The failure to prevent fraud offence is written about almost entirely from the company’s point of view: how a large organisation builds reasonable procedures and avoids prosecution. That is the easy half. The harder half, and for the people we represent; the more important, is what happens to the individuals when fraud is uncovered: the person who committed it, the senior managers above them, and the directors a company will expose to save itself. This is a defence view of the individual exposure the new offence creates.
The failure to prevent fraud offence was created by the Economic Crime and Corporate Transparency Act 2023 and came into force on 1 September 2025. It makes a large organisation criminally liable where a person associated with it, an employee, agent, subsidiary or other person performing services for it, commits a specified fraud intending to benefit the organisation, or to benefit those to whom it provides services, and the organisation did not have reasonable procedures in place to prevent that fraud.
The offence sits in Schedule 13 to the Economic Crime and Corporate Transparency Act, with the core provision at section 199. The specified fraud offences it covers are the familiar ones: fraud by false representation under the Fraud Act 2006, false accounting and false statements under the Theft Act 1968, fraudulent trading, obtaining services dishonestly, cheating the public revenue, and aiding or abetting any of these. In substance it is close to a strict liability offence for the relevant body: once an associated person commits a specified fraud offence intending to benefit the organisation, the relevant body is liable unless it proves the defence. A large organisation is defined as meeting two of the three thresholds: more than 250 employees, more than £36 million in turnover, or more than £18 million in balance sheet total. The offence applies to that relevant body whether it is a single company or a parent company answering for a subsidiary.
Two features define it. First, it applies to large organisations only, those meeting the statutory size thresholds for turnover, balance sheet and employee numbers, and the offence applies to a parent company as much as to a subsidiary, so a parent company cannot sidestep it by pointing at a subsidiary. Second, it is a corporate offence. The organisation is the defendant. The offence does not, in itself, make any individual criminally liable for failing to prevent the fraud.
The new offence follows the model of the earlier failure to prevent offences: the failure to prevent bribery under the Bribery Act 2010, and the failure to prevent the facilitation of tax evasion offences under the criminal finances legislation. The government published prevent fraud guidance ahead of commencement, and the Serious Fraud Office (SFO) and the Crown Prosecution Service (CPS) issued joint corporate prosecution guidance, a clear signal that this new failure to prevent offence will be used.
That second point is where most coverage stops, and where the real story for individuals begins.
There is a single overall defence to the offence: that the organisation had reasonable fraud prevention procedures in place at the time the fraud was committed, or that it was not reasonable in all the circumstances to expect such procedures. What is reasonable, depends on the size, risk profile and complexity of the organisation, and the onus is on the organisation to prove reasonability.
Government guidance on the offence sets out six principles for reasonable fraud prevention procedures: top-level commitment, risk assessment, proportionate risk-based prevention procedures, due diligence, communication and training, and monitoring and review. In practice, that means a fraud risk assessment to identify specific risks, anti-fraud policies and a clear governance structure, due diligence on associated persons and procurement processes, and, existing procedures and processes kept under review. The guidance emphasises a risk-based approach, with sector-specific guidance for commercial organisations and professional organisations. These fraud prevention measures, and a fraud prevention plan within a relevant body’s wider governance, are sound practice.
At the centre of any reasonable procedures is the fraud risk assessment: a structured risk assessment of where fraud could occur, who could commit it, and how. From that risk assessment flow the proportionate controls, the due diligence on associated persons, the anti-fraud policies, the training, and the fraud detection and monitoring that show the procedures work in practice. A risk assessment that is never revisited, or due diligence that exists only on paper, is exactly what a prosecutor will probe when testing whether the procedures were actually reasonable.
This is the territory of the compliance industry, and it is well covered: risk assessments, policies, training, monitoring, the documented programme that an organisation points to when an associated person goes wrong. It matters, and a company should build it. However, it is a corporate defence to a corporate charge, and it does very little for the individuals whose conduct is under the microscope.
When fraud is uncovered inside an organisation, several people are exposed personally, regardless of how the corporate charge is resolved.
The first is the associated person who committed the fraud. The failure to prevent fraud offence sits on top of, not instead of, the underlying fraud. The associated persons who carried it out, and anyone who encouraged or assisted them, can be prosecuted for that fraud in the ordinary way, through the criminal justice system. The new offence widens corporate liability for fraud committed inside an organisation; it does not narrow the personal liability of those who commit fraud. The new offence widens the corporate net; it does not narrow the individual one.
The second, is the senior manager. Reforms to corporate criminal liability mean that the conduct of a senior manager, acting within the scope of their authority, can now fix the organisation itself with criminal liability across a wide range of offences, a shift we explain in our analysis of the Crime and Policing Act 2026. A senior manager whose decisions are central to a fraud investigation is exposed both to that attribution and to personal scrutiny of their own conduct.
The third is anyone the organisation chooses to expose, which brings us to the dynamic that matters most.
Faced with potential liability for failing to prevent fraud, a large organisation has a powerful incentive to self-report to the authorities and cooperate fully. Doing so opens the door for lawyers to argued for a deferred prosecution agreement, under which the organisation pays a penalty and accepts conditions but avoids a criminal conviction. For the company, often the rational choice.
Cooperation, though, has a price paid by individuals. To earn the credit that leads to deferred prosecution agreements, an organisation conducts an internal investigation and discloses information to the prosecutor: documents, interview accounts, and the identification of who did what, often reaching company directors and senior management. The company protects itself by disclosing the conduct of its people, and the individuals named are then squarely in the frame for personal prosecution, at the very moment their employer has decided to settle for safety.
This is where the interests of the organisation and the individual come apart. The company wants to demonstrate cooperation to avoid prosecution whereas the individual needs to protect their own interests. The internal investigation the company runs is not on the individual’s side, and an account given to it can travel directly to the prosecutor. Treating the company’s lawyers as your own, at this stage, is one of the most serious mistakes an exposed individual can possibly make.
For an individual inside an organisation under fraud investigation, the protective steps are the ones that decide most cases, taken early. Separate representation, independent of the company, ensures your interests are the ones advanced; careful handling of any internal investigation interview prevents your own words being used against you; and, engaging before charge is where the account can be shaped, the evidence tested, and the case stopped or narrowed before a charging decision. A lot of work can be done 'pre charge' to prevent your case from being taken to court.
A fraud investigation often begins with a dawn raid or a request for interview under caution, and for regulated professionals it runs alongside a regulator's own investigation. Each is a moment where the individual’s position must be protected in its own right, not folded into the company’s strategy.
We act for the individuals: the directors, senior managers, finance professionals and associated persons who are exposed when fraud is investigated inside an organisation. Our focus is the pre-charge stage, where the most can be done and where the divergence between the company’s interests and the individual’s is sharpest.
That means securing independent representation early, before any internal-investigation interview; advising on what can and cannot safely be said while a company pursues its own cooperation; testing the evidence; and engaging with the prosecutor before the decision becomes a charge. Having prosecuted financial crime as well as defended it, we know how these investigations are built and where an individual’s position can be protected.
We offer confidential consultations, in person at our London offices or remotely by secure call. Initial enquiries are handled discreetly and quickly.
If you are exposed by a fraud investigation, whether you are an individual or, indeed operating as a Company, Speak to us confidentially today.
It is a corporate offence under the Economic Crime and Corporate Transparency Act 2023, in force from 1 September 2025. A large organisation can be criminally liable where a person associated with it commits a specified fraud intending to benefit it, and the organisation did not have reasonable procedures in place to prevent that fraud. The only defence is that it had reasonable procedures, or that it was unreasonable to expect them.
Not for the failure to prevent fraud itself, which is a corporate offence. But the individuals around it remain exposed: the person who committed the underlying fraud can be prosecuted for it personally, senior managers can be personally scrutinised and can fix the company with liability through their conduct, and individuals can be named when a company cooperates with the authorities.
No, and assuming you can is dangerous. The company’s lawyers act for the company, whose interest may be to cooperate with the authorities by disclosing the conduct of its' people. If you are personally exposed, you need separate, independent representation whose only duty is to you.
It typically conducts an internal investigation (similar to COP 8) and discloses the findings to the prosecutor in order to earn cooperation credit and negotiate a deferred prosecution agreement. That disclosure identifies the individuals involved, who are then exposed to personal prosecution. The company can settle while the individuals it named face the criminal process.
It applies to large organisations meeting two of the following three thresholds: 1) more than 250 employees, 2) more than £36 million in turnover, or 3) more than £18 million in balance sheet total. A parent company is assessed together with its subsidiaries. Smaller organisations are outside the scope of the offence, but the individuals within any organisation remain personally exposed if fraud is committed.
An associated person is someone who performs services for, or on behalf of the organisation: an employee, agent, subsidiary or contractor The offence applies where an associated person commits a specified fraud offence intending to benefit the organisation. Whether someone counts as an associated person can itself be contested, and it matters to both the relevant body and the individual.
In practice it operates close to strict liability for the relevant body. Once an associated person commits a specified fraud offence to benefit the organisation, the relevant body is liable unless it proves it had reasonable procedures. There is no need to show that the organisation’s senior management were aware.
A court-approved settlement under which an organisation avoids a criminal conviction by accepting a penalty and conditions, usually after self-reporting and cooperating. For individuals, the danger is that the cooperation behind deferred prosecution agreements involves the organisation disclosing information about its people to the prosecutor.
Take independent advice immediately, before any internal-investigation interview or contact with the authorities, and do not give an account to anyone until you have. The strongest position is established early, at the pre-charge stage. You can contact our team directly for a confidential discussion.
Lex Vindico Group is regulated by the Solicitors Regulation Authority. We represent individuals and businesses nationally across England and Wales in criminal, regulatory, and parallel-proceedings defence at every stage, and most decisively, at the pre-charge stage.
This article is written by Akram Mula, LLM, Solicitor Advocate and CPS-approved Prosecutor, founder of Lex Vindico Group. It is general legal information about the failure to prevent fraud offence, not legal advice on any specific case. Statutory references in this article are flagged for editorial verification before publication. For advice on your individual circumstances, contact our team directly.
We’re proud to be recognised by the UK’s leading legal and professional bodies. With decades of experience across criminal defence, regulatory law, and litigation, our clients trust our lawyers to deliver results with discretion, precision, and integrity.


Your next step could make all the difference. Speak to our expert legal team now and protect your future.