With the new Failure to Prevent Fraud offence now in force, it’s essential that law firms understand their responsibilities and take steps to ensure effective fraud prevention measures are in place.

The new offence, which came into effect on 1 September 2025 under the Economic Crime and Corporate Transparency Act 2023 (ECCTA), places a duty on organisations to prevent fraud committed by employees, agents, subsidiaries, or other associated persons for the benefit of the organisation or its clients.

Why the new law matters

The Failure to Prevent Fraud offence represents a significant shift in corporate accountability. It currently applies only to large organisations – those meeting at least two of the following thresholds:

• turnover of more than £36 million
• balance sheet total of more than £18 million
• more than 250 employees.

However, the Government has indicated that it may review the scope of the offence in future, potentially extending the duty to smaller organisations.

The Home Secretary’s statutory guidance, published in November 2024, confirms that the offence is intended to build an anti-fraud culture across all sectors, similar to the transformation seen after the introduction of the Failure to Prevent Bribery provisions in 2010.

Importantly, an organisation can be criminally liable even if senior management were unaware of the fraud, and even where no financial benefit was ultimately received. The mere intention to benefit the organisation or its clients is enough to trigger liability.

What firms should be doing now

To defend against prosecution, organisations must be able to demonstrate that they had reasonable fraud-prevention procedures in place at the time the fraud occurred. What is considered “reasonable” will depend on the level of risk and the degree of control the organisation has over those acting on its behalf.

At Legal Eye, we recommend that firms:

• Review the Home Office guidance (November 2024) and updates from the SRA, Law Society and CLC
• Audit existing risk management frameworks and fraud-related policies to ensure they reflect ECCTA requirements
• Incorporate “Failure to Prevent Fraud” sections into policies such as Financial Crime, AML, and Supplier Due Diligence
• Consider whether Client and Matter Risk Assessment forms and supplier due diligence need to be updated to reflect fraud vulnerabilities
• Extend contractual terms with outsourced providers to include fraud prevention obligations
• Conduct audits of internal and external procedures – including accounts, billing, client communications, supplier relationships and data controls – to identify potential exposure points
• Review staff screening and ongoing monitoring processes; reliance on trust alone will not be a defence.
• Deliver training to ensure all staff understand the implications of the new offence and their responsibilities under the ECCTA.

A proactive step for law firms

Commenting on the new law, our MD, Paul Saunders, said:

“This is a significant development in corporate accountability. The ‘Failure to Prevent Fraud’ offence sets a clear expectation that organisations must take proactive, proportionate steps to prevent fraud – not simply react to it. Even though the offence currently applies only to large organisations, regulators are already signalling that all firms should be embedding strong anti-fraud procedures as a matter of best practice.”

Our compliance experts can help firms review and update their policies, controls and training to ensure compliance with the new duty and to strengthen overall fraud prevention measures.

Next steps

For more information or to discuss how we can help your firm meet the requirements of the new Failure to Prevent Fraud offence, contact us at [email protected] or call 020 3051 2049.