New UK Corporate Fraud Liability: “Failure to Prevent Fraud” (Effective 1 September 2025)

From 1 September 2025, UK organisations will face a significant expansion of corporate criminal liability through a new offence commonly referred to as “failure to prevent fraud.” Under this regime, a company may be held criminally liable where fraud is committed by employees, agents, or other associated persons for the organisation’s benefit, if the organisation did not have reasonable fraud prevention procedures in place.

For financial institutions and other regulated firms, this development materially raises the standard expected of fraud risk management. It reinforces the need for a demonstrable and embedded framework—moving beyond policy documents to evidence of effective implementation, oversight, and ongoing monitoring. In particular, organisations should expect greater scrutiny of:

• Fraud risk governance and controls that are preventative, not merely reactive
• Operational ownership and accountability, including escalation and decision pathways
• Documented evidence of reasonable steps, testing, and continuous improvement
• Third-party risk management, including due diligence and contractual controls
• Incentives and conduct drivers that may create fraud-enabling pressures

How Nistad Limited supports clients

Nistad Limited helps organisations prepare for this shift by strengthening end-to-end fraud prevention arrangements, including:

• Reviewing existing fraud controls against the “reasonable procedures/steps” standard
• Designing layered prevention and detection architectures aligned to risk profiles
• Establishing clear accountability, escalation and governance to embed compliance culture
• Delivering internal reviews, tabletop exercises, and scenario testing (including red teaming)
• Enhancing third-party oversight and conduct/incentive risk controls

This evolving legal landscape means fraud risk is no longer only a financial crime concern—it is also a corporate criminal liability issue. Organisations should consider early action to assess exposure and ensure their fraud prevention framework is proportionate, evidenced, and operationally effective.