The Countdown is on: Failure to Prevent Fraud Offence will come into force on 1 September 2025

The introduction of the failure to prevent fraud offence under the Economic Crime and Corporate Transparency Act 2023 marks a significant shift in how organisations, including charities, are held accountable for fraud which takes place within the organisation.

However, the clock is ticking as the offence comes into force on 1 September 2025.  Charities need to ensure they are aware of what the offence entails, whether they will be caught by the provisions and ensure that reasonable fraud prevention procedures are in place, to act as a defence, should a relevant fraud incident occurs.

Overview of the Offence

The failure to prevent fraud offence is designed to make it easier to hold organisations accountable if they fail to prevent specified fraud offences committed by those associated with them. 

An organisation will be held criminally liable for failing to prevent fraud if:

1. An "associated person" commits a specified fraud offence; and
2. The fraud offence is committed with the intention of benefiting the organisation, either directly or indirectly.

It is important to note that directors, trustees, or senior officers are not personally liable under this offence, as it targets the organisation as a whole.

Who is an Associated Person?

An "associated person" is anyone who performs services for or on behalf of the organisation. This includes trustees, directors, employees, agents, as well as other third parties, even if they are not under contract with the organisation. The scope is broad, capturing any person who provides services for or on behalf of the organisation, while they are providing those services.  Therefore, a wide range of individuals could potentially expose your charity to liability.

Intention to Benefit

For your charity to be held liable, the associated person must have committed the specified fraud offence with the intention of benefiting the charity. This benefit can be direct or indirect and does not need to be financial; the intended benefit could include an unfair business advantage or gaining future opportunities for the charity. 

The mere intention for the charity to receive some benefit is sufficient for liability to arise; it does not need to be the sole or dominant motivation for the fraud and the benefit does not need to actually be conferred.   

However, if the charity itself is the victim of the fraud, it will not be held liable. A charity would not be liable for failing to prevent fraud where an employee is seeking to defraud the charity by manipulating expenses, for example. 

Does the Offence apply to all Charities

Currently, only "large" organisations fall within the scope of the legislation. 

A charity is considered large if it meets two of the following criteria:

• More than 250 employees;
• More than £36 million turnover;
• More than £18 million in total assets.

Reasonable Procedures Defence

Where a charity meets the threshold for the offence to apply and is then facing liability for a failure to prevent fraud, it could avoid being found guilty if it had reasonable fraud prevention procedures in place.

The onus will be on the charity to prove that it had reasonable procedures in place at the time the fraud took place. It will not be a defence to show that reactive steps were taken as a result of a fraud incident. 

Late last year, the Government issued a guidance note on the upcoming failure to prevent fraud offence. In February 2025 the Charity Commission issued an alert to charities that may be subject to the new offence and encouraged charities to read the Government guidance. 

The guidance sets out six key principles which underpin the fraud prevention measures that organisations should have in place. Courts will consider these principles when determining whether an organisation can rely on the reasonable procedures defence.  

1. Top-level Commitment: Senior management must lead by example, fostering a culture where fraud is unacceptable.
2. Risk Assessment: Charities should evaluate their exposure to fraud risks, considering all those who would be deemed an "associated person". These assessments should be dynamic and remain under review.
3. Proportionate Risk-based Prevention Procedures: Devise fraud prevention plans, with procedures being proportionate to the risk identified in the risk assessment.
4. Due Diligence: Conduct risk-based due diligence, especially for those providing services for or on behalf of the charity.
5. Communication and Training: Educate employees and other associated persons on fraud risks and prevention measures. This acts as an endorsement to the fraud prevention culture. 
6. Monitoring and Review: Regularly review and update fraud prevention measures.

Preparing for Compliance – Is your Charity ready?

Charities should take advantage of the lead-in period to prepare for compliance. 

Even if your charity would not be caught by the offence at this stage, it is still worth bearing in mind as the offence could be extended to smaller organisations over time.  Additionally, if your charity is associated with or works alongside a larger charity which is caught by the offence, your charity may be deemed an "associated person" of the larger charity, and they may want to see that you have sufficient measures in place to ensure they don't face a conviction. 

Given that fraud is such a prevalent issue within the charity sector, the principles underpinning the offence and the reasonable procedures defence provide a helpful guidance when considering or reviewing your fraud prevention strategies more generally. 

Key Considerations

1. Senior Buy In – Are your trustees and senior management team aware of the offence and their role in setting the tone from the top?
2. Risk Assessments – Does your charity have fraud risk assessments in place? Have they been reviewed recently?
3. Policies and Procedures – Does your charity have policies and procedures in place dealing with fraud?  Are they fit for purpose?  
4. Culture – Do you have a whistleblowing procedure?  Do employees, agents and other stakeholders feel comfortable / confident in reporting fraud
5. Training – How often is training undertaken?  What does the training cover? Is it tailored to different roles and risks?
6. Contract review – Do contracts with third parties need to be reviewed to include terms related to associated persons? Do you need to consider any employment checks / vetting for higher risk roles?  

At Trowers & Hamlins, we regularly assist charities in assessing their fraud prevention measures, draft and/or review existing policies, procedures and risk assessments and advise on fraud risk management. If you are interested in hearing more about how we may be able to help your charity, please contact Emily Sharples.