WIREDGOV

What the New Corporate Criminal Offence Means for Businesses 

With the new Failure to Prevent Fraud offence that came into effect on September 1st, 2025, regulations around “associated persons” who commit fraud to benefit the business have become even more defined. Whether it’s an employee, contractor, or agent, companies will be criminally liable for any fraud committed regardless of their awareness. 

This offence states that if “reasonable procedures” to prevent fraud are not in place, then companies will face fines and reputational damages. By embedding active controls with a proactive approach, businesses can create more thorough policies to mitigate risks. 

Reactive Controls Are Not Enough 

With fraud becoming increasingly complex and fraudsters getting smarter than ever with AI, companies need to understand how fraud emerges. Donald Cressey’s fraud triangle framework explains how pressure, opportunity, and rationalisation combine to drive fraudulent behaviour. 

But reactive compliance is simply not enough. Regulators are not satisfied and demand more proactive preventive frameworks. It is the responsibility of senior leadership at large organisations to prioritise strategies that actively detect fraud before it happens. The Failure to Prevent Fraud offence only furthers this sentiment in a transforming digital world. 

Scope is Broader Than Many Expect  

Companies that have £36 million turnover, £18 million in assets, or 250 employees fall within the scope of the new offence. Banks, insurers, asset managers, fintech and even smaller firms may feel the ripple effect through vendors and regulatory partnerships. 

Employees, contractors, subsidiaries, and third-party service providers all fall under the definition of “associated persons”. Fraud by any of these people can trigger corporate liability even if it was done without the company's knowledge. 

Documented Controls and Audit Trails are your Defence 

The expectations are high as firms must demonstrate that they have thorough risk assessments in place. They must prove to the Serious Fraud Office (SFO) that they have implemented fraud-specific procedures and created clear escalation paths.  

Superficial policies will not stand up to scrutiny. Documentation and audit evidence are essential to prove compliance efforts. Regulators will look for proof that fraud prevention measures are embedded in daily business operations. Companies that cannot demonstrate working procedures risk investigation, litigation, and unlimited fines. 

Controls Must Be Enterprise-Wide 

Enforcement cases highlight the importance of embedding fraud prevention at the foundation of best practices. Key measures for an organisation include: 

• Staff training on fraud indicators and escalation channels 

• Whistleblower hotlines with protection against retaliation 

• Enhanced onboarding with KYC and KYB checks 

• Continuous vendor screening to limit third-party exposure 

• Real-time transaction monitoring for high-risk activities 

This ensures that mitigating risk is not the sole responsibility of compliance departments but an overarching goal of the organisation’s culture. 

Fraud Prevention as a Strategic Priority 

The Failure to Prevent Fraud offence marks a decisive shift in how regulators view corporate accountability.  Instead, large organisations must prove that fraud-specific frameworks are embedded, documented, and operational across the entire firm. Using technology to meet these new expectations is necessary to keep up with today’s transforming world. 

By investing in prevention strategies, strengthening oversight of associated persons, and leveraging technology platforms such as ComplyCube, firms can demonstrate compliance readiness while protecting their business, customers, and reputation from the rising threat of corporate fraud. 

For more information on how to comply with the ‘Failure to Prevent Fraud’ requirements, get in touch with one of ComplyCube’s compliance experts.