Alex is Sprintlaw’s co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
From 1 September 2025, a new corporate criminal offence will come into force in the UK: failure to prevent fraud. It sits within the Economic Crime and Corporate Transparency Act 2023, which is part of the government’s broader effort to clamp down on economic crime and improve corporate accountability.
At first glance, this may feel like an issue for large corporations, not smaller players. And legally, that’s right - the offence only applies to organisations above certain size thresholds. But the legal change is significant, and its ripple effects are likely to reach small and medium-sized businesses (SMEs) as well.
What’s Changing?
Traditionally, corporate fraud cases have been difficult to prosecute, because regulators needed to show that senior management were involved in or aware of the wrongdoing. This new offence flips that on its head. If an employee, agent, or subsidiary commits fraud for the benefit of the organisation, the organisation itself can be prosecuted - regardless of whether the board or executives knew anything about it.
The only way out is a defence: being able to show that the business had “reasonable procedures” in place to prevent fraud in the first place.
The penalties are severe. Convicted organisations could face unlimited fines - which in practice means penalties running into millions of pounds. On top of that, there’s the cost of investigations, legal fees, lost contracts and reputational damage that could cripple even a large company. Enforcement will likely be led by agencies such as the Serious Fraud Office (SFO) and the Crown Prosecution Service (CPS), both of which have track records in pursuing major corporate crime cases.
Who Does It Apply To?
This offence applies only to large organisations - those meeting at least two out of three thresholds: more than 250 employees, turnover above £36 million, or assets worth more than £18 million.
That means most SMEs won’t face prosecution under this particular law. But that doesn’t mean they’re unaffected.
Why It Matters For Small Businesses
The reality is that compliance expectations tend to flow down the supply chain. Large organisations will now need to prove to regulators that they take fraud prevention seriously. As part of that, they’ll look closely at their suppliers, partners and contractors.
For SMEs, that could mean being asked to show evidence of anti-fraud measures when tendering for contracts, negotiating insurance, or raising investment. Even if not legally required, failing to meet those expectations could make you a less attractive business partner.
Imagine a scenario:
A sales agent exaggerates orders to boost their commission. Even if the board had no idea, under this law, a large company could be prosecuted for failing to stop that fraud. If you’re a smaller supplier to that company, they’ll want to make sure your practices aren’t creating similar risks for them.
There’s also the bigger picture. Fraud, even on a small scale, can be hugely damaging to a business’s reputation. Customers and investors want reassurance that you’re safeguarding their money and data. This law is a signal of where things are heading: proactive fraud prevention is becoming the norm, not the exception.
And laws like this rarely stand still. The failure to prevent bribery offence under the Bribery Act 2010 and the failure to prevent tax evasion offence under the Criminal Finances Act 2017 both started with specific scopes, but over time they’ve shaped compliance expectations across all business sizes. Similar laws exist globally - like the US Foreign Corrupt Practices Act - and Australia has also been consulting on a possible “failure to prevent bribery” offence. SMEs should view this as part of a global compliance trend, not just a UK development.
What Counts As “Reasonable Procedures”?
The government has issued guidance that sets out broad principles. It’s not a tick-box exercise, but the themes are clear:
- Procedures should be proportionate to the size and risks of the business.
- Leadership needs to set a clear tone that fraud won’t be tolerated.
- Businesses should carry out risk assessments, conduct due diligence on partners, and make sure staff are trained to spot issues.
- Regular monitoring and review keeps policies alive, not just a document on the shelf.
For SMEs, this doesn’t mean expensive compliance teams or endless paperwork. Proportionality is key. A small business might only need a short fraud policy, some basic staff training, and sensible financial controls. The important thing is to show you’ve thought about the risks and taken steps that are realistic for your size and sector.
Timing and Global Relevance
The offence comes into force on 1 September 2025, which gives businesses less than a year to prepare. For large organisations, that means urgent work on systems and documentation. For SMEs, now is the right time to think about proportionate steps, because the expectations of clients and partners will start shifting quickly.
Globally, this is part of a wider move towards holding businesses responsible for preventing economic crime. Even if you’re not UK-based, if you trade with UK companies, you may still be asked to meet their fraud prevention standards. And given international momentum, similar reforms may eventually come to Australia and beyond.
What Should Small Businesses Do Now?
Even if you’re not directly caught by the new law, it pays to get ahead of the curve. Small businesses should start by taking stock of where fraud risks might arise in their operations. That could be anything from phishing scams in email systems to false invoicing, misuse of company accounts, or vulnerabilities in supplier relationships.
From there, think about what “reasonable procedures” look like for your business. For some, it may simply mean drafting a short fraud policy and making sure staff know how to report concerns. For others - particularly those working with larger corporate clients - more formal measures such as due diligence checks or structured training may be appropriate.
The key is not to over-engineer compliance, but to show that you’ve considered the risks and taken proportionate action. Even simple steps - like requiring two sign-offs for high-value payments, or running a refresher session on common fraud tactics - can demonstrate a genuine commitment to prevention.
Taking these actions now won’t just prepare you for client expectations; it will also make your business more resilient to the real-world financial and reputational damage fraud can cause.
How Sprintlaw Can Help
At Sprintlaw, we help SMEs and startups build practical compliance frameworks without unnecessary complexity. We can assist with:
- Drafting fraud and compliance policies tailored to your business
- Reviewing your contracts and supplier agreements to manage exposure
If you would like a consultation on how we can help your business prepare for this change , you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.
