Skip to content

Failure to Prevent Fraud (FTP) Guidance

Nov 6, 2024 4:27:07 PM

The Home Office have just released long-awaited guidance to organisations on the offence of Failure to Prevent Fraud (FTP), introduced by the Economic Crime and Corporate Transparency Act 2023.

Who does it apply to?

The offence aims to hold organisations to account for fraud committed by associated parties (employees, subsidiaries or agents), but only where the fraud was committed with the intention of benefiting the organisation or their clients.

The offence applies to large organisations with two of the three following criteria: over 250 employees, £36 million turnover, or £18 million in assets. The offence also applies to bodies incorporated and partnerships formed outside the UK but with a UK nexus (meaning that one of the acts part of the underlying fraud took place in the UK).

What types of fraud are covered by the offence?

The offence covers fraud types such as false representation, failing to disclose information, abuse of position, participation in fraudulent business, false accounting or fraudulent trading.

Aiding, abetting, counselling, or procuring the commission of any of the listed offences would also qualify as a base fraud offence. If the associated person’s conduct constitutes a base fraud offence, the organisation can still be prosecuted.

An organisation may still be held liable if related persons commit fraud while working for or on behalf of the organisation, even if senior management were unaware.

When will it come into effect?

The offence will come into effect in nine months, in early September 2025. By the time it takes effect, businesses will need to create and implement their fraud prevention procedures.

What should organisations do to prepare?

The fraud prevention framework put in place by organisations should follow a framework with six key principles:

  1. Top level commitment

Ultimate responsibility for FTP lie with the senior management. They should foster a culture within the organisation in which fraud is never acceptable. There should be communication about the organisation’s stance on preventing fraud, a clear governance structure in relation to the fraud prevention framework, and a commitment to providing resources for staffing and implementation of the fraud prevention plan, including training.

  1. Risk assessment

Organisations should produce a comprehensive assessment of their fraud risks, covering all elements in the fraud triangle; opportunity, motive, rationalisation. The risk assessment should be updated regularly – both periodically and whenever there are significant change to the organisational structure.

  1. Proportionate risk-based prevention procedures

The measures introduced should be proportionate to the risks identified in the risk assessment. The nature, scale and complexity of activities affect the procedures that should be put in place. The guidance provides some examples of measures, including better procurement processes, improving data security and insuring that there are internal disciplinary and reporting procedures for those found to be committing fraud.

  1. Due diligence

Due diligence should be conducted on all associated persons. This will include background checks, regular monitoring, and ensuring that contracts have compliance clauses. The focus should be on high-risk roles and relationships, emphasising a risk based approach to controls. Relevant organisations may choose to conduct their due diligence internally, or externally, for example by consultants.

  1. Communication (including training)

The organisation should encourage a top-down approach to communication and should ensure that the policies and procedures are understood throughout the organisation. The guidance states that training should include ensuring that staff and other associated persons are familiar with whistleblowing policies. They can incorporate training into their existing financial crime prevention training, while other organisations may wish to introduce bespoke training to address specific fraud risks.

  1. Monitoring and review.

The procedures implemented should be subject to regular reviews to ensure their effectiveness. Organisations should conduct periodic reviews and adjust measures based on new risks or incidents. Reviews can be conducted by an external party or internally, and should include scenario testing to ensure procedures are fit for purpose.

For enquiries, please contact us at 0207 436 0630 or via email at info@thistleinitiatives.co.uk.

Click here to download our Fraud Services Brochure