Protect – Speak up stop harm

Free, confidential whistleblowing advice
Call us on 020 3117 2520 or email us

Donate
Protect – Speak up stop harm
Donate

Free, confidential whistleblowing advice
Call us on 020 3117 2520 or email us

The Failure to Prevent Fraud Offence: a new era of corporate accountability?

by

From the start of September 2025, the rules on fraud got tougher. Under the new Failure to Prevent Fraud offence in the Economic Crime and Corporate Transparency Act (ECCTA), large organisations can now face unlimited fines if they benefit from fraud – even when senior leaders had no direct involvement.  

The message is clear: ignorance is not a defence and turning a blind eye is no longer an option.  

So, what does this mean in practice?  

If an employee, agent, or other “associated person” commits fraud that benefits an organisation, the employer itself can now be held criminally responsible. As a rule of thumb, it will apply to all organisations with two or more of the following:  

  • more than 250 employees,  
  • with more than £36 million in turnover and over £18 million in total assets.  

And the criteria applies to each organisation, including its subsidiaries. The offence also applies to organisations based abroad that have UK touchpoints. So, employees of subsidiaries or a parent company that is a large organisation can be brought within the scope of the offence. 

Even if a firm doesn’t currently meet these criteria, it could do in the future (for example, as a result of a merger, restructure or acquisition). 

Examples of fraud may include:  

  • dishonest sales practices 
  • hiding important information from consumers or investors 
  • dishonest practices in financial markets  

In the event of prosecution, an organisation would have to show it had reasonable procedures in place at the time the fraud was committed. And here’s the good news: whistleblowers are one of the most powerful tools organisations have to protect themselves. 

How an effective whistleblowing framework can help 

Previously, it has been hard to hold corporates accountable for profiting from fraud – until now only individuals who committed the fraud could be prosecuted under the law. But this new offence forces employers to look inward, take responsibility and address the problem directly. 

Whistleblowing can be the employer’s secret weapon. Employees, contractors, or partners are usually the first to spot something wrong – suspect invoices, dubious expenses, or unethical deals. A healthy whistleblowing culture means people feel safe speaking up, and when they do, organisations can stop fraud in its tracks before it turns into a headline or a hefty fine. 

What counts as “reasonable procedures”; how can you comply with the law? 

The government has produced guidance that sets out what reasonable procedures to prevent fraud might look like. It stresses that ‘reasonable’ will look different for each organisation, and sets out six key, outcome-focused principles for a fraud prevention framework: 

  • Top Level Commitmentsenior management need to lead by example in fostering a speak-up culture, where staff are confident to report wrongdoing. 
  • Risk Assessment: identifying which roles carry enhanced fraud risks, and documenting decision-making around risk management.  
  • Proportionate Risk-Based Prevention Procedures: steps to prevent fraud should reflect the fraud risk that the organisation faces, and the scale of the employer’s activities.  
  • Due Diligence: appropriate third-party technology should be used to check for a history of fraud when working with new agents or ‘associated persons’, as well as in mergers and acquisitions.  
  • Communication and Training: senior and middle management should be trained on the new offence, and all staff should be familiar with the employer’s anti-fraud processes and whistleblowing policies.  
  • Monitoring and Review: employers should proactively monitor instances of fraud and learn from their investigations.  

Whistleblowing systems cut across all of these principles – they give life to a fraud prevention framework by making sure risks don’t go unnoticed. 

Lessons from real life 

It will take some time – and a few prosecutions – before we know exactly what courts will accept as ‘reasonable procedures.’ For now, the Home Office advises employers to look at best practice examples from the Serious Fraud Office’s Deferred Prosecution Agreements (DPAs). As an example, one case, G4S Care and Justice Services admitted to defrauding the Ministry of Justice and paid a £38.5m fine. The company also had to implement a corporate renewal plan, including new governance structures, regular reviews of its anti-fraud processes, and acting on expert recommendations such as Protect’s Whistleblowing Benchmark report.  

This shows how crucial it is to have robust, proactive reporting systems. If people inside the organisation don’t feel able to raise concerns safely, fraud can go undetected until it’s too late. 

 

Looking ahead 

The Failure to Prevent Fraud offence should spark a major cultural shift. It’s no longer enough for companies to protect themselves only from being the victims of fraud – they also need to make sure they’re not the perpetrators, whether directly or indirectly. 

And as we’ve illustrated, whistleblowers are at the heart of this. Reports from insiders help organisations see blind spots, address risks, and prove they’re serious about prevention. The sooner wrongdoing is brought to light, the faster it can be dealt with. 

At Protect, we believe a strong speak-up culture doesn’t just catch fraud – it prevents it. And prevention is where real trust and accountability are built. 

All Blog Posts