New UK Corporate Fraud Offence Takes Effect Soon: Prepare Your Business for Compliance

The UK will introduce a new corporate offence of ‘failing to prevent fraud’ on 1 September 2025. The new law will make it much easier for the leading UK enforcement agencies to successfully prosecute large companies where they do not have reasonable prevention procedures to stop fraud that touches the UK.

The UK Home Office has published guidance to help companies implement appropriate fraud prevention procedures, creating a crucial window for companies that are covered by the legislation to ensure compliance ahead of the law’s enactment.

Once the new offence is in force, we expect to see increased enforcement activity in this space and by the lead UK antifraud agency, the UK Serious Fraud Office, as well as other UK enforcement agencies.

Our antifraud compliance checklist to help you get ready 

The guidance on this new offence sets out some clear principles for fraud prevention compliance programmes that businesses may wish to align themselves with. These principles act as a useful checklist to be carefully applied to businesses within scope. These include:

1. Top‐level commitment: The guidance indicates that individuals who are responsible for governance of a relevant company should lead the development and review of prevention procedures, either individually or by delegation to a relevant committee, and senior managers should communicate and endorse the organisation’s stance on preventing fraud, including mission statements.
2. Risk assessment: Any risk assessment should be well-documented and regularly reviewed, such that it continuously responds to business changes. The guidance suggests classifying any risks using the following structure and by reference to their likelihood and impact:
   1. Opportunity – Companies should identify who is in a position to commit a fraud offence, including departments which are particularly at risk (i.e., those with inadequate oversight or weak controls).
   2. Motivation – Companies should evaluate whether their reward systems (e.g., criteria for bonuses) may encourage fraud and, conversely, should assess whether there are any specific financial stresses that may encourage risky behaviour.
   3. Rationalisation – Companies should consider the culture at large to assess whether it is ‘quietly tolerant’ of fraud and whether any reporting lines in place (e.g., whistleblowing hotlines) are sufficient for employees to make their concerns known.
3. Robust but proportionate risk‐based prevention procedures: The guidance suggests that each risk that has been recognised should be addressed by proportionate procedures. It acknowledges that some may be sufficiently addressed by sectoral regulations, such as those on tax evasion and audit requirements, but notes that this is not guaranteed.
4. Due diligence: Where services are performed on behalf of a company, the guidance states there should be proportionate due diligence procedures in respect of those persons, either internally or by outsourced means. Notably, the guidance acknowledges that it may be proportionate not to implement procedures in respect of lower-level risks, but the reasons for this should be well-documented. Some procedures are mandated by law, such as anti-money laundering checks, but others may be necessitated by sector or circumstance. The guidance conveys an expectation on a company to review the effectiveness of its due diligence procedures and subsequently amend them as appropriate.
5. Communication (including training): The guidance notes that a company should seek to ensure that its prevention policies – including whistleblowing policies – and procedures are communicated, embedded and understood throughout the organisation, through internal and external communication. Further, the guidance stipulates that this communication should be delivered, at least in part, through training programmes that are proportionate to the risk faced.
6. Monitoring and review: As risks can evolve over time as businesses change, preventative procedures will need to be updated accordingly. The guidance suggests that procedures should be reviewed periodically with reference to three key touchpoints: detection of fraud and attempted fraud, investigation of suspected fraud and monitoring the effectiveness of fraud prevention measures.

Key takeaways

For businesses operating within scope of the new UK legislation, it’s a great time to kick the tyres of their compliance programmes to ensure they are in good shape for 1 September 2025.