Businesses should prepare for new rules on fraud or they risk being caught out

The clock is ticking… in three months, the prevention of fraud offence comes into force. This new offence has been introduced by the Economic Crime and Corporate Transparency Act 2023 and becomes effective on 1 September 2025. As from that date, where an associated person commits a fraud intending to benefit an organisation or, in some circumstances, its client, that organisation could be convicted for a failure to prevent the fraud unless it can show it had reasonable preventative procedures in place.

Which businesses are at risk?

In order to be in scope, an organisation must meet two of the following three criteria: more than 250 employees, a turnover of more than £36 million, or total assets in excess of £18 million. 

An associated person is someone such as an employee or agent of the organisation or subsidiary.  The type of fraud committed by the associated person needs to fall within one of the ‘base offences.’ These are wide-ranging and broadly cover fraud offences. The benefit does not have to be financial, and the intention to benefit the organisation does not have to be the only motivation for the fraud; the main motivation for the person committing the fraud may be to benefit themselves. Importantly, the people running the organisation do not need to have been aware of the underlying fraud for the new offence to have been committed.

Whilst many businesses will already have procedures and safeguards in place to prevent fraud being perpetrated against them, the new offence requires the organisation to have extensive procedures in place to prevent a fraud being perpetrated that benefits it or a client.

Amongst the fanfare leading up to the introduction of the new offence, there has been a lot of focus on typical ‘fraud’ offences. However, the reach is much wider than you may think, and government guidance published towards the end of 2024 gives two examples which are directly relevant to businesses that are regulated under environmental legislation. 

Real-life business cases 

The first example sets out a scenario where an investment fund promotes an investment in a sustainable timber business. In fact, the timber does not come from a sustainable source and the environmental credentials have been falsified. The person at the investment fund who put together the brochure for potential investors which contained this information is aware it is untrue. The underlying fraud by the individual will be fraud by false representation. However, the investment fund may also be prosecuted under the new offence if it did not have sufficient procedures in place to prevent the fraud. In fact, it may be prosecuted even if no-one relied on the misrepresentation to invest, because the intent to benefit the investment fund will be sufficient in itself.

The second example relates to a business which has a permit allowing it to make specified discharges into a watercourse. In order to comply with the conditions of the permit, the business must provide data to the Environment Agency regarding discharge. The business actually discharges more than it is allowed to, which could be for a number of reasons, including as the result of a failure by the plant, and so an individual within the organisation submits falsified data in an attempt to avoid financial penalties. The individual would have committed fraud by false representation, and if the business did not have reasonable processes in place to prevent this fraud, it could be prosecuted for failure to prevent fraud. This would be in addition to any environmental criminal offences that may have been committed.

Businesses that operate in regulated areas will already have numerous statutory criteria to meet. It may be that some existing procedures demanded as a result of such regulation are sufficient to ensure compliance with aspects of the obligations created by this new offence. For example, the government guidance says that existing procedures relating to environmental statements may be sufficient to reasonably identify fraudulent misstatements. However, businesses should not rely on existing procedures as being sufficient without first assessing whether they are adequate to prevent each of the different types of fraud identified in their risk assessment.

The Serious Fraud Office has said that it is currently looking for a case to prosecute under the new offence when it comes into force, so businesses should now be actively looking to achieve compliance in advance of 1 September 2025.