Eye on Economic Crime: New strict liability corporate criminal offence of failure to prevent fraud comes into effect

1 September 2025 marks the day that the new strict liability corporate criminal offence of failure to prevent fraud comes into effect. From today onwards, corporate entities can be held criminally liable for failing to prevent a specified fraud offence from taking place when committed by  an employee, agent, subsidiary, employee of a subsidiary, or anyone who performs services for or on behalf of the organisation. Given the wide-ranging nature of this new offence, we discuss what your organisation needs to know and do as soon as possible - especially in light of recent prosecutorial action.

How the offence operates

Our previous publication sets out how the offence operates, as prescribed by the UK Economic Crime and Corporate Transparency Act 2023 ("ECCTA").

By way of reminder, the new offence only applies to "large organisations" i.e. those which meet at least two of the following criteria in the financial year preceding the year of the fraud offence:

• more than 250 employees;
• more than £36 million turnover; and/or
• more than £18 million in aggregate assets on its balance sheet.

A corporate is also a "large organisation" where it is a parent undertaking of a group which meets at least two of the following criteria in the financial year preceding the year of the fraud offence:

• more than 250 aggregate employees
• an aggregate turnover of over £36 million net (or £43.2 million gross); and/or
• aggregate balance sheet total of over £18 million net (or £21.6 million gross).

A "large organisation" is liable under the new offence if it fails to prevent one of the fraud offences specified in Schedule 13 of ECCTA where:

1. an "associate" of the organisation commits the fraud; and
2. the fraud is intended to benefit the organisation or client of the organisation.

"Associate" is defined as an employee, agent, subsidiary, or employee of a subsidiary of the organisation, as well as any others who perform services for or on behalf of the organisation.

Examples of potential offences include dishonest sales practices, misleading consumers or investors (including via non-financial information disclosures such as environmental and sustainability reporting), false accounting, fraud by false representation, fraud by abuse of position, fraud by failing to disclose information, and dishonest practices in financial markets.

Recent prosecutorial action

On 11 August 2025, HM Revenue & Customs ("HMRC") initiated its first corporate prosecution under a failure to prevent the facilitation of tax evasion offence as set out in the Criminal Finances Act 2017. Read our full analysis on this.

Despite the legislation’s introduction in 2017, investigative reporting in 2024 highlighted that, although over 100 cases had been reviewed, no prosecutions had been brought under the offence - untilnow.

Like the failure to prevent fraud offence, the two failure to prevent tax evasion offences impose strict liability on companies and partnerships where an associated person criminally facilitates tax evasion and the organization has failed to implement reasonable prevention procedures.

This recent action suggests that law enforcement agencies are committed to changing industry practice and actively pursuing corporates for criminal liability. This comes against a backdrop of recent comments from the SFO's Director, Nick Ephgrave, about the stringent approach the SFO shall be adopting to tackling economic crime in the UK: see our previous updates here, here and here. As we recommend below, corporates should heed the warning and not delay in evaluating their fraud prevention frameworks.

Guidance on defences

We have previously written about the UK Government's Guidance published on 6 November 2024 (the “UK Government's Guidance”) which explains that the only defence available to organisations charged with this new offence is that the organisation had “reasonable procedures” in place to prevent the fraud.

Reasonable procedures include the application of six key principles:

1. Top level commitment
2. Risk assessment
3. Proportionate risk-based prevention procedures
4. Due diligence
5. Communication (including training)
6. Monitoring and review 

More recently, the SFO and CPS published joint Corporate Prosecution Guidance (the "Joint Guidance") on 18 August 2025, which sets out both prosecuting bodies' common approach to corporate offending and includes some helpful reminders, for example:

• A 'corporate entity' includes not only incorporated companies or partnerships but also unincorporated organisations, including clubs, associations, and other collective bodies, where criminal liability can be attributed to the organisation as a whole under statute or common law.
• To establish corporate liability the offence must be punishable with a fine; a corporate entity cannot be imprisoned.
• It is not possible to prosecute a dissolved company unless an application has been made to declare the dissolution void or to restore the corporation to the register and with the leave of the court responsible for the winding up or liquidation.
• An organisation facing liability under the failure to prevent fraud offence may also face prosecution for the underlying substantive fraud or other economic crime offence, where the conduct of the associated person can be attributed to the organisation by other means – such as through section 196 of ECCTA which attributes criminal liability to corporates where a senior manager,  acting within the actual or apparent scope of their authority, commits a relevant offence. The relevant offences are listed in Schedule 12 of ECCTA.

10 Question Checklist

We have prepared the 10-point checklist below which organisations can use to evaluate their existing fraud prevention frameworks in light of the UK Government's Guidance and the Joint Guidance. Organisations are encouraged to make necessary changes accordingly.

1. Is there clear ownership and accountability for fraud risk prevention and management?
2. Have we identified all areas where the business is exposed to fraud risk, including across jurisdictions, subsidiaries, and business lines?
3. Do we have documented, risk-based procedures to prevent fraud tailored to the nature, size, and complexity of the organisation?
4. Are our policies and procedures effectively communicated and understood by staff and agents through tailored training and clear signposting?
5. Do we carry out thorough due diligence on third parties, agents, and joint venture partners?
6. Is our whistleblowing framework robust such that employees (and third parties) can report concerns confidentially and without fear of retaliation?
7. Do we regularly monitor, audit, and test the effectiveness of our fraud prevention procedures, addressing any weaknesses in a timely fashion?
8. Is our senior leadership demonstrably committed to preventing fraud?
9. Have we updated our internal investigations and reporting procedures to align with the new offence?
10. Can we evidence through accurate records the design, implementation, and effectiveness of our fraud prevention efforts?

Mayer Brown’s investigations and compliance advisory team advises multinational corporations and financial institutions on financial crime and associated laws, including anti-fraud and anti-corruption measures, and has extensive experience conducting and supporting large-scale risk analysis exercises, as well as criminal and internal investigations.