New UK Failure to Prevent Offence – is your business ready?

The new offence comes into force on 1 September 2025.  It is both wide ranging including a broader group of individuals who may be held liable, a broader array of activities that are now included and with extra territorial reach, which means that it will catch non-UK organisations if there is a nexus with the UK.  Two notable changes are the addition of associated persons (agents and sub-contractors) and the removal of the requirement to demonstrate direct involvement by senior managers. It gives the Serious Fraud Office (SFO) and other law enforcement agencies the widest powers to date to combat fraud and false accounting offences and the SFO has indicated it plans to use its new powers straight away.

What you need to know

• It can apply where the offence is committed overseas or where the benefit is received overseas.
• It can apply to non-UK organisations if there is a nexus with the UK - e.g. if the act took place in the UK, or the loss is suffered, or benefit occurred in the UK (in whole or part).
• The offence applies to organisations meeting at least two of the following conditions:
  • a turnover of more than £36m, 
  • more than £18m in total assets, 
  • or more than 250 employees.
• It applies to the actions of not only employees but agents and subcontractors.
• A parent company can be liable for the actions of an employee of a subsidiary.
• The benefit from the underlying offence is key to determining whether a company can be held accountable. It can be direct or indirect, actual or intended and be to the company, its clients, or a subsidiary of the client.
• The sanctions are unlimited fines and may lead to an increase in deferred prosecution agreements.

Wide range of offences

The range of offences is extensive and includes fraud by false representation, fraud by failing to disclose information, fraud by abuse of position, obtaining services dishonestly, participation in a fraudulent business, false statements by company directors, false accounting, fraudulent trading and cheating the public revenue. As a result, companies must now assess risks from third parties and associates, including those abroad with UK connections. This includes evaluating fraud risks from distributors, agents, affiliates, contractors, and joint ventures.

Defences

A defence is available where an organisation has reasonable fraud prevention procedures in place, or where it is unreasonable to expect it to have such procedures.

Reasonable procedures

The Government has provided Guidance that sets out procedures that organisations can adopt based on ‘six principles’. The Guidance is advisory only and is not legally binding. It gives a helpful starting point but no blueprint. It is clear that organisations need to develop their own tailored prevention measures proportionate to the risk to the organisation. However, the Guidance provides the approach the authorities will take when investigating and assessing whether reasonable procedures are in place.

Below is a short summary from the Guidance on the ‘six principles’.

1. Top level commitment - Senior management have a leadership role in fraud prevention, leading by example and fostering an open culture. There is clear communication and endorsement of the organisation’s stance on preventing fraud with clear governance across the organisation in respect of the fraud prevention framework and commitment to training and resource.
2. Risk assessment - The organisation assesses the nature and extent of its exposure to the risk of employees, agents and other associated persons committing fraud in scope of the offence. The risk assessment is dynamic, documented and kept under regular review. The Guidance accepts it is not possible to anticipate all fraud risks but suggests that the nominated risk owners develop typologies of risks by considering the three elements of the fraud triangle: opportunity, motive, and rationalisation.  Failing to carry out risk assessments will not be seen as reasonable and if they are not reviewed regularly, it is unlikely that the authorities would find that a reasonable procedure was in place. 
3. Proportionate risk-based fraud prevention procedures – the fraud prevention plan - Following the risk assessment, the organisation should draw up a fraud prevention plan. It is a key principle that the fraud prevention plan should be proportionate to the risk and the potential impact. The level of prevention procedures considered to be reasonable should take account of the level of control and supervision the organisation is able to exercise over a particular person acting on its behalf and the relevant body’s proximity to that person (e.g. if an employee or sub-contractor). The Guidance does not require duplication and recognises that organisations may already be regulated with processes in place, but it is not a suitable defence that existing compliance processes for regulated organisations automatically qualify as reasonable procedures – they must be reviewed to assess they are sufficient fraud prevention measures. 
4. Due diligence - In order to mitigate identified fraud risks, an organisation is to apply due diligence procedures while adopting a proportionate and risk-based approach in relation to those who perform or will perform services for or on behalf of the organisation. Many organisations already have due diligence procedures in place but note that merely applying existing procedures even if tailored to a different risk may not be adequate. 
5. Communication - Fraud prevention policies and procedures should be communicated and understood throughout the organisation, through internal and external communication and embedded across the organisation. Training and maintaining training are key.  Whistleblowing is highlighted and the need for whistleblowing policies. Where organisations already have such policies, they need to be suitable to the risks identified in the risk assessment.
6. Monitoring and review - Organisations need to monitor fraud detection policies and their effectiveness, and to refine those learnings from such monitoring, investigations and whistleblowing incidents. The Guidance refers to the use of AI tools and technologies to assist with processes.

Additional Guidance

In addition to the Guidance from the government, advisory guidance has also been produced by sector bodies, such as UK Finance, to supplement that provided above. The guidance is non-statutory and if there is a conflict between it and the Guidance provided by government the latter will take precedence. Supplementary guidance is a helpful tool for businesses to consult in the sectors deemed to be most at risk of committing the offence. 

How can we help?

Please contact Sophie Eyre or your local Bird & Bird disputes contact if you would like to know more.