The UK’s new “failure to prevent fraud offence,” coming into effect on 1 September 2025, puts a direct onus on large organisations to proactively combat fraud. This means no more waiting for the whistleblower, no more reactive damage control. It’s about building an anti-fraud fortress from the ground up and one which encompasses all layers and levels of your organisation.
The government’s own guidance on the offence states it “is intended to encourage organisations to build an anti-fraud culture, in the same way that failure to prevent bribery legislation has helped reshape corporate culture since its introduction in 2010.”
For law firms, it is crucial that an effective anti-fraud compliance programme is implemented as part of the overarching financial crime compliance system. We’re not just talking about money-laundering anymore, Toto.
The new offence applies to any organisation with two of the following three criteria: over 250 employees (to include contractors or consultants), a turnover exceeding £36 million, or total assets over £18 million.
The “organisation” is taken widely: if you are part of a larger group, the definition applies to the group itself. As such, it will apply, of course, to the very large law firms but also those who are involved in a group structure (whether nationally or globally), or indeed, those who have a network of consultants. Don’t think it is just confined to the Magic Circle: it is likely that many regional or boutique firms could also be caught.
The offence targets situations where an individual commits some sort of fraud, intending a direct or indirect benefit to the company. The fraud is external, rather than internal, for example against a client or a supplier. There also has to be some sort of “UK nexus”. This UK nexus is intended to be wide and could easily cover situations where a non-UK subsidiary’s employee commits a fraud.
The consequences are severe: hefty fines and the reputational damage that can ripple through your entire ecosystem.
The legislation is, of course, as yet untested in the Courts but, as with when the anti-bribery legislation came in, prosecutors and politicians will no doubt be champing at the bit to drive successful prosecutions through.
Before you think the offence is more relevant to other industries, consider the following: You are a largish UK law firm with an attractive bonus structure. One of your fee-earners inflates their billing figures. That’s a fraud on the client – and there is a benefit to the law firm (as well as to the employee, who wants that bonus). You are caught by this offence, unless you can defend yourself.
The flip side: A defence built on reason
While the new law may seem daunting, it’s not a free-for-all. Organisations can defend themselves by demonstrating they had reasonable procedures in place to prevent fraud. This isn’t a check-the-box exercise; it’s about a genuine commitment to robust anti-fraud measures. But how do you achieve this?
Building the fortress: Steps for a proactive approach
As with all financial crime compliance, the key is to embrace a proactive, risk-aware culture. Law firms have been doing this with in respect of money-laundering for a long time: expand your AML compliance programme to ensure it considers fraud.
Start with conducting a comprehensive fraud risk assessment. Identify potential vulnerabilities within your organisation and prioritise mitigation strategies. Law firms could use their firm-wide risk assessment template as a useful template.
A specific fraud risk assessment could consider what is known as the “fraud triangle”, looking at motivations, opportunities and rationalisations for committing fraud. You should:
- Think about your clients – what they do, where they are based, and how well you know them. Might these factors encourage or allow your employees to commit fraud?
- Consider your people management structure: is your oversight sufficient? What about your commitment to staff wellbeing or incentivisation? As in the example above, a sharp billing or bonus culture could be a motivation for an employee to inflate their billing figures.
- Ask, how does your operations function, including procurement, work? An employee could be committing fraud against a supplier, not just a client.
From there on, it is a case of addressing your policies and procedures. Again, don’t reinvent the wheel: build appropriate sections or stages into your existing financial crime systems, for example screening employees.
MLROs and HR managers often wring their hands over who is a “relevant person” to have screening conducted on them under the Money Laundering Regulations. The new fraud offence might remove that: arguably, all employees, consultants or contractors could be at risk of committing fraud with an intention to benefit the company, so just screen everyone for red flags as a starting point.
Next, invest in or develop robust training programs. Educate your employees about fraud risks, red flags, and reporting procedures. This empowers your workforce to become your first line of defence against fraudulent activity. Make sure fraud awareness is dealt with in induction training and build it into your ongoing AML training programme.
Make sure you understand the third parties who work for or on your behalf. Scrutinise your outsourcing agreements to ensure they have adequate anti-fraud measures in place. Ensure that everyone – even the most casual of consultants – has undertaken appropriate induction and ongoing fraud awareness and prevention training. Undertake due diligence on consultants and other suppliers to gauge their level of risk and what measures they have in place already. Take a cautious approach, perhaps insisting a consultant undertakes your firm-specific training, rather than relying on their own CPD.
Beyond the walls: Cultivating a culture of prevention
The “failure to prevent fraud offence” isn’t just about implementing policies; it’s about fostering a culture of prevention. This means communicating your law firm’s zero-tolerance attitude towards fraud at all levels.
Key will be showing that you have a robust monitoring and oversight programme in place. Test your procedures using an independent auditor. Carry out spot-checks on procurement activities or billing guides. Speak to your staff and assess what they remember from the training.
Again, as with money-laundering, record your near-misses or breaches. Analyse them: are you eradicating the opportunities for fraud? Are you confident that you are picking up risks before they develop into something more?
The new “failure to prevent fraud offence” marks a significant shift in the UK’s regulatory landscape, focusing on fraud as a governmental priority. But it’s not a cause for panic. With a proactive and comprehensive approach, you can navigate this new terrain and build a law firm that is genuinely resilient to fraud.
Please contact us for assistance with reviewing or building an anti-fraud compliance programme.
