30 Sep 2025
by Joshua Vowles-Dent 

UK’s Failure to Prevent Fraud: What you Need to Know

What the New Corporate Criminal Offence Means for Businesses 

With the new Failure to Prevent Fraud offence that came into effect on September 1st, 2025, regulations around “associated persons” who commit fraud to benefit the business have become even more defined. Whether it’s an employee, contractor, or agent, companies will be criminally liable for any fraud committed regardless of their awareness. 

This offence states that if “reasonable procedures” to prevent fraud are not in place, then companies will face fines and reputational damages. By embedding active controls with a proactive approach, businesses can create more thorough policies to mitigate risks. 

Reactive Controls Are Not Enough 

With fraud becoming increasingly complex and fraudsters getting smarter than ever with AI, companies need to understand how fraud emerges. Donald Cressey’s fraud triangle framework explains how pressure, opportunity, and rationalisation combine to drive fraudulent behaviour. 

But reactive compliance is simply not enough. Regulators are not satisfied and demand more proactive preventive frameworks. It is the responsibility of senior leadership at large organisations to prioritise strategies that actively detect fraud before it happens. The Failure to Prevent Fraud offence only furthers this sentiment in a transforming digital world. 

Scope is Broader Than Many Expect  

Companies that have £36 million turnover, £18 million in assets, or 250 employees fall within the scope of the new offence. Banks, insurers, asset managers, fintech and even smaller firms may feel the ripple effect through vendors and regulatory partnerships. 

Employees, contractors, subsidiaries, and third-party service providers all fall under the definition of “associated persons”. Fraud by any of these people can trigger corporate liability even if it was done without the company's knowledge. 

Documented Controls and Audit Trails are your Defence 

The expectations are high as firms must demonstrate that they have thorough risk assessments in place. They must prove to the Serious Fraud Office (SFO) that they have implemented fraud-specific procedures and created clear escalation paths.  

Superficial policies will not stand up to scrutiny. Documentation and audit evidence are essential to prove compliance efforts. Regulators will look for proof that fraud prevention measures are embedded in daily business operations. Companies that cannot demonstrate working procedures risk investigation, litigation, and unlimited fines. 

Controls Must Be Enterprise-Wide 

Enforcement cases highlight the importance of embedding fraud prevention at the foundation of best practices. Key measures for an organisation include: 

  • Staff training on fraud indicators and escalation channels 
  • Whistleblower hotlines with protection against retaliation 
  • Enhanced onboarding with KYC and KYB checks 
  • Continuous vendor screening to limit third-party exposure 
  • Real-time transaction monitoring for high-risk activities 

This ensures that mitigating risk is not the sole responsibility of compliance departments but an overarching goal of the organisation’s culture. 

Fraud Prevention as a Strategic Priority 

The Failure to Prevent Fraud offence marks a decisive shift in how regulators view corporate accountability.  Instead, large organisations must prove that fraud-specific frameworks are embedded, documented, and operational across the entire firm. Using technology to meet these new expectations is necessary to keep up with today’s transforming world. 

By investing in prevention strategies, strengthening oversight of associated persons, and leveraging technology platforms such as ComplyCube, firms can demonstrate compliance readiness while protecting their business, customers, and reputation from the rising threat of corporate fraud

For more information on how to comply with the ‘Failure to Prevent Fraud’ requirements, get in touch with one of ComplyCube’s compliance experts. 

 

Author

Joshua Vowles-Dent 

Joshua Vowles-Dent 

 GTM Lead, ComplyCube


Digital Identity  programme activities

Digital identities will provide a gateway for citizens and SMEs into the digital economy. techUK members demonstrate the benefits of digital identity to emerging markets, raise their profile as thought leaders, influence policy outcomes, and strengthen their relationships with potential clients and decision-makers. Visit the programme page here.

 

Upcoming events

Latest news and insights 

Learn more and get involved

 

Get our digital identity insights straight to your inbox

Sign-up to get the latest updates and opportunities from our Digital Identity, Technology and Innovation, Cloud, and Data Analytics and AI programmes.

 

Here are the five reasons to join the Digital Identity programme

Download

Join techUK groups

techUK members can get involved in our work by joining our groups, and stay up to date with the latest meetings and opportunities in the programme.

Learn more

Become a techUK member

Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.

Learn more

Meet the team 

Sue Daley OBE

Sue Daley OBE

Director, Technology and Innovation

Laura Foster

Laura Foster

Associate Director - Technology and Innovation, techUK

Elis Thomas

Elis Thomas

Programme Manager, Tech and Innovation, techUK

 

 

Related topics

Authors

Joshua Vowles-Dent 

Joshua Vowles-Dent 

GTM Lead, ComplyCube