A major change to UK corporate crime law came into force on 1 September 2025 and while it might seem like it only affects large organisations, small and medium-sized businesses should pay close attention.
The new “failure to prevent fraud” offence, introduced under the Economic Crime and Corporate Transparency Act 2023 (ECCTA), is designed to hold organisations accountable if fraud is committed for their benefit, even if the company wasn’t aware of it happening.
It’s a significant shift in how corporate fraud is handled, and while SMEs may not fall directly within the scope right now, it could affect your ability to win contracts or scale your business in the near future.
Here’s what you need to know and why it’s worth getting ahead of the curve.
What is the “failure to prevent fraud” offence?
In simple terms, this new offence means that a large organisation can be found guilty if someone associated with it, like an employee, agent, or subsidiary commits fraud that benefits the business or one of its clients, and the organisation didn’t have reasonable procedures in place to prevent it.
Crucially, the company doesn’t have to know about or approve the fraud. If it happens and you can’t show you took reasonable steps to prevent it, you could be liable.
The penalty is an unlimited fine and, perhaps even more damaging, serious reputational harm.
Who is directly affected?
For now, the law applies to “large organisations”, defined as those meeting two out of three of the following criteria:
- More than 250 employees
- Turnover over £36 million
- Total assets over £18 million
However, SMEs shouldn’t switch off just yet. Even if your business doesn’t meet those thresholds:
- You might need to demonstrate compliance when bidding for work with larger organisations.
- You could be asked to sign up to their anti-fraud procedures as part of a supply chain or subcontractor agreement.
- You may reach the threshold sooner than expected as your business grows.
In short: even if you’re not directly affected today, the law could touch your business indirectly, through clients, procurement, or future expansion.
What counts as fraud?
The definition is broad. It covers any dishonest activity that benefits the organisation or its clients, even if the benefit is indirect or never materialises.
Some examples include:
- An employee falsifying data to meet environmental or compliance targets.
- A company making misleading claims in marketing materials to attract investors or customers.
Even if no one makes a profit, intent alone could be enough to trigger liability.
Why SMEs should care
While small businesses aren’t yet bound by the same obligations, the business landscape is changing. Large organisations, especially in sectors like construction, finance, and public services, are under pressure to vet their suppliers and ensure compliance across the supply chain.
That means SMEs wanting to compete for bigger contracts could soon find that demonstrating anti-fraud measures is a procurement requirement.
Being proactive now not only reduces risk, it can strengthen your reputation as a trustworthy, compliant partner.
What can you do to prepare?
Step 1: Assess and Plan
Start with a basic fraud risk assessment. Identify where fraud could occur for example, in sales, finance, or procurement and highlight any weak spots in your systems or culture. Use these insights to create a simple fraud prevention plan that sets clear expectations around honesty, transparency, and accountability. Include guidance on reporting concerns and the consequences of dishonest behaviour.
Step 2: Strengthen Reporting and Training
Refresh your whistleblowing and reporting policies so employees know how and where to raise concerns safely. Encourage an open, “speak-up” culture where reporting issues is supported, not punished. Follow this up with staff training on ethical conduct and fraud awareness even a short session or online module can make a real difference, particularly for roles with financial responsibility.
Step 3: Record and Review
Keep a clear record of all actions you take from policy updates to training sessions. Good documentation helps prove your business has “reasonable procedures” in place if ever required. Regularly review these measures as your business grows or new risks emerge.
A final thought for SMEs
The new failure to prevent fraud offence may not directly apply to smaller businesses today, but it sets a new standard for how UK organisations are expected to operate.
Getting ahead of the legislation now, with clear anti-fraud policies, staff training, and good governance will not only protect your business but also enhance your credibility with clients, investors, and regulators.
At BeyondHR, we help businesses prepare for legal and compliance changes like this by reviewing policies, providing staff training, and supporting HR teams to put the right measures in place.
If you’d like help developing or reviewing your anti-fraud or whistleblowing policies, get in touch with our team, we’re here to help ensure your business stays compliant, competitive, and protected.