Fraud is not a new problem, but it is a growing one. In recent years, the scale and complexity of fraudulent activity in the UK have increased dramatically. From sophisticated online scams to internal accounting manipulation, the threat landscape continues to evolve. Yet, as law enforcement resources remain stretched, the burden of fraud prevention is shifting, steadily and deliberately, onto the shoulders of organisations themselves.
In this changing context, compliance is no longer a box-ticking exercise. It has become a proactive, strategic discipline. And with the new “Failure to Prevent Fraud” offence coming into force from September, the stakes are higher than ever.
Fraud is now the most commonly experienced crime in the UK. According to the Office for National Statistics (ONS), there were over 3.3 million estimated incidents of fraud in England and Wales in the year ending September 2023. This figure dwarfs other categories of crime.
However, the response from traditional law enforcement has not kept pace. In fact, the National Audit Office (NAO) reported in 2022 that only 1% of police resources are dedicated to tackling fraud, despite it representing over 40% of all crime. The City of London Police, which leads on economic crime, continues to face capacity challenges, and many local police forces deprioritise fraud due to resource constraints and investigative complexity.
This gap has not gone unnoticed. Policymakers have responded by shifting the compliance and monitoring burden from the state to private sector actors, especially those with the resources and reach to implement controls. For many businesses, this means navigating a changing legal and regulatory environment that demands more transparency, diligence, and accountability than ever before.
A key milestone in this evolution is the introduction of the Failure to Prevent Fraud offence under the Economic Crime and Corporate Transparency Act 2023. This new corporate criminal offence is due to come into force from 1st September 2025 and represents a significant departure from the traditional principles of corporate liability.
The legislation, which mirrors similar “failure to prevent” models introduced for bribery and tax evasion, makes organisations criminally liable if an employee or associate commits fraud for the organisation’s benefit, and the organisation did not have “reasonable fraud prevention procedures” in place.
Importantly, this is a strict liability offence. The prosecution does not need to prove that senior management authorised or even knew about the fraud. The only defence available is that the organisation had adequate procedures to prevent such conduct.
Initially, the offence will apply to large bodies corporate and partnerships - defined by the Act as entities meeting at least two of the following criteria:
However, there is a clear direction of travel. Much like the Bribery Act 2010 before it, the offence could be extended to smaller organisations in future revisions. For many companies, the smart move is to act now rather than wait for legal obligations to catch up.
The Failure to Prevent Fraud offence is just one part of a broader cultural and regulatory shift. Across both public and private sectors, there is growing recognition that fraud risk management must be embedded at every level of an organisation.
Regulators, investors, and stakeholders now expect companies to take a proactive stance. In regulated industries such as financial services, this expectation is formalised through obligations like the Senior Managers and Certification Regime (SM&CR), which holds individual leaders accountable for the effective oversight of controls.
In other sectors, expectations are shaped more by market forces, reputation risk, and contractual obligations. For example, suppliers bidding for public sector work or partnering with major corporates are increasingly required to demonstrate robust anti-fraud and compliance systems as part of pre-qualification and due diligence checks.
The introduction of ESG (Environmental, Social and Governance) metrics into corporate reporting frameworks has also had an impact. Governance, in particular, now encompasses anti-fraud measures as an integral component of corporate integrity. Investors and institutional partners are asking deeper questions about internal controls, whistleblowing mechanisms, and audit rigour.
So, how should organisations respond to this changing landscape?
The first step is to recognise that fraud prevention is not just a legal obligation but a business imperative. It protects revenue, preserves reputation, and reinforces stakeholder trust. With that in mind, the following actions are worth prioritising:
Understanding your organisation’s specific exposure is foundational. This means assessing both internal and external fraud risks - ranging from procurement fraud and employee misappropriation to customer scams and cyber fraud. The assessment should be regularly updated and tailored to business operations.
Controls should be proportionate to the risks identified. For most organisations, this includes implementing clear financial authorisation levels, separation of duties, automated transaction monitoring, and third-party due diligence. Where possible, controls should be documented and auditable.
Whistleblowing remains one of the most effective ways to detect fraud. Organisations should have clear, confidential, and accessible reporting channels, backed by a culture that encourages ethical behaviour and protects whistleblowers from retaliation.
Leadership matters. Assigning senior individuals responsibility for fraud risk management, whether a compliance officer, risk director or CFO, can significantly improve oversight. Under the SM&CR regime and the FTPF new offence, named accountability is also an important compliance safeguard.
Fraud awareness training should go beyond generic e-learning modules. It should be practical, scenario-based, and relevant to specific roles, helping employees understand what fraud looks like in their day-to-day context and how to report it.
No system is bulletproof. In addition to preventative measures, organisations should have a clear fraud response plan, covering investigation protocols, communication strategies, and external reporting obligations. Insurance coverage (e.g. crime or fidelity policies) should be regularly reviewed for adequacy.
The evolving approach to fraud compliance in the UK reflects a fundamental shift in responsibility. In a landscape of rising threats and limited enforcement capacity, the onus is increasingly on businesses to police themselves, and each other.
For those who treat compliance as a strategic asset rather than a regulatory hurdle, this shift presents an opportunity. It’s a chance to build more resilient organisations, strengthen stakeholder confidence, and align with a broader societal expectation: that businesses should play an active role in preventing economic harm.
The Failure to Prevent Fraud offence may be the legal catalyst, but the broader message is clear - fraud prevention is now everyone’s business.
.jpeg)
With over 15 years experience in governance, risk, compliance, and cyber investigations, Oliver is widely regarding as a thought leader on the topics of corporate regulation and ethics. Oliver co-founded Continual to provide mid-sized organisations with better compliance software which meets the evolving regulatory landscape.
Experience the power of supplementing your ethics and compliance program with AI. Schedule a personalised demo now to see how our advanced platform can give you clearer risk insights and better corporate governance.
We are also available on the details below.
