Impact of the UK’s “Failure to Prevent Fraud” Offence on Irish Businesses

The UK is introducing a new offence to hold organisations criminally liable for employee fraud. Our Investigations & White Collar Crime team explores the offence and its impact on Irish businesses operating in the UK.

The UK is introducing a new ‘failure to prevent fraud’ offence, also referred to as an ‘FTPF Offence’. It is intended that the FTPF Offence will hold organisations to account if they profit from fraud committed by their employees.

This FTPF Offence will come into force in the UK on 1 September 2025 as part of the Economic Crime and Corporate Transparency Act, 2023. It is thought that by implementing effective fraud prevention procedures, the proposals will level the playing field for businesses who already take fraud prevention seriously, by penalising unscrupulous operators.

The offence applies to all large corporate bodies, subsidiaries and partnerships. This means that in addition to businesses, large not-for-profit organisations such as charities are also in scope, as well as incorporated public bodies.

Scope of the new FTPF Offence

While the offence applies to all sectors, it only applies to large organisations as defined in the UK Companies Act, 2006 definition; namely an organisation that meets two out of the following three criteria:

• More than 250 employees
• More than €36million turnover
• More than €18million in total assets.

It is important to note that if resources held across a parent company and its subsidiaries cumulatively meet the size threshold, that group of companies will be within the scope of the FTPF Offence. Liability can be attached to whichever individual entity within the group was directly responsible for failing to prevent the fraud.

Alternatively, liability can be attached to the parent company, if a fraud was committed by a subsidiary employee, for the benefit of the parent company, and the parent company did not take reasonable steps to prevent it.

The scope of the offence under the Act is quite broad. It applies to companies where part of the offence takes place in the UK – such as a meeting or communication in the UK – or where there are victims in the UK, which could include investors or counterparties. It also applies to certain offences where there is a gain in the UK.

Even Irish companies with no UK nexus, but who use a third party for services that operates in the UK may be brought within the jurisdiction of the offence. Therefore, Irish organisations with business operations in the UK could find themselves within the scope of the new offence.

Avoiding liability

To avoid criminal liability under the FTPF Offence, organisations must demonstrate that they have reasonable fraud prevention procedures in place. Irish businesses with a UK nexus should ensure there are practices and procedures in place to prevent them from falling foul of the new UK offence.

As a result, Irish companies will need to assess whether the acts of their employees, subsidiaries, or agents are likely to give rise to liability for the company under the new offence. They also need to discern whether enhancements to their anti-fraud policies and procedures must be rolled out group-wide, or just in the context of business units with exposure to the UK.

Practical steps for Irish organisations

Based on the results of those assessments, Irish companies may need to implement systems and controls such as:

• Training for those in higher-risk positions and/or business functions
• Reinforcing financial controls to ensure that any potential red flags are picked up and investigated with required four-eye checks
• Due diligence on transactions, contracts, and third-party agents is crucial, as the offence applies to agents acting on an organisation’s behalf
• Ensuring contractual provisions cover outward fraud
• Putting in place effective audit and monitoring processes for fraud, and in particular for third parties
• Ensuring regular internal review of systems and controls, and a clear tone from the top. Fraud should be an agenda item at Board and Senior Management level to ensure this is prioritised and given the appropriate oversight

Comment

The FTPF Offence will come into force on 1 September 2025. As a result, there is a short implementation period for Irish organisations with a UK nexus to review and tailor their fraud prevention procedures to meet the specific needs and risks of the business.

Given that combatting fraud is a priority for State regulatory bodies, even where Irish businesses do not meet the criteria to come within the scope of the FTPF Offence, they should still consider whether enhancements to their anti-fraud policies and procedures are necessary to avoid facilitating fraud carried out by their employees.

For more information and expert advice on the impact of the FTPF Offence on Irish businesses, contact a member of our Investigations & White Collar Crime team.

The content of this article is provided for information purposes only and does not constitute legal or other advice.