Failure to prevent fraud: new UK corporate offence now in force

On 1 September 2025, a new corporate offence, ‘Failure to prevent fraud’, came into force in the UK. This means that large organisations can now be held criminally liable if someone acting on their behalf, such as an employee or contractor, commits fraud – even if senior leadership was unaware.

Who is affected?

This offence applies to companies, charities and trusts that meet two out of three of the following criteria:

• More than 250 employees
• Over £36 million turnover
• More than £18 million in assets

The only defence is being able to demonstrate that reasonable fraud prevention procedures were in place.

What should organisations do now?

1. Strengthen third-party due diligence

Fraud often occurs through agents, contractors or suppliers. Do these things to reduce risk:

• Screen third parties for red flags such as financial instability or litigation history.
• Use onboarding questionnaires that include fraud and compliance checks
• Maintain a risk register of third-party relationships.
• Reassess due diligence periodically – not just at onboarding.

2. Update internal policies

Ensure your policies reflect current fraud risks:

• Fraud prevention policy – define fraud, reporting channels and consequences.
• Whistleblowing policy – protect staff and encourage safe reporting.
• Anti-bribery and corruption policy – link to fraud risks and financial controls.
• Procurement policy – clarify roles, tendering and vetting processes.
• Expense and credit card policy – set clear rules for claims and documentation.

3. Train and educate staff

• Provide fraud awareness training across all departments.
• Include fraud risks in induction and annual refresher training.
• Run internal awareness campaigns.

4. Conduct a fraud risk assessment

Documented assessments should identify the following:

• High-risk departments (e.g. finance, procurement)
• Likely types of fraud
• Gaps in controls or oversight

Store assessments as part of your legal defence record.

5. Improve governance and oversight

• Appoint a Fraud Prevention Lead (e.g. CFO or Head of Risk).
• Report regularly to your Audit Committee or Board.
• Keep a register of suspected or proven fraud incidents.

6. Enhance internal controls

• Segregate duties in finance and procurement.
• Require two-person approvals for payments and vendor onboarding.
• Automate fraud detection where feasible.
• Block risky activities (e.g. shared bank accounts between employees and vendors).

7. Maintain robust documentation

Create a clear audit trail by:

• recording training sessions and attendance;
• documenting risk assessments and mitigation plans; and
• logging policy reviews and disciplinary actions.

Store all records in a secure compliance system or shared drive.

8. Foster a ‘speak-up’ culture

This can be done by:

• promoting safe and anonymous fraud reporting; and
• investigating all reports swiftly and objectively.

9. Review commercial contracts

Include the following strong anti-fraud protections in all your commercial contracts:

• Anti-fraud clauses – prohibit fraudulent activity and require compliance with laws.
• Audit rights – allow inspection of records and interviews if fraud is suspected.
• Termination rights – enable immediate termination and recovery of losses.
• Mandatory reporting – require prompt reporting and cooperation in investigations.
• Warranties – confirm anti-fraud procedures and due diligence.
• Flow-down clauses – extend obligations to subcontractors.

How can Stone King help?

At Stone King, we are supporting clients in onboarding this new legislation by updating policies, strengthening governance and embedding protections into commercial terms. If you need assistance, please contact Eleanor Reilly or your usual contact at Stone King.