Summary:
The UK’s new Failure to Prevent Fraud (FTPF) offence under the Economic Crime and Corporate Transparency Act (ECCTA) introduces significant legal obligations for large organizations to proactively prevent fraud. It covers a wide range of offences—including false accounting, abuse of position, and fraud by employees, agents, or subsidiaries. Importantly, the scope of this offence will have extra-territorial reach, meaning it doesn’t just apply to UK-based companies—it can also impact foreign subsidiaries, including US entities connected to UK parent companies. This makes it critical for organizations across jurisdictions to assess risk, implement strong internal controls, and adopt transparent, AI-supported compliance measures.
Corporate compliance professionals are finding themselves in uncharted territory with this new legal framework, requiring a thorough understanding of how this legislation applies and how it can potentially reshape their compliance strategies. Fortunately, the UK government has put out a document entitled “Economic Crime and Corporate Transparency Act 2023: Guidance to organisations on the offence of failure to prevent fraud.” (The Guidance)
Which Companies Fall Under This Statute?
The FTPF introduces corporate criminal liability for large organizations where an associated individual commits fraud intending to benefit the organization or its clients. This represents a seismic shift for corporate compliance programs because senior management does not need to have ordered or even been aware of the fraud for liability to attach. The very act itself, if proven to benefit the organization or its clients, triggers organizational accountability.
The scope applies specifically to large organizations, defined as incorporated entities or partnerships that meet at least two of the following criteria: more than 250 employees, a turnover exceeding £36 million, or total assets greater than £18 million. This definition intentionally includes subsidiaries and partnerships within its ambit, casting a wide net for compliance oversight.
The Guidance clearly defines the types of fraud included under the new offence; these base fraud offences include:
The term “associated person” is critical. It extends beyond employees and explicitly includes agents, subsidiaries, or any other persons providing services for or on behalf of the organization. The Guidance notably excludes those merely supplying goods, emphasizing service relationships as the core focus.
Understanding the depth and breadth of these associations will require enhanced due diligence processes, rigorous vetting of service providers, and a fundamental re-evaluation of contractual relationships, including at the purchase order, invoice and payment transaction level.
Territoriality is another aspect compliance professionals must closely evaluate. The offence holds a distinct UK nexus; thus, fraud committed by associated persons must either occur in the UK or involve gains or losses realized within UK boundaries. This global perspective on compliance places significant responsibility on UK-based operations with international associations and activities.
Notably, the Guidance outlines scenarios to clarify ambiguities. Consider, for instance, fraud committed by the payroll department diverting employee pension funds to support other internal projects. Here, the payroll head abuses their entrusted position to commit fraud intended to benefit company operations. Even if no senior manager or director knew about the fraud, the company could still face prosecution under this legislation unless it has demonstrably reasonable procedures to prevent such fraud.
Foster a Culture of Integrity Through AI-driven, Transparent, Industry-Specific Compliance Measures
In terms of defensive mechanisms, the guidance emphasizes the implementation of “reasonable fraud prevention procedures.” This implies that corporations must adopt tailored compliance systems that consider the specific risks associated with their industry, size, and operational territories. Simply having generic fraud detection tools will likely fall short of satisfying this legal standard. Instead, robust, proactive, risk-specific compliance measures, supported by ongoing training and review, become non-negotiable.
This is similar to the proportionality concept of the US DOJ guidance known as the Evaluation of Corporate Compliance Programs. In other words, if you are an AI-driven, sophisticated company who uses technology in other parts of the business, your fraud risk management and compliance program should also use a proportionate amount of data & technology in its monitoring efforts.
The Guidance emphasizes corporate cooperation with enforcement authorities. Organizations demonstrating transparent reporting, proactive fraud detection efforts, and comprehensive preventive frameworks will likely find more favorable prosecutorial discretion and potential eligibility for DPAs.
This Guidance represents not only a legal shift but also a call for a cultural transformation within corporations. Compliance professionals must foster an environment where ethical practices are embedded, whistleblowers are supported, and robust prevention frameworks are continuously evaluated and strengthened.
The Economic Crime and Corporate Transparency Act 2023 mandates a higher degree of vigilance, proactive risk management, and cultural alignment with anti-fraud values. Organizations failing to adapt swiftly to this evolving compliance landscape risk severe financial penalties, reputational damage, and operational disruption. Forward-looking compliance professionals will seize this moment to reinforce corporate integrity, safeguard organizational reputation, and ensure lasting resilience against fraud by “upping their game” with AI-driven fraud risk management.
Want to strengthen your fraud controls?
Reach out to see how we can help enhance your internal processes for detecting and preventing fraud.– Talk to a konaAI Expert today.