The new law, introduced under 2023 legislation, is extra-territorial in its scope – so businesses and firms outside the country that have UK links are potentially in the net. FTP is a strict liability offence – there is no need for authorities to prove intent.

A new UK “failure to prevent fraud” (FTP) law kicked in yesterday – potentially covering even firms outside the country that have UK links, such as wealth managers. 

However, it appears that many organisations are not fully prepared, leaving them open to punishments from the Serious Fraud Office (SFO) which has signalled that it is keen to flex its muscles.

Dentons said in a statement that as of June this year, just under a third (30 per cent) of firms it has spoken to hadn’t appointed anyone to watch over FTP compliance; of the 70 per cent who had taken measures, most gave such responsibilities to compliance teams already stretched by other tasks. Worryingly, Dentons said, 78 per cent had not completed or even started fraud risk assessment, which is part of the “reasonable procedures” set out in government guidance.

The new offence has been brought in as part of the Economic Crime and Corporate Transparency Act, which received Royal Assent on 26 October 2023 under the previous Conservative government. Like the UK Bribery Act of 2010, there is an extra-territorial aspect to this law – meaning that firms above a certain size which have activities overseas cannot assume that these are out of bounds. (See a detailed outline by WealthBriefing compliance expert and writer Chris Hamblin.)

There is a lot at stake. In a recent presentation, Moody's said that £1.17 billion ($1.6 billion) was lost in 2024 to unauthorised and authorised fraud; some 3.13 million cases of unauthorised fraud were reported last year, rising 14 per cent from 2023. Fraud makes up 40 per cent of all crime in the UK. (See an article here.) 

For definition purposes, "authorised fraud" is typically a scam whereby a fraudster manipulates a victim into voluntarily sending a payment from their own account to a fraudulent account.

Toolkit
Responding to the findings of its own fact-finding, Dentons has launched a “FTP Toolkit” to help organisations assess and address gaps in their fraud prevention measures.

FTP creates a strict liability criminal offence for in-scope companies that fail to prevent fraud by individuals associated with them, where the fraud benefits the organisation or its customers. The only defence is to demonstrate that reasonable and proportionate fraud controls were in place.

SFO director Nick Ephgrave has made no secret of his desire to go after wrongdoers to prove such laws apply. Dentons quoted him as saying: "I'm very, very keen to prosecute someone for [this] offence. We can't sit with the statute books gathering dust – someone needs to feel the bite."

Sarah Partridge-Smith, counsel and fraud specialist in Dentons’ regulatory and investigations team and lead developer of the toolkit, said in a note about FTP: “The introduction of FTP marks a significant shift in the UK’s corporate fraud landscape. It is a strict liability offence, meaning companies will not be able to rely on good intentions or retrospective justifications in place of robust, proportionate and bespoke fraud prevention measures. Our data shows that there is still a lack of preparation across industry, which is understandable given today’s competing compliance workload. However, with the offence coming into force on 1 September, there is now an urgent need for in-scope firms to ensure that they are sufficiently protected."

Other law firms have noted the start of FTP, hoping it will clamp down on wrongdoing, while sounding a cautionary note on how the law may apply. 

“The new failure to prevent fraud offence is a real gamechanger, both in terms of the risk of corporate prosecutions for fraud and what regulators now expect from anti-fraud compliance programmes,” Andrew Reeves, partner at Norton Rose Fulbright, said in an emailed note. 

Katie Stephen, a colleague and partner at the same firm, said: "If a fraud takes place, organisations may need to demonstrate that they have effective anti-fraud procedures at all levels and [have] kept these under review. They should continually enhance their controls to reflect any new and emerging fraud risks, as this could help in securing a defence. Financial crime is high on the Financial Conduct Authority’s (FCA) agenda so failures to prevent fraud could lead to civil fines and other serious consequences for regulated firms, as well as members of their senior management teams."

The Personal Investment Management & Financial Advice Association, or PIMFA, the UK wealth management body representing firms, noted that the FTP offence will make it easier for authorities to go after offenders. 

“While PIMFA welcomes the new offence, which will encourage investment in internal governance processes and improve transparency, increased levels of accountability naturally create new challenges for firms to navigate,” Alexandra Roberts, head of regulatory policy and compliance at PIMFA, said in a statement emailed to WealthBriefing. “At the same time, to help firms avoid falling foul of the new offence, there is a need for the government to provide greater clarity around what constitutes reasonable procedures.”

“The offence marks a significant shift in emphasis around fraud, firmly placing responsibility on the shoulders of firms. The onus is now on firms to demonstrate they have robust internal systems and staff training in place to prevent fraud. The days where firms could deal with fraud on a purely reactive basis are now long gone, as the new offence compels firms to take a proactive approach to mitigating fraud risk within their organisations. The offence also forces firms to consider outward fraud, where the firm is the beneficiary, as well as inward fraud, where the firm is the victim,” Roberts said.