ECCTA and the new ‘failure to prevent fraud’ offence: What you need to know

The new offence of failure to prevent fraud places a clear duty on large organisations to take proactive steps – or risk criminal liability. In this article, I explore what the new offence involves, how organisations can meet their obligations, and the steps you can take now to strengthen your fraud prevention approach. 

What is the ECCTA offence?

The Economic Crime and Corporate Transparency Act 2023 introduces a new corporate criminal offence: failure to prevent fraud. From September, large organisations can be held criminally liable if someone associated with them commits a qualifying fraud offence intended to benefit the organisation – even indirectly. 

Who does it apply to?

The offence applies to ‘relevant bodies’, meaning companies or partnerships that meet at least two of the following criteria:  

• More than 250 employees 
• Turnover greater than £36 million 
• Total assets over £18 million 

These thresholds apply across the whole organisation, including subsidiaries. 

Who is considered an ‘associated person’?

An ‘associated person’ includes anyone providing services for or on behalf of the organisation. This can include:

• Employees 
• Agents 
• Subsidiaries 
• Franchisees 
• Supply chain companies acting on the organisation’s behalf 

What counts as a fraud offence?

The list includes, but is not limited to:

• False representation 
• Failing to disclose information 
• Abuse of position 
• False accounting 
• Cheating the public revenue 
• Fraudulent trading 
• Making misleading statements to an auditor

The offence only applies to fraud where the organisation benefits – not to fraud committed against the organisation. 

Strict liability offence

The failure to prevent fraud offence is a strict liability offence. This means that if:  

• A qualifying fraud offence occurs 
• It is committed by an associated person 
• The organisation meets the size threshold 

– then the organisation is automatically guilty, unless it can prove it had reasonable procedures in place to prevent fraud, or that it was unreasonable to expect such procedures in the circumstances. What counts as ‘reasonable’ will depend on factors like size, complexity, and sector. The Home Office guidance outlines six principles to help organisations meet this test.

What should organisations do to prepare?

The Home Office guidance sets out six principles for effective fraud prevention. These are broadly aligned with existing best practice in risk and compliance. 

1. Top-level commitment

A strong anti-fraud culture should be led from the top. Board-level sponsors should ensure there are clear, well-communicated policies and procedures – including whistleblowing mechanisms. 

2. Risk assessment

Carry out regular fraud risk assessments focused on employees, agents, and third parties. Assessments should be documented, reviewed, and updated in response to emerging risks. 

3. Proportionate procedures

Prevention measures should match the level of risk. This includes defined fraud policies, supply chain oversight, and internal controls tailored to the nature of the organisation’s operations. 

4. Due diligence

Implement robust due diligence processes for all associated persons. Use technology and data analytics to monitor high-risk areas, such as procurement and supplier onboarding.

5. Communication and training

Train employees and associated persons on fraud risks, whistleblowing, and consequences of misconduct. Keep the organisation’s fraud stance visible and consistent.

6. Monitor and review

Set up systems to regularly review and improve fraud prevention measures. Work across departments to evaluate risk controls, update policies, and adjust responses as needed. 

“Effective fraud prevention isn’t just good practice; it’s now a legal necessity for many,” says Neil Green, Deputy Director of the Counter Fraud and Investigation and Audit Response Team, Government Internal Audit Agency.  

It begins with a clear-eyed assessment of your organisation’s fraud risks. Regularly reviewing where you may be exposed is essential to building strong, practical defences that actually work.”

The importance of documenting your approach

Detailed records should be kept of all fraud risk assessments, control decisions, training sessions, and due diligence activities. This documentation will be critical in demonstrating compliance if the organisation is ever challenged on its approach.

How can technology help?

Technology plays a vital role in identifying and preventing fraud. Organisations can use tools to:

• Analyse risks and detect anomalies across payment streams and governance 
• Monitor control effectiveness in real-time 
• Prioritise alerts and incidents based on risk 
• Automate audits and investigations 
• Create an audit trail for assurance and regulatory review

AI and data analytics are increasingly being used to power smarter, faster fraud detection – especially when guided by business and sector-specific risk insight. 

What about the Crime and Policing Bill 2024?

The Crime and Policing Bill (CPB) is set to go even further than ECCTA. It proposes a broader corporate attribution regime, making organisations liable for any criminal offence committed by a senior manager – not just economic crime.

This means the same liability could apply to offences across all areas of a business, not just fraud.

The CPB uses the same definition of a ‘senior manager’ as ECCTA: someone who plays a significant role in the management or organisation of the business. This could include:  

• Board members and senior executives 
• Heads of department (e.g. compliance, legal, HR) 
• Regional or divisional leaders

Organisations should now review their risk assessments, controls, and training to ensure they’re also prepared for this broader legal exposure. 

Conclusion

The ECCTA is a major change – but it builds on existing best practice in fraud risk management. Many organisations will already be on the right track.

The key is proactive preparation: having clear, documented procedures in place to prevent fraud, and being able to demonstrate this if required.

By following the Home Office principles, investing in training and due diligence, and embedding fraud prevention into day-to-day operations, organisations can build a strong, defensible position.

Clue can help

Laura Eshelby leads Economic Crime at Clue Software. Learn more about how our software helps investigations and intelligence teams tackle fraud, corruption, money laundering and sanctions evasion across a wide range of sectors or contact Laura to discuss how we can help your team.   

Join us at the North West Fraud Forum

Laura Eshelby and Neil Green, Deputy Director for Counter Fraud at the Government Internal Audit Agency, will be speaking at the North West Fraud Forum (NWFF) event on September 11. 

In this session, they will:

• Share strategic frameworks and tools for identifying and responding to fraud threats 
• Show how public bodies are preparing for ECCTA 
• Offer practical insights on what ‘good’ looks like across sectors

Whether you lead strategy, manage risk, or oversee compliance, this masterclass offers practical, actionable guidance for navigating a fast-changing fraud landscape.