UK’s "Failure to Prevent Fraud": What you Need to Know

What the New Corporate Criminal Offence Means for Businesses 

With the new Failure to Prevent Fraud offence that came into effect on September 1st, 2025, regulations around “associated persons” who commit fraud to benefit the business have become even more defined. Whether it’s an employee, contractor, or agent, companies will be criminally liable for any fraud committed regardless of their awareness. 

This offence states that if “reasonable procedures” to prevent fraud are not in place, then companies will face fines and reputational damages. By embedding active controls with a proactive approach, businesses can create more thorough policies to mitigate risks. 

Reactive Controls Are Not Enough 

With fraud becoming increasingly complex and fraudsters getting smarter than ever with AI, companies need to understand how fraud emerges. Donald Cressey’s fraud triangle framework explains how pressure, opportunity, and rationalisation combine to drive fraudulent behaviour. 

But reactive compliance is simply not enough. Regulators are not satisfied and demand more proactive preventive frameworks. It is the responsibility of senior leadership at large organisations to prioritise strategies that actively detect fraud before it happens. The Failure to Prevent Fraud offence only furthers this sentiment in a transforming digital world. 

Scope is Broader Than Many Expect  

Companies that have £36 million turnover, £18 million in assets, or 250 employees fall within the scope of the new offence. Banks, insurers, asset managers, fintech and even smaller firms may feel the ripple effect through vendors and regulatory partnerships. 

Employees, contractors, subsidiaries, and third-party service providers all fall under the definition of “associated persons”. Fraud by any of these people can trigger corporate liability even if it was done without the company's knowledge. 

Documented Controls and Audit Trails are your Defence 

The expectations are high as firms must demonstrate that they have thorough risk assessments in place. They must prove to the Serious Fraud Office (SFO) that they have implemented fraud-specific procedures and created clear escalation paths.  

Superficial policies will not stand up to scrutiny. Documentation and audit evidence are essential to prove compliance efforts. Regulators will look for proof that fraud prevention measures are embedded in daily business operations. Companies that cannot demonstrate working procedures risk investigation, litigation, and unlimited fines. 

Controls Must Be Enterprise-Wide 

Enforcement cases highlight the importance of embedding fraud prevention at the foundation of best practices. Key measures for an organisation include: 

• Staff training on fraud indicators and escalation channels 
• Whistleblower hotlines with protection against retaliation 
• Enhanced onboarding with KYC and KYB checks 
• Continuous vendor screening to limit third-party exposure 
• Real-time transaction monitoring for high-risk activities 

This ensures that mitigating risk is not the sole responsibility of compliance departments but an overarching goal of the organisation’s culture. 

Fraud Prevention as a Strategic Priority 

The Failure to Prevent Fraud offence marks a decisive shift in how regulators view corporate accountability.  Instead, large organisations must prove that fraud-specific frameworks are embedded, documented, and operational across the entire firm. Using technology to meet these new expectations is necessary to keep up with today’s transforming world. 

By investing in prevention strategies, strengthening oversight of associated persons, and leveraging technology platforms such as ComplyCube, firms can demonstrate compliance readiness while protecting their business, customers, and reputation from the rising threat of corporate fraud. 

For more information on how to comply with the ‘Failure to Prevent Fraud’ requirements, get in touch with one of ComplyCube’s compliance experts. 

Author

Joshua Vowles-Dent 

 GTM Lead, ComplyCube

×

Joshua Vowles-Dent 

 GTM Lead, ComplyCube

Digital Identity  programme activities

Digital identities will provide a gateway for citizens and SMEs into the digital economy. techUK members demonstrate the benefits of digital identity to emerging markets, raise their profile as thought leaders, influence policy outcomes, and strengthen their relationships with potential clients and decision-makers. Visit the programme page here.

Digital ID campaign week 2025! 🔐

Recap on key insights shared during Digital ID Campaign Week.

View Insights

 

Upcoming events

13 November 2025

Combatting Fraud: techUK's 2025 Report Launch Breakfast & Panel

London

27 – 30 October 2025

techUK’s first-ever Delegation to Ottawa, Canada

Ottawa, Canada

29 October 2025

Greater Manchester Digital Inclusion Summit 2025

Lower Mosley Street Manchester M2 3WS Conference

Latest news and insights 

23 Oct 2025

Why digital resilience must be a boardroom priority

17 Oct 2025

EU digital identity wallets are set to transform online privacy. Here is how.

17 Oct 2025

Digital identity in action: How Australia leads and how it compares globally

Learn more and get involved

 

Get our digital identity insights straight to your inbox

Sign-up to get the latest updates and opportunities from our Digital Identity, Technology and Innovation, Cloud, and Data Analytics and AI programmes.

 

Here are the five reasons to join the Digital Identity programme

Download

Join techUK groups

techUK members can get involved in our work by joining our groups, and stay up to date with the latest meetings and opportunities in the programme.

Learn more

Become a techUK member

Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.

Learn more

Meet the team 

Sue Daley OBE

Director, Technology and Innovation

×

Sue Daley OBE

Director, Technology and Innovation

Sue leads techUK's Technology and Innovation work. 

This includes work programmes on cloud, data protection, data analytics, AI, digital ethics, Digital Identity and Internet of Things as well as emerging and transformative technologies and innovation policy. 

In 2025, Sue was honoured with an Order of the British Empire (OBE) for services to the Technology Industry in the New Year Honours List. 

She has been recognised as one of the most influential people in UK tech by Computer Weekly's UKtech50 Longlist and in 2021 was inducted into the Computer Weekly Most Influential Women in UK Tech Hall of Fame. 

A key influencer in driving forward the data agenda in the UK, Sue was co-chair of the UK government's National Data Strategy Forum until July 2024. As well as being recognised in the UK's Big Data 100 and the Global Top 100 Data Visionaries for 2020 Sue has also been shortlisted for the Milton Keynes Women Leaders Awards and was a judge for the Loebner Prize in AI. In addition to being a regular industry speaker on issues including AI ethics, data protection and cyber security, Sue was recently a judge for the UK Tech 50 and is a regular judge of the annual UK Cloud Awards.

Prior to joining techUK in January 2015 Sue was responsible for Symantec's Government Relations in the UK and Ireland. She has spoken at events including the UK-China Internet Forum in Beijing, UN IGF and European RSA on issues ranging from data usage and privacy, cloud computing and online child safety. Before joining Symantec, Sue was senior policy advisor at the Confederation of British Industry (CBI). Sue has an BA degree on History and American Studies from Leeds University and a Masters Degree on International Relations and Diplomacy from the University of Birmingham. Sue is a keen sportswoman and in 2016 achieved a lifelong ambition to swim the English Channel. 

Email:

[email protected]

Phone:

020 7331 2055

Twitter:

@ChannelSwimSue,@ChannelSwimSue

Laura Foster

Associate Director - Technology and Innovation, techUK

×

Laura Foster

Associate Director - Technology and Innovation, techUK

Laura is techUK’s Associate Director for Technology and Innovation.

Laura advocates for better emerging technology policy in the UK, including quantum, future of compute technologies, semiconductors, digital ID and more. Working alongside techUK members and UK Government she champions long-term, cohesive, and sustainable investment that will ensure the UK can commercialise future science and technology research. Laura leads a high-performing team at techUK, as well as publishing several reports on these topics herself, and being a regular speaker at events.

Before joining techUK, Laura worked internationally as a conference researcher and producer exploring adoption of emerging technologies. This included being part of the team at London Tech Week.

Laura has a degree in History (BA Hons) from Durham University and is a Cambridge Policy Fellow. Outside of work she loves reading, writing and supporting rugby team St. Helens, where she is from.

Email:

[email protected]

LinkedIn:

www.linkedin.com/in/lauraalicefoster

Elis Thomas

Programme Manager, Tech and Innovation, techUK

×

Elis Thomas

Programme Manager, Tech and Innovation, techUK

Elis joined techUK in December 2023 as a Programme Manager for Tech and Innovation, focusing on Semiconductors and Digital ID.

He previously worked at an advocacy group for tech startups, with a regional focus on Wales. This involved policy research on innovation, skills and access to finance.

Elis has a Degree in History, and a Masters in Politics and International Relations from the University of Winchester, with a focus on the digitalisation and gamification of armed conflicts.

Email:

[email protected]

Website:

www.techuk.org/

LinkedIn:

https://www.linkedin.com/in/elis-thomas-49a1aa1a1/

Authors

Joshua Vowles-Dent 

GTM Lead, ComplyCube