The introduction of the Economic Crime and Corporate Transparency Act 2023, specifically the offense of failure to prevent fraud (FTPF), takes effect on 1 September 2025. Every US company doing business in the UK or with UK companies must be aware of this law and its implications for them. The jurisdiction is as broad as or even broader than the US Foreign Corrupt Practices Act (FCPA). Corporate compliance professionals are finding themselves in uncharted territory with this new legal framework, requiring a thorough understanding of how this legislation applies and how it can potentially reshape their compliance strategies. Fortunately, the UK government has put out a document entitled “Economic Crime and Corporate Transparency Act 2023: Guidance to organisations on the offence of failure to prevent fraud.” (The Guidance) Over the next several blog posts, I will explore the Guidance and its implications for US-based compliance professionals.
The FTPF introduces corporate criminal liability for large organizations where an associated individual commits fraud, intending to benefit the organization or its clients. This represents a seismic shift for corporate compliance programs because senior management does not need to have ordered or even been aware of the fraud for liability to attach. The very act itself, if proven to benefit the organization or its clients, triggers organizational accountability.
Which companies exactly fall under this statute? The scope applies specifically to large organizations, defined as incorporated entities or partnerships that meet at least two of the following criteria: having more than 250 employees, a turnover exceeding £36 million, or total assets exceeding £18 million. This definition intentionally includes subsidiaries and partnerships within its ambit, casting a wide net for compliance oversight.
The Guidance clearly defines the types of fraud included under the new offense. These base fraud offenses include fraud by false representation, failing to disclose information, abuse of position, false accounting, cheating the public revenue, and fraudulent trading. Organizations must now look beyond mere regulatory adherence to proactive fraud detection and prevention strategies, given the broad spectrum of fraud covered.
The term “associated person” is critical. It extends beyond employees and explicitly includes agents, subsidiaries, or any other persons providing services for or on behalf of the organization. The Guidance notably excludes those merely supplying goods, emphasizing service relationships as the core focus. Understanding the depth and breadth of these associations will require enhanced due diligence processes, rigorous vetting of service providers, and a fundamental re-evaluation of contractual relationships.
Territoriality is another aspect that compliance professionals must closely evaluate. The offense holds a distinct UK nexus; thus, fraud committed by associated persons must either occur in the UK or involve gains or losses realized within UK boundaries. This global perspective on compliance places significant responsibility on UK-based operations with international associations and activities.
Notably, the Guidance outlines scenarios to clarify ambiguities. Consider, for instance, the fraud committed by the payroll department, which diverted employee pension funds to support other internal projects. Here, the payroll head abuses their position of trust to commit fraud intended to benefit the company’s operations. Even if no senior manager or director was aware of the fraud, the company could still face prosecution under this legislation unless it has demonstrably reasonable procedures in place to prevent such fraud.
In terms of defensive mechanisms, the guidance emphasizes the implementation of “reasonable fraud prevention procedures.” This implies that corporations must adopt tailored compliance systems that consider the specific risks associated with their industry, size, and operational territories. Simply having generic fraud detection tools will likely fall short of satisfying this legal standard. Instead, robust, proactive, risk-specific compliance measures, supported by ongoing training and review, become non-negotiable.
The Serious Fraud Office will lead investigations into the FTPF, and the Crown Prosecution Service will handle any courtroom work. An interesting aspect here is the possibility of Deferred Prosecution Agreements (DPAs) in England and Wales, suggesting that organizations may negotiate terms if fraud prevention measures were deemed insufficient initially but have since been significantly improved.
The Guidance emphasizes the importance of corporate cooperation with enforcement authorities. Organizations that demonstrate transparent reporting, proactive fraud detection efforts, and comprehensive preventive frameworks are likely to receive more favorable prosecutorial discretion and may be eligible for DPAs.
From a compliance perspective, understanding intent to benefit is crucial. The Guidance explicitly notes that even indirect or unrealized benefits to the organization, such as a failed attempt to attract investors through false accounting, could trigger liability. The intent to benefit need not be the primary motivation; any incidental or indirect benefit, financial or otherwise, places the organization at risk. Compliance programs must thus anticipate, monitor, and mitigate even seemingly remote risks.
This guidance represents not only a legal shift but also a call for a cultural transformation within corporations. Compliance professionals must foster an environment where ethical practices are embedded, whistleblowers are supported, and robust prevention frameworks are continuously evaluated and strengthened.
Key Highlights for Corporate Compliance Professionals:
- Understand the expanded scope of corporate liability and who qualifies as an associated person.
- Clearly identify the specific types of fraud covered under the Act.
- Implement tailored and robust fraud prevention procedures.
- Recognize the importance of territorial considerations for global operations.
- Foster a proactive and ethical organizational culture, supported by strong whistleblowing protocols.
The Economic Crime and Corporate Transparency Act 2023 mandates a higher degree of vigilance, proactive risk management, and cultural alignment with anti-fraud values. Organizations failing to adapt swiftly to this evolving compliance landscape risk severe financial penalties, reputational damage, and operational disruption. Forward-looking compliance professionals will seize this moment to reinforce corporate integrity, safeguard organizational reputation, and ensure lasting resilience against fraud.
The Guidance provides an entire section on compliance with the FTPF. Join us tomorrow as we take a deep dive into its prescripts.
