Countdown to the Failure to Prevent Fraud Offence: How training can protect your organisation

With just months remaining until the Failure to Prevent Fraud Offence takes effect, Rachael Tiffen, Director of Learning and Public Sector at Cifas, delves into the details of the offence as part of our ‘Insider Threat Week.’ She highlights the critical role of fraud prevention training in helping organisations make final preparations. 

Some background into the Failure to Prevent Fraud Offence 

When the Economic Crime and Corporate Transparency Act (ECCTA) received Royal Assent in October 2023, it contained a number of elements that ensured it was set to become a groundbreaking piece of legislation.  

One of the most important features of the Act was the creation of the new Failure to Prevent Fraud offence.  

Guidance was published in November 2024 and officially comes into force on 1 September 2025. It makes clear that under the offence, an organisation may be “criminally liable where an employee, agent, subsidiary, or other ‘associated person’, commits a fraud intending to benefit the organisation and the organisation did not have reasonable fraud prevention procedures in place.” If liable, penalties could include unlimited fines and other severe commercial and operational consequences. 

Organisations impacted by the new offence in both the public and private sector must meet two out of three criteria below: 

• A turnover over £36 million 
• A balance sheet of more than £18 million  
• Have over 250 employees 

The scope of the offence is wide-ranging. For example, if an employee or agent commits fraud under UK law or targets UK victims, their employer could be prosecuted even if the organisation or employee is based abroad. 

What is meant by ‘reasonable fraud prevention procedures’? 

Reasonable procedures should form part of the defence if an organisation were to find itself liable under the offence. While many organisations might feel they have these in place, the guidance is clear in “merely applying existing procedures tailored to a different type of risk will not necessarily be an adequate response”. It goes on to say the fraud prevention framework should be informed by six principles which are below, alongside further insight from us in brackets: 

1. Top level commitment (having the right tone from the top) 
2. Risk assessment (to identify and remedy any gaps immediately) 
3. Proportionate risk-based prevention procedures (having the right policies and procedures in place that could cover areas such as reporting and third parties) 
4. Due diligence (for example checking delivery agents, processes and recruitment procedures) 
5. Communication (to ensure there is communication about the offence and all staff are trained to a high standard on fraud prevention) 
6. Monitoring and review (for example checking policies and procedures and regularly monitoring its use and applicability) 

Organisations should note that ‘reasonable procedures’ must be in place at the time of the offence. Therefore, waiting until 1 September 2025 will not be enough. Preparations and activity need to start now. 

Having effective employee vetting checks in place 

Organisations also need to be aware that the ECCTA has introduced amendments to the identification doctrine for economic crimes (sections 196-198). Although the amendments are not considered in the guidance, it is important that organisations familiarise themselves with them as they introduce significant new changes. If, for example, an employee or agent commits the fraud, the organisation effectively commits the fraud. 

Therefore, it is vitally important that proper vetting checks are carried out on staff right from the pre-employment stage and across their employee lifecycle to give organisations the best possible chance to respond to any changes in behaviour that might indicate dishonest conduct. 

Understanding the counter-fraud responsibilities of a ‘senior manager’ 

The ECCTA defines a senior manager as someone who plays a key role in managing, organising, or making decisions about a significant part of an organisation’s activities. Unlike traditional definitions, this is based on actual responsibilities rather than job titles. 

Under the ECCTA, a senior manager’s actions can lead to the conviction of the organisation. Therefore, training all staff to recognise and report fraud is crucial – not just to foster an anti-fraud culture but also to prevent legal consequences. 

Importantly, a senior manager does not have to be a direct employee; they could be a consultant or third-party officer. This means internal staff must ensure they follow relevant policies and check that external parties have the right policies in place. Additionally, proper vetting of third parties is essential to prevent insider threats and corruption.

Preparing staff in the right way through effective fraud prevention training 

The offence list includes various types of fraud, such as false representation, false accounting, dishonest service acquisition, and cheating the public revenue. This highlights the need for fraud prevention training for all staff, not just counter-fraud teams. 

Best practices include briefing senior leaders on the Act and the Failure to Prevent Fraud offence, as individuals may still face scrutiny even though it’s a corporate offence. Strong, top-level commitment is a key defence, and keeping the Audit and Compliance Committees informed is essential. 

Additionally, organisations must be aware of the dangers of an insider threat, where employees or trusted partners exploit their position. Robust internal controls and regular monitoring help mitigate this risk. 

How Cifas can help you prepare 

Cifas’ Insider Threat Protect solution can support your preparations to meet Failure to Prevent Fraud regulations and enable your organisation to target internal risks in the future. 

We also have several in-person and virtual courses available to support you get ready through our Cifas Fraud and Cyber Academy and the Digital Learning programme. For example: 

• For counter-fraud professionals: The ‘Professional Certificate in Fraud Prevention’. Apply here. 
• For those requiring an overview and simple explanation of the ECCTA: The ‘In Practice: Fraud Prevention’ course. Apply here. 
• For those needing a fraud risk assessment: The ‘Fraud Risk Management Certificate’. Apply here. 
• For the Public Sector: ‘The Failure to Prevent Fraud Offence – Public Sector Scope and Best Practice Measures’ masterclass. Apply here. 
• For organisations wanting virtual education to strengthen their workplace’s counter-fraud skills: Apollo is Cifas’ immersive video-led, digital learning programme which uses action-packed film, animation and engaging storytelling to deliver universal fraud awareness training. 

For further information visit here.