The Economic Crime and Corporate Transparency Act (ECCT) introduces a new offence of failure to prevent fraud which will come into force on 1 September 2025. This new offence sits alongside existing law, and the person who committed the fraud may be prosecuted individually as well as the company being prosecuted for failing to prevent it.
The failure to prevent fraud applies to large companies or partnerships which have two of the following; more than 250 employees, more than £36 million turnover, and/or more than £18 million in total assets.
Companies will be liable where certain specified fraud offences are committed by employees, agents, or other associated persons for the company's benefit, and the company did not have reasonable fraud prevention procedures in place. The current fraud offences identified in the ECCT include: false representation, failing to disclose information, abuse of position, obtaining services dishonestly, participation in fraudulent business, false statements by directors, false accounting, fraudulent trading, and cheating the public revenue.
If a company is found not to have taken reasonable steps to prevent fraud, it could be liable for an unlimited fine.
Government guidance ("the Guidance") on the reforms to the UK's corporate criminal liability regime was published at the end of 2024. The Guidance includes examples of good practice and has a strong focus on appropriate training. Accountants and auditors should be aware of what constitutes good practice in order for a company to prevent fraud. The ICAEW has commented that it is considering its relevance to the accountancy sector but has not yet published advisory guidance.
Impact for the accountancy sector
Whilst fraud is not a new risk, this new offence of failure to prevent fraud will undoubtedly give rise to heightened scrutiny of work undertaken by accountants and auditors in connection with assessing the risk of fraud in a company. That includes work undertaken by internal auditors under standard 2120 of the Institute of Internal Auditors (IIA) Standards to evaluate the potential for the occurrence of fraud and how the company manages fraud risk. Internal auditors will no doubt have regard to the Guidance.
External auditors are required under standard 240 of the International Standard on Auditing to obtain reasonable assurance that financial statements are free from material misstatements by fraud (or error).
They will need to be satisfied that a company has appropriate procedures and checks in place which comply with requirements under the ECCT. In some respects, the requirement that companies will need specific measures in place may assist auditors because there may be a better document trail of the approaches and procedures applied by companies. However, where a fraud offence within the ECCT occurs, or in any event when faced with regulatory investigation, an audit firm must be able to demonstrate it applied appropriate professional scepticism when assessing the measures taken by the company to comply with ECCT requirements. Crucially, a documentary record of such audit work will be essential to demonstrate this.
