What does the new Failure to Prevent Fraud Offence mean for small businesses?

The UK Government announced on 6th November 2024 the long anticipated date for which the 'failure to prevent fraud offence would come in to force, this being the 1st September 2025.

Fraud the most common crime in the UK, accounting for almost 40% of all crime, yet only 1% of Police budget is allocated to it. With these alarming statistics, the Government had to do something creative, and putting the onus on organisations to take more responsibility is a cheap and potentially quick way to reduce fraud.

So what does this new offence involve?

Quoting the Gov UK website, "The offence will hold organisations to account for fraud committed by their employees, agents, subsidiaries or other ‘associated persons’ who provide services for or on behalf of the organisation, where the fraud was committed with the intention of benefiting the organisation or their clients. It does not need to be demonstrated that the organisation’s senior managers or directors ordered or knew about the fraud."

This essentially means that if someone in your organisation commits fraud for the perceived benefit of your organisation, senior managers or directors will be culpable for failing to put measures in place to stop it or identify it, and can potentially face jailtime as a result (even if they had nothing to do with actually committing the crime).

What type of organisations are affected by this offence?

Initially the offence applies to large organisations (no matter what sector), with criteria needing to meet two out of three of the following: 250 employees, £36 million turnover, £18 million in total assets.

However, much like GDPR and other major legislative corporate changes, it's likely that this will trickle down to include smaller companies as the offence matures. Especially considering that Lord David Hanson, Minister with Responsibility for Fraud, was quoted saying, "This guidance marks the first steps towards a corporate culture shift around fraud prevention" - indicating this first step will be followed by other steps in the journey to stronger fraud resilience.

How will smaller organisations be affected?

All organisations will be affected by the new offence in some way, regardless of size. Key considerations to take into account include:

1. Group structures - although small businesses may sit under the thresholds of the offence themselves, being part of a group structure or investment portfolio may mean they meet the criteria to be included.
2. Supply chain requirements - much like modern slavery policies, third party cyber security risk, and corporate social responsibility, larger organisations will review supply chains to look at what fraud prevention measures vendors have in place, and whether they pose a risk in relation to the offence. This may result in a rejigging of preferred suppliers accordingly.
3. Trickle down legislation - as quoted previously, the Government sees this as a first step in fraud reduction, so the large organisation thresholds are almost certainly going to be reduced to cover mid-sized, and eventually small-sized, organisations. Be prepared!

What if you don't want to go to prison?

The good news is that the Offence has some explicit criteria for what it considers as reasonable fraud prevention procedures, which, if you can clearly demonstrate were in place when a fraud was found, will hopefully get you off the hook. However, for many organisations this will mean some new processes and tooling will be required.

The fraud prevention framework put in place by relevant organisations should be informed by the following six principles:

1. top level commitment - senior management have a leadership role in relation to fraud prevention
2. risk assessment - the organisation assesses the nature and extent of its exposure to the risk of employees, agents and other associated persons committing fraud in scope of the offence
3. proportionate risk-based prevention procedures - an organisation’s procedures to prevent fraud by persons associated with it are proportionate to the fraud risks it faces and to the nature, scale and complexity of the organisation’s activities
4. due diligence - the organisation applies due diligence procedures, taking a proportionate and risk-based approach
5. communication (including training) - the organisation seeks to ensure that its prevention policies and procedures are communicated, embedded and understood throughout the organisation, through internal and external communication
6. monitoring and review - the organisation monitors and reviews its fraud detection and prevention procedures and makes improvements where necessary

“This guidance marks the first steps towards a corporate culture shift around fraud prevention."

‍How can Meysey help?

As a fraud monitoring tool within cloud accountancy software, Meysey ticks a lot of the boxes in relation to monitoring, communicating (incl. our whistleblowing feature), and detecting fraud within an organisation.

To adhere to the full fraud prevention framework you will need to implement a combination of process changes, training, and implementation of tools such as Meysey.

Please share your comments or DM me.

Full details can be read on the UK Government website here.