With just under two months to go, a new UK law is about to take effect that will punish firms deemed not to have taken sufficient steps to prevent fraud. The impact of the new rule reaches far and wide.

A new “failure to prevent fraud” law in the UK takes effect from the start of September this year. Its reach, which could stretch globally, will add to firms’ compliance burdens, including those in the wealth sector.

The new offence has been brought in as part of the Economic Crime and Corporate Transparency Act, which received Royal Assent on 26 October 2023 under the previous Conservative government. Like the UK Bribery Act of 2010, there is an extra-territorial aspect to this law – meaning that firms above a certain size which have activities overseas cannot assume that these are out of bounds.

There is a lot at stake. Moody's, in a recent presentation, said that £1.17 billion ($1.6 billion) was lost in 2024 to unauthorised and authorised fraud; some 3.13 cases of unauthorised fraud were reported last year, rising 14 per cent from 2023. Fraud makes up 40 per cent of all crime in the UK. 

The new law covers corporates and partnerships. Organisations must meet two of the three following criteria to come under the law’s coverage: having more than 250 employees, more than £36 million turnover, and more than £18 million in total assets.

“A key feature of all corporate failure to prevent offences is the extraterritorial reach. The new failure to prevent fraud offence enables the SFO (Serious Fraud Office) to pursue fraudulent acts committed anywhere in the world,” Natalie Sherborn, partner in the white-collar defence and investigations team at Withers, told WealthBriefing.

“The SFO has proved itself to be very active at home since Nick Ephgrave [SFO director] took over the reins. It is clear from the recent expansion of the SFO’s cross-border capabilities, strengthening ties with law enforcement agencies overseas, that he is looking to widen his sights to the international landscape too,” she said. 

Ted Datta, senior director, financial crime industry practice at Moody’s, agreed that the cross-border aspect of the new law is an issue. “The particular challenge with the Failure to Prevent Fraud offence is that it includes third-party supply chains. Many in the industry still have limited insight into these relationships.” 

“This regulation essentially raises the bar, pushing firms to strive for a much more comprehensive and dynamic understanding of their extended networks –  something that can be materially improved through unified data solutions and workflows,” he said.

Strict liability
Another important and perhaps contentious point is that the new law is a strict liability offence – it is not necessary to prove intent to be guilty if it can be shown that necessary steps to prevent wrongdoing were not taken. To avoid falling foul of the law in the event of a case, a firm must show that it has taken reasonable steps to prevent fraud, for instance through proportionate risk-based prevention procedures, due diligence, training and communication, and monitoring.

A large problem
Fraud is a multi-billion-pound problem. (For the purpose of this law, it covers offences such as false accounting, abuse of position, participation in a fraudulent business, false representation, obtaining services dishonestly, cheating public revenue, failure to disclose information and others.)

If errors as well as fraud are taken into account, as much as £58.5 billion of taxpayers' money has gone, Moody's said, citing Public Sector Fraud Authority figures.

Firms are preparing for the new law, Moody’s Datta said. 

“While some costs can be absorbed into existing systems, especially where firms already have controls under the UK Bribery Act or similar regimes, this new requirement is more prescriptive in scope. Most organisations will likely need to enhance monitoring, training, and governance,” he said. “That said, for firms already investing in broader risk and compliance automation, there is real potential for alignment rather than duplication.”

Datta said Moody’s new Maxsight™ unified risk platform will be useful in complying with the new law.

“The Maxsight™ platform is designed to help organisations with numerous compliance requirements assess and manage risks through one system. The platform can assist businesses in understanding who they are working with –  so it covers Failure to Prevent Fraud,” he said.   

Clients want answers to queries about the new law and what they should do, Datta said. 

“Customers are asking questions around what constitutes 'reasonable procedures’ and how they can demonstrate compliance. Many of them are also interested in working through how to assess the adequacy of their existing fraud prevention frameworks, what new types of fraud might trigger liability, and how to prepare for regulatory scrutiny,” he said. 

Sherborn of Withers has a concern. 

“Although sizeable UK institutions will have been proactive about these measures, there is a sense that some overseas corporates with a UK nexus are not taking the risks seriously,” she said. “At a time when the corporate operating environment is facing increased stress from international trade disruption and economic uncertainty, corporates should be aware of the heightened risk of falling foul of the legislation and take steps to ensure they can avail themselves of the defence of having reasonable procedures in place should the need arise.”

Since the UK Bribery Act was introduced in 2010, there has been a total of about $4 billion in settlements concerning deferred prosecution agreements involving firms that were deemed to have breached the rules, according to Moody's, citing data from Simmons & Simmons.