‘Failure to prevent fraud’ law for Britain
Britain is introducing a new ‘failure to prevent fraud’ offence, also referred to as an ‘FTPF offence’ which will hold organisations to account if they profit from fraud committed by their employees, MHC lawyers have written.
It comes into force on 1 September 2025 as part of the Economic Crime and Corporate Transparency Act 2023.
Irish companies with a British nexus should take action before the law comes into force, which includes reviewing their fraud prevention practices and considering group-wide policy enhancements, particularly for units that deal with Britain.
Reinforcing anti-fraud measures, not only to avoid liability under the FTPF offence, but also ensure that their operations remain in line with British regulatory expectations.
By implementing effective fraud prevention procedures, it is hoped that the proposals will level the playing field for businesses who already take fraud prevention seriously, by penalising unscrupulous operators, the lawyers state.
The offence applies to all large corporate bodies, subsidiaries and partnerships.
Large ‘not-for-profit’ organisations such as charities are also in scope, as well as incorporated public bodies.
Scope
An organisation is considered large if it meets two of the following three criteria:
- More than 250 employees,
- More than €36 million turnover,
- More than €18 million in total assets.
Liability can be attached either to the individual entity that failed to prevent the fraud or to the parent company if a subsidiary’s fraud benefits the parent and no reasonable steps were taken to prevent it.
The offence extends to companies where the fraud takes place partly in Britain or where there are victims in Britain.
This includes situations where Irish companies, for instance, use third-party services in Britain potentially bringing them under the jurisdiction.
MHC states that, to avoid criminal liability, organisations need to demonstrate reasonable fraud prevention procedures. This includes:
- Assessing the risks of fraud by employees, subsidiaries, or agents,
- Implementing effective systems such as training, financial controls, due diligence, and audit processes,
- Ensuring that anti-fraud policies are robust and consistently enforced across all areas of the business that may have exposure to Britain.
If resources held across a parent company and its subsidiaries cumulatively meet the size threshold, that group of companies will be within the scope of the FTPF offence.
Liability can be attached to whichever individual entity within the group was directly responsible for failing to prevent the fraud.
Practical steps
MHC says that Irish companies may need to implement systems and controls such as:
- Training for those in higher-risk positions and/or business functions,
- Reinforcing financial controls to ensure that any potential red flags are picked up and investigated with required four-eye checks,
- Due diligence on transactions, contracts, and third-party agents is crucial, as the offence applies to agents acting on an organisation’s behalf,
- Ensuring contractual provisions cover outward fraud,
- Putting in place effective audit and monitoring processes for fraud, and in particular for third parties,
- Ensuring regular internal review of systems and controls, and a clear tone from the top.
Fraud should be an agenda item at board and senior management level.
Given that combatting fraud is a priority for State regulatory bodies, even where Irish businesses do not meet the criteria to come within the scope of the FTPF Offence, they should still consider whether enhancements to their anti-fraud policies and procedures are necessary to avoid facilitating fraud carried out by their employees, MHC concludes.