By September 1, 2025, organisations must comply with the UK’s Failure to Prevent Fraud offence, introduced under the Economic Crime and Corporate Transparency Act (ECCTA) 2023¹. This regulation holds large² organisations accountable for failing to prevent fraud committed by their employees, agents, contractors, or other “associated persons” acting for the organisation’s benefit, whether directly or indirectly.
The offence applies to fraud as defined in the Fraud Act 2006³, including insider fraud, where individuals abuse their trusted positions, such as employees, agents, contractors, or subsidiaries. Insider fraud is particularly concerning because it exploits sensitive data, undermines internal controls, and harms organisational integrity, making it a critical focus of fraud prevention efforts.
The legislation applies not only to organisations based in the UK but also to foreign organisations with employees or victims in the UK, which must consider its potential impact. Notably, organisations may still be held liable even if senior management is unaware of the fraudulent actions.
The message is clear: Fraud prevention demands proactive measures. Organisations must prioritise risk assessments, secure high-risk internal systems, monitor privileged access, and implement regular training. By addressing insider threats as part of these efforts, they not only mitigate fraud risks but also demonstrate compliance, protect their reputation, and earn stakeholder trust.
