Regulatory update: are you ready for the new failure to prevent fraud offence coming into force?

Construction has been referred to as a building site for fraud and corruption.

The unique construct of the work and projects, including political and public pressure on projects, complex supply chains, high-value work, delays and overruns, makes risks of fraud and corruption higher for the sector. 

Those risks make the sector vulnerable to exposure to the new failure to prevent fraud (“FTPF”) offence, which comes into force in the UK on 1 September 2025. This new offence will make large organisations criminally liable for fraudulent conduct of their associates which is intended to benefit the organisation.

This new corporate offence was introduced by the Economic Crime and Corporate Transparency Act 2023 (“ECCTA”), a hefty piece of legislation designed to increase corporate transparency and combat economic crime. The FTPF offence did not come into effect immediately, requiring UK Government guidance to be published, which came in November 2024. Now, the countdown is on to the offence coming into force. Relevant organisations should have this regulatory change on their radar and included on their risk register for 2025 to ensure that any actions required are taken to best protect corporate interests ahead of this date.

What is the new failure to prevent fraud offence?

The FTPF offence applies to large commercial organisations where they fail to prevent fraud by associated persons, provided the fraud was committed with the intention of benefitting the organisation or those to whom it provides services. Associates include employees, agents and subsidiaries.

A relevant body is a large commercial organisation which meets at least two of the three following criteria:

• More than 250 employees
• More than £36 million turnover
• More than £18 million in total assets

Despite the threshold for large organisations, it is not just about big corporates. This is because of the potential to capture subsidiaries and supply chain partners who could be below the threshold but end up being caught or required to comply as part of a wider group.

The offence also has an extraterritorial reach. Non-UK corporate bodies or partnerships are caught, regardless of where they are incorporated or formed, providing they fall within the definition of a relevant body. The offence applies to parent companies if the group headed by it (defined as the parent and its subsidiaries) meets, in aggregate, two or more of the criteria above.

This is a strict liability offence, meaning there is no need to prove that the organisation instructed or had knowledge of the fraud. Penalties include unlimited fines for the corporate.

The only defence against the new offence is for relevant organisations to demonstrate that they had in place reasonable procedures to prevent fraud or otherwise show it was not reasonable to have such procedures in place. The Statutory Guidance outlines expectations of reasonable fraud prevention procedures, based around six guiding principles, and should be used by organisations requiring to comply.

What does the new failure to prevent fraud offence mean for the construction sector?

The new offence creates opportunity for a more proactive and preventative approach to be taken to fraud which in turn can produce positive commercial impact, including profits. Even where a company on its own does not meet the large organisation threshold, it is prudent for any construction company forming part of a bigger group that is subject to the offence or where there are ambitious growth plans, to consider the new offence and actions required.

Those involved in the construction sector will have existing fraud control measures across their business. There is no requirement here to start from scratch where it may be more effective to extend existing fraud prevention processes. The key, however, is to understand the extent of any existing processes and review those against an assessment of fraud risks and potential offences that are in scope under ECCTA.

The guidance should be consulted to ensure that risk assessments are suitable and sufficient to identify prevalent risks of associated persons committing fraud for the benefit of the organisation, its group or its clients. The statutory guidance makes it clear that any organisation that does not have a documented risk assessment will be unlikely to have reasonable procedures for fraud prevention in place.

With public sector fraud and error losses alone estimated to be between £33-59 billion annually, the UK Government has a defined strategy to counter fraud. The new FTPF offence will be a powerful tool that can be used, in theory, to make it easier for organisations to be prosecuted and made criminally liable for failing to prevent any fraud taking place. Ultimately, if fraud goes undetected it is not possible to fight it. The FTPF offence requires a change in perspective and a proactive approach to achieve the best outcomes and protect business interests.

We can help with thorough risk assessments to identify relevant fraud risks and advise on what proportionate and appropriate controls should look like to best mitigate the risks. For more information, get in touch with your regular Burness Paull contact or our Corporate Crime team, who would be delighted to assist.

Related News, Insights & Events