The UK just made it easier to prosecute companies for fraud. Jacob Atkins breaks down the new offence, who might be affected, and how authorities are likely to approach it.
International trade, and the financing of it, has long been vulnerable to misdeeds due to long and complex supply chains and a reliance on easily manipulated paper documents.
Previously, the law in the UK centred on individual culpability for economic crime. But the introduction of the “failure to prevent fraud” offence by the government as part of broader economic crime legislation marks a significant change, bringing fraud laws more in line with those on tax evasion and bribery.
Experts say risk mapping and comprehensive staff training will help keep banks and corporates out of the dock, even if staff are found to have committed fraud that benefited the company. But ambiguity about how far the law goes in capturing agents or other people associated with a business means that much will only be shaken out when prosecutions begin.
What is the “failure to prevent” offence?
The UK introduced the concept of corporate failure to prevent fraud in the Economic Crime and Corporate Transparency Act (ECCTA), which was passed in 2023. But the “failure to prevent fraud” provision only came into force at the beginning of September 2025.
For the first time, organisations can face criminal prosecution if an associated person [see definition further down] commits a fraud offence for the benefit of the organisation, or a subsidiary. This means it will be more straightforward for authorities to prosecute than under the previous law, where corporations could be found liable only if people with “directing mind and will” – usually taken to mean company directors – were suspected of committing such an offence.
“That has historically been enormously difficult for prosecutors to prove,” says Alan Ward, a partner with law firm Stephenson Harwood. “It’s [now] a lot easier than prosecuting a corporation used to be, before we had this new offence.”
Hannah von Dadelszen, chief crown prosecutor leading on fraud and economic crime, said in September that “the new law represents a major step forward in holding to account those who commit corporate crime. Large organisations must act to put robust fraud prevention systems in place or leave themselves open to legal action.”
Several other countries, such as Australia, have laws that use a “failure to prevent” model, but they mainly target specific crimes such as corruption.
Who does it apply to?
Only “large organisations” fall in scope of the offence. An entity is considered in scope if it meets two of three thresholds in the financial year that preceded the fraud offence. These thresholds are a turnover exceeding £36mn, a total balance sheet above £18mn and a workforce of more than 250 employees.
That immediately brings all trade finance banks, as well as some bigger non-bank trade financiers, into the purview of the offence. The thresholds also likely capture most large commodity traders.
It is less clear how the offence might apply to UK firms managing trade finance funds registered in other jurisdictions, such as the Cayman Islands. Foreign parent companies are also “on the hook” if the crime is committed for their benefit, Ward notes.
Does that mean smaller companies do not have to worry?
Smaller entities may not need to worry about the failure to prevent fraud offence, but another section of the ECCTA, which came into force at the end of 2023, still applies. Under that provision – section 196 – companies of any size can be prosecuted if a “senior manager” commits any of a lengthy list of offences, including false accounting, forgery and money laundering. This also marks a notable broadening of liability for those offences to the corporate level, rather than merely individual, though it has garnered less attention.
Section 196 “has quite big ramifications that I don’t think many companies, particularly small and medium-sized ones, are aware of or have thought about”, says Anne-Marie Ottaway, a partner in law firm HFW’s global investigations and white-collar defence team. “This is potentially a much bigger risk for those organisations.”
Ottaway expects investigators will prefer prosecuting using the failure to prevent offence, but companies that fall below the thresholds can still be prosecuted under the wider ECCTA if a senior manager is involved in the wrongdoing. “I just don’t think people have really been recognising that,” Ottaway says.
Importantly, the statutory defence of having “reasonable” anti-fraud measures in place is not available for companies prosecuted through this provision. But Ottaway notes that prosecutors and judges will still consider whether an effective compliance programme was in place when deciding to bring charges or hand down a sentence.
A spokesperson for the Serious Fraud Office (SFO) tells GTR it hasn’t yet brought a prosecution under section 196, but its investigations typically take several years, and the offence isn’t retrospective, meaning only conduct beginning in January 2024 can be considered.
What is an ‘associated person’?
Under the new offence, a corporation has culpability if an act of fraud is committed by a “person who is associated with” the entity. But the definition of this phrase is open to interpretation. Government guidance states that it includes employees at any level, as well as “an agent” of the organisation and “a person who otherwise performs services for or on behalf of the body”.
Stephenson Harwood partner Emma Skakle, who specialises in international trade and shipping disputes, provides the example of stevedores loading goods onto a vessel. If they have a contractual relationship with the seller, they are very likely to be considered agents.
“So the question then becomes, does that make the seller liable for the acts of the agent, ie the stevedores, and are they therefore caught by the new Act? I think the question around that can be reasonably complicated,” Skakle tells GTR.
“Large organisations must act to put robust fraud prevention systems in place or leave themselves open to legal action.”
Hannah von Dadelszen, Crown Prosecution Service
Is it extra-territorial?
The offence requires a “nexus” to the UK. But a company does not need to be incorporated in the UK, or even have operations in the country, to fall foul of the failure to prevent offence.
“The nexus that’s required is that the fraud has got to touch the UK in some way,” says Ward at Stephenson Harwood.
This can include a fraud conducted entirely overseas but where the victims are in the UK. He adds that some of the most common questions he has fielded about the new offence concern its extra-territorial nature and the potential culpability of overseas parent companies.
How can companies defend themselves?
Companies facing prosecution under the failure to prevent offence have a get-out clause if they can convince a court that they have “reasonable fraud prevention measures in place” – a statutory defence to the crime.
Government guidance says those prevention measures should be based on six principles: top-level commitment, risk assessment, proportionate risk-based prevention procedures, due diligence, communication and training, and monitoring and review.
The level and quality of training provided will also be a major factor in a situation where a financial institution’s employee or associated person authorises a deal knowing the underlying transaction is fraudulent, according to Priya Giuliani, an investigations and compliance partner at consultancy HKA.
“If you have designed and implemented a robust anti-money laundering and sanctions programme, then you should have most of the controls in place to safeguard against that [trade finance transaction] going through,” says Giuliani, who advises trade-focused banks in London on regulatory and financial crime compliance.
“You have to demonstrate that you took reasonable measures to prevent this from happening: that your employees were trained properly, they understood it, you gave them specific examples to show them how this type of activity could work, you told them that you have a zero-tolerance for anyone internally doing this.”
At a trade finance transactional level, Giuliani says, banks’ current anti-financial crime controls should only need mild tweaks to meet the new requirements. “It’s not a heavy lift if you’ve got good trade finance controls in place for the existing requirements around money laundering and sanctions,” she says.
Skakle at Stephenson Harwood adds that, in her earlier example of a stevedore working at a foreign port who could be considered an agent of a company, businesses with such arrangements may need to have “reasonable” structures in place to oversee the activities of port personnel handling their goods.
But clarity on what is considered reasonable can only be gained if and when cases are brought. The government’s guidance for companies says that “ultimately only the courts can determine whether a relevant body has reasonable prevention procedures in place to prevent fraud in the context of a particular case, taking into account the facts and circumstances of that case”.
Ward notes that while banks already have sprawling compliance processes to prevent financial crime, these are typically geared toward catching fraud against themselves, rather than wrongdoing perpetrated by a lender’s own staff or agents. “Although a lot of the infrastructure around fraud prevention – the personnel, the skill – is there,” he says. “What’s required is a tweaking or looking afresh at the species of fraud that this new legislation requires the bank to prevent.”
When will prosecutions begin?
Prosecutions under the offence can be brought by a range of authorities, including the SFO, which has recent experience in tackling trade finance and commodity fraud.
Its almost decade-long investigation into London-headquartered firm Balli Steel resulted in a jury convicting four of the company’s senior staff in early 2023. The probe and subsequent trial delved into the technicalities of bills of lading, letters of credit and other trade documents, covering some of the most common types of fraud in trade finance.
In 2021, the SFO also launched an ongoing investigation into the GFG Alliance, a group of steel and commodity trading companies linked to Sanjeev Gupta.
Shortly after taking the reins of the SFO in late 2023, director Nick Ephgrave vowed to pursue large companies despite the risk of high-profile failure. “Whilst that risk is very clear and ever-present, that does not diminish our appetite one drop to take on defendants with big pockets,” he said. “If the evidence is there, we will build a case and take it to court, irrespective of how rich or well-resourced you are, because that’s the right thing to do.”
Deferred prosecution agreements, which allow companies to pay a hefty fine without admitting or denying liability, are likely to feature heavily when prosecutions arise. Striking a deal is often attractive to well-resourced companies that, even if they are confident in their defence, are keen to avoid the scrutiny and headlines that accompany a high-profile criminal trial. UK authorities have previously reached such agreements with companies including Rolls-Royce, Airbus and Tesco.
But the types of wrongdoing most common in trade finance – a company defrauding a bank, or a seller ripping off a buyer – may be less enticing to UK prosecutors than crimes that involve individual UK victims. Large companies that have been defrauded also have the means to pursue civil action, which is typically faster than criminal proceedings.
“The risk of prosecution is heightened where there might be multiple victims of a fraud, for instance, or it’s distorted the market quite significantly, leading to multiple losses,” says HFW’s Ottaway. “In those cases, the public interest considerations will weigh more heavily in favour of prosecution.”
