Are businesses prepared for new failure to prevent fraud laws?

On 1 September 2025, a new law will come into effect under the Economic Crime and Corporate Transparency Act (ECCT). Large organisations may be held criminally liable where fraud is committed by an employee, agent, subsidiary or other “associated person”, with the intention of benefiting the organisation.

Following our previous article on the changes, Alex Jay, Andrew Robson and Ronak Mahdavi Jovainy answer some of the questions businesses may have about the new rules.

What do businesses need to be aware of to prepare for the new laws?

Whether or not businesses are prepared will depend on how well they apply the government’s guidance in the nine months available between its publication in November 2024 and the law coming into force on 1 September 2025. The principles set out within the guidance are flexible and outcome-focused. Any well-prepared organisation should make itself familiar with how those principles can be achieved by their business, including whether to develop new or enhance existing internal standards. For each firm, preparation will look quite different.

What are the biggest challenges within the new legislation?

The real challenge for many businesses will be ensuring that third-party suppliers meet the required standards. Needless to say, this is quite an undertaking for any major organisation with complex business structures and supply chains.

Business leaders will be well positioned for September 2025 if they have assessed their entire ecosystem, incorporated reasonable procedures where necessary, and have the documents to evidence this.

What are the implications for the ECCT’s extraterritorial effect?

The ECCT’s extraterritorial effect means overseas organisations can be liable if fraud targets UK victims, even if the fraud takes place abroad by a non-UK entity. This raises the bar for multinationals operating in or with the UK to assess their fraud risks.

The UK is clearly moving ahead to crack down on corporate fraud, in alignment with its wider economic crime agenda. Of course, actually enforcing any breaches of the ECCT against an overseas person or entity may be more challenging, as it will require co-operation from whichever country has jurisdiction over that person.

The EU and US each have their own broader mechanisms for addressing fraud. These include the EU’s Protection of the Union’s Financial Interests (PIF) directive, European Anti-fraud Office (OLAF) and European Public Prosecutor’s Office (EPPO); and various US laws including the Foreign Corrupt Practices Act (FCPA) and Sarbanes-Oxley Act (SOX). These do not however reflect the UK’s focused and targeted “failure to prevent” model.

Fraud covers less severe crimes such as mis-selling and greenwashing. What impact will that have?

The broader definition of fraud means organisations could face criminal liability for conduct once seen as regulatory. They will therefore need to reclassify these risks as potential fraud, and not just compliance issues.

With early self-reporting encouraged by the Serious Fraud Office (SFO), we will likely see more internal investigations and voluntary disclosures. Ultimately, this will raise both legal and reputational stakes for the organisations to which the new law applies.

How significant is the risk for institutions operating across multiple jurisdictions and business lines?

The risk is real and significant. The offence applies extraterritorially, so organisations must manage fraud risk across global operations – aligning controls across diverse legal systems and business models will be logistically difficult. The burden is also on firms to not just have, but be able to document that they have, reasonable procedures in place. That will require large-scale coordination from a practical and administrative perspective.

That said, large organisations already operate under global fraud regimes which demand high compliance standards, including the UK Bribery Act. For well-governed organisations, the change may be more evolution than revolution.

How likely is it that corporates will be subject to extensive investigations?

It’s difficult to say at this stage which types of organisations will find themselves subject to investigations, and whether or not those investigations will lead to prosecution. It’s important to note, though, that the offence comes with political and public momentum, and backing from the SFO and Crown Prosecution Service.

Fraud is increasingly seen as a major threat to the UK, so we may see some high-profile enforcement cases initiated in the not too distant future. That considered, and noting the risks involved, organisations would be well-advised to take the new regime seriously.

You can find further information regarding our expertise, experience and team on our Fraud page.

If you require assistance from our team, please contact us.

Subscribe – In order to receive our news straight to your inbox, subscribe here. Our newsletters are sent no more than once a month.

Are businesses prepared for new failure to prevent fraud laws?

What do businesses need to be aware of to prepare for the new laws?

What are the biggest challenges within the new legislation?

What are the implications for the ECCT’s extraterritorial effect?

Fraud covers less severe crimes such as mis-selling and greenwashing. What impact will that have?

How significant is the risk for institutions operating across multiple jurisdictions and business lines?

How likely is it that corporates will be subject to extensive investigations?

Key Contacts

Related News

What explains the international appeal of the English courts for bringing fraud claims?

Commercial fraud – trends and developments

Commercial fraud claims in England and Wales: analysing trends in 2025

UK government sets out guidance on new ‘failure to prevent fraud’ offence