20 May 2026
By Sean McAuley, AAB
From 1 September 2025, the Economic Crime and Corporate Transparency Act 2023 introduced the new corporate offence of Failure to Prevent Fraud. This represents a major shift in how UK organisations are held criminally accountable for fraud committed for their benefit — and it places whistleblowing firmly at the heart of compliance.
With fraud now representing the largest category of crime in the UK, organisations must move beyond minimum compliance and invest in robust, independent reporting mechanisms to enhance their existing fraud detection and prevention methods.
'Failure to prevent fraud' and other key changes introduced by the Economic Crime Act
The new offence applies to large organisations, defined as those meeting two of the following three criteria in the preceding financial year:
Similar to the Bribery Act, the new liability model makes it easier to prosecute companies by focusing on the failure to have "reasonable procedures" in place, rather than proving direct involvement by senior staff. An organisation can be prosecuted if a fraud offence is committed by an “associated person” intending to benefit the organisation or its clients, and the organisation did not have reasonable fraud prevention procedures in place.
“Associated persons” is defined broadly and includes:
Crucially, senior management does not need to have known about or authorised the fraud for liability to arise.
How does the Economic Crime and Corporate Transparency Act affect smaller businesses?
Although the offence formally applies only to large organisations, the Home Office guidance explicitly states that the principles are relevant to smaller organisations as good practice and for supply‑chain assurance.
In practice, the change in the laws is likely to mean that:
Businesses unable to demonstrate effective whistleblowing arrangements risk exclusion from contracts, partnerships, and funding opportunities. Failure to comply with the Failure to Prevent Fraud offence may also result in:
The Scale of the UK Corporate Fraud Threat
Fraud is not a low‑probability risk — it is a systemic threat to UK businesses and public services. It accounts for over 40% of all recorded crime in England and Wales, making it the single most prevalent offence category (Source - Crime Survey for England and Wales (CSEW))
The Annual Fraud Indicator produced by Crowe, Peters & Peters, and the University of Portsmouth in 2023 estimated that fraud costs the UK £219 billion per year. This is broken down as:
The Cifas Fraudscape 2025 report reported 421,000 fraud cases were raised to the National Fraud Database in 2024, representing a 13% increase from 2023, the highest level on record. (Cifas’s Fraudscape report covering calendar year 2024)
In their 2024 Report to the Nations, The Association of Certified Fraud Examiners estimate that organisations globally lose 5% of annual turnover to fraud, with 43% of fraud detected via whistleblowing. The report highlights that whistleblowing is over three times more common than the next closest method for fraud detection.
6 controls businesses should have in place to prevent fraud
The Home Office Failure to Prevent Fraud Guidance identifies six core principles for reasonable fraud prevention procedures, including:
Effective speak‑up and whistleblowing arrangements sit squarely within the Communication principle. As such, organisations should ensure that fraud prevention policies and procedures are effectively communicated and embedded, including mechanisms for staff and others to report concerns.
Sexual Harassment Reform
From 6 April 2026, sexual harassment disclosures are explicitly classified as protected disclosures under UK whistleblowing law, strengthening worker protections.
From October 2026, in accordance with the Employment Rights Act 2025, organisations will face:
These reforms significantly extend a business’s duty of care beyond its direct workforce — aligning closely with the “associated persons” concept in Failure to Prevent Fraud.
Independent whistleblowing services support compliance with these changes by:
Why is this important now?
To remain legally compliant and commercially credible, organisations should invest in an independent, external whistleblowing service provider to:
Organisations also need to consider broadening the scope of who can report concerns under their whistleblowing policy, with the inclusion of contractors, suppliers, agents, and customers. By doing so, this demonstrates compliance with both:
Whistleblowing is no longer a peripheral HR tool; it is a core legal, governance and risk management control. Organisations that act now will not only comply with the law but build trust, resilience, and long‑term organisational integrity.
HOW AAB CAN HELP
At AAB, our Whistleblowing team supports businesses to stay ahead of fraud. Our experts combine to ensure you're able to meet the new Fraud and Sexual Harassment laws with confidence.
If you have any queries about the guidance, or how our team can help, please do not hesitate to get in contact with Sean McAuley, a member of our people team or your usual AAB contact.
