New corporate offence of failure to prevent fraud - how should charities prepare

The ECCTA represents a step-change in corporate criminal liability for fraud, and organisations need to prepare in advance of a new offence - the failure to prevent fraud - coming into force on 1 September 2025.

The offence of failure to prevent fraud targets large organisations, including large incorporated charities - and these organisations certainly need to act now. Nevertheless, all charities should (i) take note of the good practice fraud prevention measures set out in guidance and (ii) be aware of the steps that all large organisations will be taking.

Broadly, the new offence will make large organisations criminally liable if they fail to prevent fraud by an associated person and the fraud committed by the associated person is intended to benefit the organisation (or its clients/service users).

The creation of the new offence makes investigations and prosecutions more likely. And, importantly, if an organisation is found guilty of the failure to prevent fraud offence, it is liable to an unlimited fine. Plus it will need to deal with all associated negative PR, loss of management time (which can be very significant) and disruption.

Who is at risk

'Large organisations' (including incorporated charities) that satisfy at least two of the following:

1. more than £36 million turnover;
2. more than £18 million total assets; and/or
3. more than 250 employees.

There is further complexity where an organisation is part of a group.

How can large charities protect themselves

Organisations will have a defence if they can show that they have implemented reasonable fraud prevention procedures.

The Home Office has published guidance on reasonable fraud prevention procedures. With the offence coming into effect in September, there isn't a long time to prepare - organisations need to ensure that they have completed their risk assessments and other compliance work (including updating relevant policies and contracts) so that they can brief their boards and take action in good time.

Guidance makes clear that the fraud prevention framework put in place by relevant organisations needs to be informed by the following six principles:

1. Top level commitment
2. Risk assessment
3. Proportionate risk-based prevention measures
4. Due diligence
5. Communication including training
6. Monitoring and review.

These principles interlink and, crucially, one size does not fit all. The guidance encourages organisations to take a proportionate and risk-based approach according to the particular fraud risks which they face, building on existing policies where possible.  However, a fresh look is needed.  It is clear that this cannot be seen as a tick box exercise.

How can we help?

We are helping clients prepare for the implementation of the new failure to prevent offence, including assisting with risk, policy and contract reviews and the provision of relevant training. We have both a specialist fraud team and an ECCTA task force, who can assist with both preparations and readiness for implementation, as well as advising on fraud-related matters and investigations generally where the need arises.

For more information, please contact Gabriel Cohen in our Charities team on 0117 314 5661, or complete the form below.