employees, with additional role-specific modules for high-risk positions. Refresher training, awareness campaigns, and monitoring of training completion ensure that the message is reinforced consistently. Accountants often contribute to the development of these programmes, translating technical compliance requirements into practical guidance that staff can apply daily.
-
Principle 6: Monitoring and review
Monitoring and review underpin all other principles. Fraud prevention is dynamic: risks evolve, and procedures must be periodically reassessed and tested. Internal audit, independent reviews, and oversight of whistleblowing arrangements help organisations detect weaknesses and demonstrate proactive governance. Accountants’ involvement in monitoring provides both assurance and a record of compliance, supporting the organisation’s ability to defend itself if a fraud occurs.
Taken together, these six principles provide a comprehensive framework for reasonable procedures. By integrating proportionate controls, top-level commitment, rigorous risk assessment, due diligence, training, and ongoing monitoring, organisations can meet their legal obligations and foster a culture of integrity.
For chartered accountants, understanding and applying these principles is essential in advising boards, guiding clients, and protecting organisations against the severe consequences of failing to prevent fraud.
The role of chartered accountants
Chartered accountants occupy a unique position at the intersection of financial reporting, governance, and public trust. The new offence directly engages the profession in several ways.
In practice
Accountancy firms themselves are within scope of the offence. If an employee or agent commits fraud for the benefit of the firm, liability arises unless reasonable procedures are in place. Firms must therefore review their own governance, client acceptance procedures, and staff training programmes.
Clients will also increasingly rely on accountants to advise on compliance. Risk assessments, control design, policy drafting, and training can all benefit from the expertise of accountants familiar with both regulatory frameworks and practical business processes.
In audit
Auditors already have obligations under ISA (UK) 240 to consider the risk of material misstatement due to fraud. The new offence heightens the relevance of this consideration. Audit committees may expect auditors to provide insight into whether controls are adequate and whether boards are engaging seriously with fraud prevention.
In business
For accountants working in industry, particularly as finance directors, CFOs, or risk officers, responsibility for implementing reasonable procedures often falls directly on their shoulders. Boards may expect finance leaders to lead fraud risk assessments, design controls and provide regular reporting on compliance.
Ethical dimensions
The ICAEW Code of Ethics is directly relevant. The principles of integrity, objectivity, professional competence, confidentiality, and professional behaviour require accountants not only to avoid complicity in fraud but also to take proactive steps to address risks. Whistleblowing, reporting, and professional scepticism are essential attributes in this environment.
Implementing fraud prevention
Embedding reasonable procedures is not simply a compliance exercise. It requires a cultural shift and integration into the fabric of the organisation.
Governance
Boards should establish clear oversight of fraud risk, either through a dedicated committee or within the remit of the audit and risk committee. A senior officer should be appointed to coordinate fraud prevention efforts, reporting directly to the board.
Fraud risk assessment
A structured risk assessment should be undertaken, identifying fraud typologies relevant to the organisation. For a professional services firm, this may include risks of false billing, manipulation of client funds, or collusion with clients. For a retailer, risks may centre on supply chain fraud or misappropriation of inventory.
Control design
Controls must be tailored to address identified risks. Examples include segregation of duties in finance, approval processes for supplier payments, enhanced due diligence for new clients, and use of analytics to detect unusual patterns.
Training and awareness
Training should be mandatory for all staff, with additional content for high-risk roles. Awareness campaigns, e-learning, and regular communications help to embed fraud prevention into the organisational culture.
Monitoring and continuous improvement
Procedures must be tested, reviewed, and updated regularly. Internal audit should play a key role, supported by independent external reviews where appropriate. Whistleblowing arrangements provide an early warning system and should be actively promoted.
Sector-specific considerations
Different sectors face different fraud risks, as illustrated below.
- Financial services – regulatory expectations are high, with links to anti-money laundering controls. Fraud risks include mis-selling, false reporting, and cyber-enabled crime.
- Public sector and charities – risks often lie in procurement, grant administration, and conflicts of interest.
- Healthcare and NHS bodies – guidance from the NHS Counter Fraud Authority highlights common frauds such as false claims and procurement manipulation.
- Professional services – client onboarding, billing practices, and advisory conflicts present unique risks.
Accountants must tailor procedures to the sectoral context in which they operate.
Maintaining compliance and responding to incidents
With the offence now fully in force, maintaining compliance is an ongoing responsibility. Reasonable procedures are not a one-off exercise but must be continually updated, tested, and evidenced. Boards should receive regular reporting on fraud risk, control effectiveness, and staff training. Audit committees play a vital role in scrutinising procedures, reviewing incident reports, and ensuring that lessons learned are embedded across the organisation.
Monitoring and review, as emphasised in the Home Office guidance, are key. Internal audits and external assurance provide independent verification that procedures are effective. Whistleblowing arrangements must be actively promoted and monitored, creating a mechanism for early detection of fraud risks. Any incidents must be investigated promptly, with accountability clearly documented and controls updated as required.
Chartered accountants have a leading role in these activities. They provide oversight, ensure evidence of compliance is properly documented, and support boards in understanding both risk and mitigation. The profession also contributes to culture-setting, helping embed ethical behaviour, transparency, and professional scepticism throughout the organisation in accordance with ICAEW’s Code of Ethics.
By continuously integrating the principles of proportionate controls, top-level commitment, risk assessment, due diligence, training, and monitoring, organisations can maintain a strong defence against the offence of failure to prevent fraud. Evidence of this ongoing diligence not only protects the organisation from legal liability but also reinforces its reputation for integrity and good governance.
Sanctions and enforcement
The consequences of failure to prevent fraud are severe. Organisations may face unlimited fines, regulatory sanctions and exclusion from public contracts. Directors may face disqualification. Deferred Prosecution Agreements are possible but come with strict conditions and reputational damage.
The SFO, CPS, and FCA have all signalled their intention to use the offence actively. Chartered Accountants should expect enforcement action to grow over the coming years, with high-profile cases used to set examples.
The failure to prevent fraud offence represents a decisive change in the corporate governance landscape. It shifts responsibility firmly onto organisations to ensure fraud risks are properly managed and controlled. For chartered accountants, it presents both risk and opportunity:
- risk, in that firms and finance leaders may themselves be exposed to liability; and
- opportunity, in that the profession can lead the way in embedding integrity, trust, and compliance across the business community.
By adopting the principles of reasonable procedures, integrating them into daily practice, and maintaining a culture of vigilance, accountants can protect their organisations, serve their clients, and uphold the values of the profession. Compliance is no longer optional: it is a statutory duty, a professional obligation, and a cornerstone of public trust.
Practical tools for fraud prevention
Guidance on how to create your own model fraud risk register, a fraud prevention policy as well as a training framework. It also explains what entails a successful fraud response plan.
Practical tools for fraud prevention
Guidance on creating a model fraud risk register, fraud prevention policy and training framework, as well as what entails a successful fraud response plan.
Read now