Failure to Prevent Fraud: Time to Look in the Mirror

Fraud is not exactly new. It has been hiding in plain sight for years, adapting faster than most of us can keep up and one thing is clear: fraud is not just happening to us, it is happening through us. 

And now, the law is responding by turning the mirror on businesses.

As of 1 September 2025, the Failure to Prevent Fraud offence is in force under the Economic Crime and Corporate Transparency Act. The name might be long but the message is pretty straightforward, if someone linked to your organisation commits fraud to benefit your business or your clients, and you have not taken reasonable steps to prevent it, you are on the hook.

For HR and compliance teams, the spotlight is turning inward.

Yes, a lot of the suggested controls might already exist.

Yes, you might already have policies, training, risk assessments and reporting lines.

But the uncomfortable truth is that fraud is still rising.

In 2024 alone, identity fraud made up nearly 60% of all fraud reports. Institutions are ticking boxes, and the fraudsters are walking through the gaps.

So what does the law actually expect you to do?

There is no checklist. No magic formula. Just six key principles set out in Government guidance published in late 2024.

1. Risk assessments. 

2. Top level commitment. 

3. Proportionate controls. 

4. Due diligence. 

5. Communication. 

6. Monitoring.

Sensible, structured steps. But again, none of this is truly new. What is new is the requirement to prove you are doing it meaningfully.

That means tailored risk assessments, not copy and paste templates. It means leaders talking about fraud openly and regularly, not burying it at the bottom of an audit report. 

For HR specifically, this is an opportunity to lead rather than just react.

Hiring practices. Contracts. Whistleblowing channels. Disciplinary frameworks.

These are all tools that help shape your internal culture and control your exposure. But they only work if they are living documents, not dusty policies buried on an intranet.

Failure to prevent fraud is not just about protecting your business from liability. It is about accepting that fraud is already affecting your organisation whether you know it or not. It is happening in the pressure to meet targets. In the creative use of expenses. In deals that look too good to question.

No one is asking you to eliminate all risk. But the law now expects you to look for it, plan for it, and be able to show your working. Because in this new era, claiming you did not see it coming will not be enough.

Fraud prevention is not a one size fits all exercise. And pretending it is only increases the risk.

If you need a starting point, just ask yourself this: What are we doing today that would make a regulator believe we’ve really tried?

To strengthen your personal and commercial defences with tailored solutions, I welcome the opportunity to connect.

JOA Solutions

Clarity. Compliance. Confidence.