Failure to Prevent Fraud: Demonstrating Reasonable Procedures in Practice
This article discusses the implications of the UK's Economic Crime and Corporate Transparency Act 2023, specifically the "failure to prevent fraud" offense, which comes into effect on September 1, 2025. It emphasizes that large organizations must credibly demonstrate a proportionate, coherent, actively maintained, and dynamic fraud prevention framework to avoid liability. The piece highlights the shift from mere compliance to a governance issue requiring clear evidence of effective fraud risk management.
The Evolving Landscape of Fraud Prevention
The upcoming "failure to prevent fraud" offense under the UK's Economic Crime and Corporate Transparency Act 2023, effective September 1, 2025, significantly raises the stakes for large organizations. This legislation mandates that companies meeting specific thresholds (turnover of £36M+, assets of £18M+, or 250+ employees) can be held liable for fraud committed for their benefit unless they can prove "reasonable procedures" were in place to prevent it. This shifts the focus for boards and audit committees from a technical compliance exercise to a fundamental governance challenge, demanding demonstrable and credible fraud prevention frameworks.
Beyond Policy: Evidencing Proactive Fraud Management
For internal audit and assurance professionals, this means moving beyond simply having policies and training in place. The article stresses that defensible fraud prevention is not about adding more documentation but about clearly articulating and evidencing how fraud risks are identified, owned, and actively managed across the organization. Key elements of an effective framework include:
- Clear leadership from the top.
- Fraud risk assessments that accurately reflect operational realities.
- Proportionate controls targeting genuine areas of exposure.
- Due diligence extending beyond initial recruitment.
- Practical awareness programs and trusted speak-up channels.
- Ongoing monitoring to ensure controls remain effective as circumstances change.
Building Confidence Through Assurance
The core message for assurance professionals is the need to instill confidence in the fraud prevention framework. This confidence stems from a clear understanding of risks, rather than assumptions, and assurance activities that genuinely reflect the operational reality, not just the stated intentions. Internal audit plays a crucial role in challenging the governance body to ensure their fraud prevention framework is not only well-designed but also actively maintained, dynamic, and consistently operating effectively. The ability to evidence these "reasonable procedures" will be paramount in mitigating legal and reputational risks under the new legislation.
Read more