UK’s Failure to Prevent Fraud: What you Need to Know
What the New Corporate Criminal Offence Means for Businesses
With the new Failure to Prevent Fraud offence that came into effect on September 1st, 2025, regulations around “associated persons” who commit fraud to benefit the business have become even more defined. Whether it’s an employee, contractor, or agent, companies will be criminally liable for any fraud committed regardless of their awareness.
This offence states that if “reasonable procedures” to prevent fraud are not in place, then companies will face fines and reputational damages. By embedding active controls with a proactive approach, businesses can create more thorough policies to mitigate risks.
Reactive Controls Are Not Enough
With fraud becoming increasingly complex and fraudsters getting smarter than ever with AI, companies need to understand how fraud emerges. Donald Cressey’s fraud triangle framework explains how pressure, opportunity, and rationalisation combine to drive fraudulent behaviour.
But reactive compliance is simply not enough. Regulators are not satisfied and demand more proactive preventive frameworks. It is the responsibility of senior leadership at large organisations to prioritise strategies that actively detect fraud before it happens. The Failure to Prevent Fraud offence only furthers this sentiment in a transforming digital world.
Scope is Broader Than Many Expect
Companies that have £36 million turnover, £18 million in assets, or 250 employees fall within the scope of the new offence. Banks, insurers, asset managers, fintech and even smaller firms may feel the ripple effect through vendors and regulatory partnerships.
Employees, contractors, subsidiaries, and third-party service providers all fall under the definition of “associated persons”. Fraud by any of these people can trigger corporate liability even if it was done without the company's knowledge.
Documented Controls and Audit Trails are your Defence
The expectations are high as firms must demonstrate that they have thorough risk assessments in place. They must prove to the Serious Fraud Office (SFO) that they have implemented fraud-specific procedures and created clear escalation paths.
Superficial policies will not stand up to scrutiny. Documentation and audit evidence are essential to prove compliance efforts. Regulators will look for proof that fraud prevention measures are embedded in daily business operations. Companies that cannot demonstrate working procedures risk investigation, litigation, and unlimited fines.
Controls Must Be Enterprise-Wide
Enforcement cases highlight the importance of embedding fraud prevention at the foundation of best practices. Key measures for an organisation include:
Staff training on fraud indicators and escalation channels
Whistleblower hotlines with protection against retaliation
Enhanced onboarding with KYC and KYB checks
Continuous vendor screening to limit third-party exposure
Real-time transaction monitoring for high-risk activities
This ensures that mitigating risk is not the sole responsibility of compliance departments but an overarching goal of the organisation’s culture.
Fraud Prevention as a Strategic Priority
The Failure to Prevent Fraud offence marks a decisive shift in how regulators view corporate accountability. Instead, large organisations must prove that fraud-specific frameworks are embedded, documented, and operational across the entire firm. Using technology to meet these new expectations is necessary to keep up with today’s transforming world.
By investing in prevention strategies, strengthening oversight of associated persons, and leveraging technology platforms such as ComplyCube, firms can demonstrate compliance readiness while protecting their business, customers, and reputation from the rising threat of corporate fraud.
For more information on how to comply with the ‘Failure to Prevent Fraud’ requirements, get in touch with one of ComplyCube’s compliance experts.
Author
Joshua Vowles-Dent
GTM Lead, ComplyCube
Joshua Vowles-Dent
GTM Lead, ComplyCube
Digital Identity programme activities
Digital identities will provide a gateway for citizens and SMEs into the digital economy. techUK members demonstrate the benefits of digital identity to emerging markets, raise their profile as thought leaders, influence policy outcomes, and strengthen their relationships with potential clients and decision-makers. Visit the programme page here.
techUK's Digital ID Summit 2025
Join us on 13 October 2025 for techUK’s Digital ID Summit — a key event bringing together industry leaders, policymakers, and innovators to shape the future of digital identity in the UK. Don’t miss this opportunity to be part of the conversation driving trust, security, and innovation.
Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.
Sue leads techUK's Technology and Innovation work.
This includes work programmes on cloud, data protection, data analytics, AI, digital ethics, Digital Identity and Internet of Things as well as emerging and transformative technologies and innovation policy.
In 2025, Sue was honoured with an Order of the British Empire (OBE) for services to the Technology Industry in the New Year Honours List.
She has been recognised as one of the most influential people in UK tech by Computer Weekly's UKtech50 Longlist and in 2021 was inducted into the Computer Weekly Most Influential Women in UK Tech Hall of Fame.
A key influencer in driving forward the data agenda in the UK, Sue was co-chair of the UK government's National Data Strategy Forum until July 2024. As well as being recognised in the UK's Big Data 100 and the Global Top 100 Data Visionaries for 2020 Sue has also been shortlisted for the Milton Keynes Women Leaders Awards and was a judge for the Loebner Prize in AI. In addition to being a regular industry speaker on issues including AI ethics, data protection and cyber security, Sue was recently a judge for the UK Tech 50 and is a regular judge of the annual UK Cloud Awards.
Prior to joining techUK in January 2015 Sue was responsible for Symantec's Government Relations in the UK and Ireland. She has spoken at events including the UK-China Internet Forum in Beijing, UN IGF and European RSA on issues ranging from data usage and privacy, cloud computing and online child safety. Before joining Symantec, Sue was senior policy advisor at the Confederation of British Industry (CBI). Sue has an BA degree on History and American Studies from Leeds University and a Masters Degree on International Relations and Diplomacy from the University of Birmingham. Sue is a keen sportswoman and in 2016 achieved a lifelong ambition to swim the English Channel.
Associate Director - Technology and Innovation, techUK
Laura Foster
Associate Director - Technology and Innovation, techUK
Laura is techUK’s Associate Director for Technology and Innovation.
Laura advocates for better emerging technology policy in the UK, including quantum, future of compute technologies, semiconductors, digital ID and more. Working alongside techUK members and UK Government she champions long-term, cohesive, and sustainable investment that will ensure the UK can commercialise future science and technology research. Laura leads a high-performing team at techUK, as well as publishing several reports on these topics herself, and being a regular speaker at events.
Before joining techUK, Laura worked internationally as a conference researcher and producer exploring adoption of emerging technologies. This included being part of the team at London Tech Week.
Laura has a degree in History (BA Hons) from Durham University and is a Cambridge Policy Fellow. Outside of work she loves reading, writing and supporting rugby team St. Helens, where she is from.
Elis joined techUK in December 2023 as a Programme Manager for Tech and Innovation, focusing on Semiconductors and Digital ID.
He previously worked at an advocacy group for tech startups, with a regional focus on Wales. This involved policy research on innovation, skills and access to finance.
Elis has a Degree in History, and a Masters in Politics and International Relations from the University of Winchester, with a focus on the digitalisation and gamification of armed conflicts.
TechUK explores how the UK can leverage its innovation and investment strengths to boost productivity and drive sustainable growth—read on to learn more.
Report launch: techUK’s 2030 vision: a roadmap for building a digital assets economy
The UK stands on the brink of a digital revolution – one powered by blockchain and digital assets. Register today for the launch of our latest report to hear from keynote speakers, and get involved in the panel and Q&A session.