UK businesses are preparing for the arrival of the "failure to prevent fraud" offence today (Monday), introduced under the Economic Crime and Corporate Transparency Act (ECCTA) 2023.
The legislation, modelled in part on earlier reforms such as the UK Bribery Act's "failure to prevent bribery" offence, is designed to strengthen corporate accountability and close gaps in prosecuting economic crime.
Under the new rules, large companies - defined as those with turnover above £36 million, assets over £18 million, or more than 250 employees - will be criminally liable if they fail to prevent fraud committed by employees or associates for the company's benefit. The only defence will be proving that "reasonable prevention procedures" were in place, echoing the compliance obligations seen under GDPR and anti-bribery legislation.
Craig Watson (pictured above), underwriter at Kayzen Specialty, said the new offence represents a reinforcement of the criminal responsibilities faced by senior executives.
“This legislation increases the personal burden on directors and officers, raising the bar for compliance and governance standards within organisations,” he noted.
Although the law's scope is initially limited to the largest firms, its effects are likely to cascade across the market. Smaller businesses connected via supply chains may become "associated persons" through which corporates are exposed, meaning that fraud prevention responsibilities will extend more widely. Watson suggested this will push expectations on smaller firms to adopt higher compliance standards, even if they are not directly in scope.
He added that while the Serious Fraud Office (SFO) has expressed strong interest in securing prosecutions, resource constraints could make widespread enforcement difficult.
"One bad actor within the business has the potential to undermine all best practice in one fell swoop," Watson cautioned, underlining the importance of whistleblowing channels, monitoring and a culture of vigilance across all staff levels.
The comparison to GDPR is instructive, Watson added. While fears of mass litigation around data protection never materialised, companies nevertheless invested heavily in compliance to avoid penalties. He suggested a similar dynamic may emerge with ECCTA, where proactive governance improvements become the main outcome rather than immediate court cases.
For insurers, the legislation underscores the rising value of D&O and management liability cover. Policies may increasingly respond where directors face claims tied to fraud prevention failures, particularly as the offence evolves and potentially broadens in scope.
“The direction of travel is clear,” Watson said. “All businesses, regardless of size, should embrace best practices in fraud prevention and governance to safeguard their leadership and future growth.”
