New UK Corporate Fraud Offence Takes Effect Soon: Prepare Your Business for Compliance
The UK will introduce a new corporate offence of ‘failing to prevent fraud’ on 1 September 2025. The new law will make it much easier for the leading UK enforcement agencies to successfully prosecute large companies where they do not have reasonable prevention procedures to stop fraud that touches the UK.
The UK Home Office has published guidance to help companies implement appropriate fraud prevention procedures, creating a crucial window for companies that are covered by the legislation to ensure compliance ahead of the law’s enactment.
Once the new offence is in force, we expect to see increased enforcement activity in this space and by the lead UK antifraud agency, the UK Serious Fraud Office, as well as other UK enforcement agencies.
Our antifraud compliance checklist to help you get ready
The guidance on this new offence sets out some clear principles for fraud prevention compliance programmes that businesses may wish to align themselves with. These principles act as a useful checklist to be carefully applied to businesses within scope. These include:
- Top‐level commitment: The guidance indicates that individuals who are responsible for governance of a relevant company should lead the development and review of prevention procedures, either individually or by delegation to a relevant committee, and senior managers should communicate and endorse the organisation’s stance on preventing fraud, including mission statements.
- Risk assessment: Any risk assessment should be well-documented and regularly reviewed, such that it continuously responds to business changes. The guidance suggests classifying any risks using the following structure and by reference to their likelihood and impact:
- Opportunity – Companies should identify who is in a position to commit a fraud offence, including departments which are particularly at risk (i.e., those with inadequate oversight or weak controls).
- Motivation – Companies should evaluate whether their reward systems (e.g., criteria for bonuses) may encourage fraud and, conversely, should assess whether there are any specific financial stresses that may encourage risky behaviour.
- Rationalisation – Companies should consider the culture at large to assess whether it is ‘quietly tolerant’ of fraud and whether any reporting lines in place (e.g., whistleblowing hotlines) are sufficient for employees to make their concerns known.
- Robust but proportionate risk‐based prevention procedures: The guidance suggests that each risk that has been recognised should be addressed by proportionate procedures. It acknowledges that some may be sufficiently addressed by sectoral regulations, such as those on tax evasion and audit requirements, but notes that this is not guaranteed.
- Due diligence: Where services are performed on behalf of a company, the guidance states there should be proportionate due diligence procedures in respect of those persons, either internally or by outsourced means. Notably, the guidance acknowledges that it may be proportionate not to implement procedures in respect of lower-level risks, but the reasons for this should be well-documented. Some procedures are mandated by law, such as anti-money laundering checks, but others may be necessitated by sector or circumstance. The guidance conveys an expectation on a company to review the effectiveness of its due diligence procedures and subsequently amend them as appropriate.
- Communication (including training): The guidance notes that a company should seek to ensure that its prevention policies – including whistleblowing policies – and procedures are communicated, embedded and understood throughout the organisation, through internal and external communication. Further, the guidance stipulates that this communication should be delivered, at least in part, through training programmes that are proportionate to the risk faced.
- Monitoring and review: As risks can evolve over time as businesses change, preventative procedures will need to be updated accordingly. The guidance suggests that procedures should be reviewed periodically with reference to three key touchpoints: detection of fraud and attempted fraud, investigation of suspected fraud and monitoring the effectiveness of fraud prevention measures.
Key takeaways
For businesses operating within scope of the new UK legislation, it’s a great time to kick the tyres of their compliance programmes to ensure they are in good shape for 1 September 2025.
For a more detailed analysis of the key elements of the new legislation, please see this November 2024 blog post and this April 2023 blog post, and if you would like to discuss how we can further help you get ready, please feel free to reach out to Tom Epps.
This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction, and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may have been generated with the assistance of artificial intelligence (AI) in accordance with our AI Principles, may be considered Attorney Advertising and is subject to our legal notices.