Kevin Dent KC considers the impact that the new failure to prevent fraud offence may have on corporate governance for PLC Magazine
The coming into force on 1 September 2025 of the new corporate offence of failure to prevent fraud marks a profound moment in the evolution of UK corporate criminal law. It is both an echo and an expansion of the Bribery Act 2010 (2010 Act), transplanting the “failure to prevent” model from the narrower terrain of bribery into the far broader world of fraud.
The government’s guidance on the offence offers a useful steer for corporates, yet much remains open to interpretation. This reform is revolutionary in ambition, aimed at transforming the corporate approach to fraud and raising standards, but its success will be hard to measure. Indeed, paradoxically, the more successful its impact, the less need there will be to enforce it.
For lawyers and corporates alike, the offence presents a paradox: it is at once a simple concept, criminal liability unless reasonable fraud prevention procedures are in place, and also a complex challenge that encroaches on every aspect of corporate culture, governance and risk management.
A closing of the accountability gap
For years, prosecutors have struggled to hold large companies criminally liable for fraud committed by employees or agents. The common law "identification principle", which requires that the guilty party be found within the company’s controlling mind, has long been criticised as unfit for the large, decentralised businesses of the 21st century. The new offence seeks to address that gap. A large organisation will now be guilty if a person who is associated with it commits a specified fraud offence intending to benefit the organisation, or another to whom the organisation provides services, unless the it can show, on the balance of probabilities, that it had reasonable fraud prevention procedures in place (section 199, Economic Crime and Corporate Transparency Act 2023) (ECCTA) (section 199).
The offence only applies to top-tier UK businesses, as a "large organisation" is defined as one that meets two out of three size criteria (section 201, ECCTA). Although it makes some sense to limit the scope to businesses with the financial clout that is required to instil good governance, it means that smaller and less established organisations, where financial pressures and volatility may create higher risks of fraud, will be out of reach.
The base fraud offence that triggers section 199 covers nearly all financial crime and, once established, the question becomes not whether the senior management authorised, or knew of, the fraud, but rather whether it had in place such prevention procedures as was reasonable in all the circumstances to expect it to have, or that it was not reasonable in all the circumstances to expect the body to have any prevention procedures in place (section 199(4)). In this respect, the offence enjoins the criminal law with good governance and turns compliance into both the shield and sword. The concept of reasonable procedures in section 199 replaces that of taking "adequate procedures" in section 7 of the 2010 Act for failure to prevent bribery. Reasonableness feels a less loaded basis for assessment than adequacy, particularly as, whenever corporate fraud has taken place, any measures taken by the organisation were, by definition, inadequate to prevent it from happening.
Government guidance on the new offence
It follows that the key battleground in any section 199 investigation or proceedings is likely to be as to whether the organisation can prove that it took reasonable procedures to prevent it. The Home Office published official guidance in November 2024, updated in October 2025 (the guidance).
Weighing in at 52 pages, the guidance is perhaps more significant than the section 199 offence itself. It sets out a radical blueprint for how large organisations should approach fraud prevention measures, and a measure of its ambition comes by comparison to the 2010 guidance on failure to prevent bribery, which covered only 17 pages (2010 guidance).
The guidance comes packed with contemporary corporate speak, such as:
"horizon scanning", "fostering an open culture", "ethical fading", "identifying typologies", and "nominated risk owners".
It is not necessarily wordily drafted, but it highlights two central issues:
- whether it has the necessary clarity to steer corporates away from criminal liability and
- In contested cases, whether jurors have the capability to interpret those terms and properly assess the reasonableness of the prevention measures in question.
The guidance begins with a discouraging disclaimer that it is not intended to provide a safe harbour and that even strict compliance with the guidance will not necessarily equate to having reasonable procedures in place. It emphasises that only the courts can determine whether a relevant body has reasonable prevention procedures in place in the context of particular facts. In other words, organisations need to ultra vigilant, otherwise they may open themselves up to the scrutiny of the courts and, ultimately, find their corporate good name in the hands of a jury.
Just as for the 2010 guidance, it indicates that anti-fraud measures should be governed by six guiding principles that encompass nearly every aspect of corporate practice: top level commitment, risk assessment, proportionate risk-based prevention procedures, due diligence, communication (including training), monitoring and review. The detailed recommendations on each of these principles, spread out over 18 pages, resemble a positive corporate manifesto as much as it does guidance in respect of a criminal offence.
The real elephant in the room is how courts are supposed to evaluate compliance with it. Is the idea that reference should be made to it in criminal trials, such that the actions of a defendant company can be assessed by the extent that it has followed or deviated from the guidance?
A defendant company, for instance, may wish to rely on its compliance with the guidance to help prove that it had developed reasonable procedures. If so, how is a jury of twelve ordinary individuals supposed to make a qualitive evaluation of such detailed guidance?
Putting a company’s reputation and balance sheet at risk of uninformed judgment by such jurors feels somewhat precarious and may not guarantee good decisions. The scepticism that many in society feel towards perceived corporate "fat-cats" could mean that the burden for a defendant organisation proving it had reasonable procedures may be a high one. In the only contested trial for the offence of failure to prevent bribery, R v Skansen Interior Limited, the jury found that the company had not proved that it had taken adequate measures to prevent bribery, which reinforces the difficulties that such companies may encounter before a jury.
Practical issues and the real aim
There are several yet-to-be answered questions that both practitioners and organisations will be asking about section 199 and the accompanying guidance.
Will prosecutors look to establish that the base fraud offence has been committed by the individual(s) associated with the company before bringing charges for the section 199 offence?
If so, then the current slow pace of the UK’s premier fraud courts suggests that it may take many years before the base offence is established in contested proceedings. In which case, any follow-on proceedings against the organisation are unlikely to begin until many years after the event, by which time the public interest may have waned.
If, instead, the prosecutions are brought concurrently, this would create an incentive for the organisation to defend the alleged fraudster, as an acquittal for them would provide a knock-out blow for the corporate offence.
Likewise, a prosecuting body could toil for months in court to establish a lack of reasonable preventative measures only to be thwarted by a jury with some measure of doubt about whether the trigger base offence had been committed by an individual.
A further question is whether defendant companies are to be assessed by the reasonableness of their prevention procedures generally or only by reference to prevention of the base offence. Section 199(5) suggests that it is the broader test. In which case, a defendant organisation may have taken proper measures in respect of the fraud that occurred but may be found to have been unreasonably wanting in some other aspect of the guidance.
These kinds of issues, together with the scope being limited to large organisations, may mean that, in practice, prosecutions for the new offence may seldom be brought. The overwhelming thrust of the guidance is for organisations to take root and branch measures now in order to ensure that they will never need to come under the scrutiny of a section 199 charge. Indeed, that may be the fundamental point of the new offence; to prevent the need for prosecution.
It follows that organisations will be well advised to take comprehensive legal advice now about their fraud risks and how they can best demonstrate adherence to the guidance. That advice will need to be something more than mere compliance with rules and regulations; a deep and penetrating search through of the corporate architecture is required to seek out even the faintest whiff of fraud. The time for a company to meet its fraud lawyer is no longer in the moments after a prosecutor has broken through the office doors to make arrests. The time to engage the fraud lawyer is now.
Kevin Dent KC is a highly persuasive advocate with a calm, measured, yet robust courtroom manner. Kevin took silk in 2019, building upon his heavyweight practice in the fields of financial crime and serious crime. Kevin is ranked in the Legal 500 and Chambers & Partners.
