ECCTA 2023 - Failure to prevent fraud offence- what charities need to know and do

This article forms part of our series of updates looking at the Economic Crime and Corporate Transparency Act 2023 (ECCTA) and its impact on charities and focuses on the new offence of failure to prevent fraud. 

What is this new offence?

This offence came into force on 1 September 2025. 

Under ECCTA a large organisation (see below) will be criminally liable for fraud committed by its employees, agents, subsidiary undertakings or other ‘associated persons’ who provide services for or on behalf of the organisation if: 

• the fraud was committed with the intention of benefiting the organisation or its clients; and
• the organisation did not have reasonable fraud prevention procedures in place. 
  The purpose of this offence is to ensure that corporate bodies are held to account for serious crimes committed. 

There is no need to demonstrate that the organisation’s senior managers or directors directed or knew about the fraud for the offence to be committed.

Which charities could be liable for this offence?

Charitable companies, charitable incorporated organisations (CIOs) and Royal Charter bodies would all fall with the definition of a large organisation if they meet at least two of the following criteria in the financial year before the financial year in which the fraud is committed:

• Turnover greater than £36 million.
• More than £18 million in total assets.
• More than 250 employees.

In assessing whether these criteria are met, any subsidiaries of the charity must be included.

As a large organisation can be liable for fraud committed by subsidiaries, a charity could be liable if: 

• a fraud offence was committed by an employee to benefit the charity, or
• a fraud offence was committed by an employee of a subsidiary company and the parent charity was intended to benefit from the fraud.

Defence to failure to prevent fraud offence

It is a defence to show that at the time that the offence was committed the organisation had reasonable fraud prevention procedures in place. 

The Home Office has produced helpful guidance on putting in place a fraud prevention framework. The guidance makes it clear that following the guidance is not intended to provide organisations with a ‘safe harbour’ as there may be particular risks relating to a particular business not covered by the guidance. Nonetheless, this guidance provides a very important basis for developing fraud prevention procedures.

In the light of this guidance, charities should apply the following six principles in developing a fraud prevention framework:

Top level commitment

The Board of the charity as well as the senior executive team need to take a leadership role in relation to fraud prevention.

Risk assessment

The charity must assess the nature and extent of the risk of employees, agents and other associated persons committing fraud within the scope of the offence. This assessment must be reviewed regularly.

Proportionate risk-based prevention procedures

The charity should draw up a fraud prevention plan that is proportionate to the risk and the potential impact.

Due diligence

The charity should carry out proportionate due diligence on employees and others who will perform services on behalf of the charity.

Communication (including training)

The charity must take appropriate steps to ensure the organisation’s fraud prevention policies and procedures are communicated, embedded and understood throughout the charity. This includes in particular, training, which should cover the nature of the offence and the procedures to prevent fraud. 

Monitoring and review

The Board of the charity must monitor and review its fraud detection and prevention procedures and implement improvements where needed.

Practical steps to take now

All charities should have fraud prevention strategies in place as part of their internal financial controls and, as part of this, would benefit from applying the principles set out in the guidance. 

For charities that are in scope, it is essential that they take action if they have not already done so to ensure that they have appropriate fraud prevention procedures in place. In particular:

• To assess risks of employees or other associated persons committing fraud that falls within the offence.
• To review and update internal fraud prevention policies and procedures. 
• To review and update training, ensuring employees and others providing services for the charity are aware of the new offence and the charity’s fraud prevention policies and procedures.