From 1 September 2025, the Economic Crime and Corporate Transparency Act 2023 introduced a significant new corporate criminal offence: failure to prevent fraud. This development is particularly relevant for large, registered providers (RPs) of social housing, who must now take proactive steps to mitigate fraud risk across their organisations. 

What is the new offence? 

Under the new law, a large organisation can be held criminally liable if an associated person commits fraud intending to benefit the organisation, and the organisation did not have reasonable fraud prevention procedures in place. 

This is a strict liability offence, which means that the organisation can be prosecuted even if senior management had no knowledge of the fraud. 

Who is caught by the offence? 

The offence applies to large organisations, defined as those meeting two out of three criteria in the financial year preceding the alleged fraud: 

• More than 250 employees 
• Turnover exceeding £36 million 
• Balance sheet total over £18 million 

This includes parent companies and subsidiaries, regardless of where they are based. 

Who is an “Associated Person”? 

The term is broadly defined and includes: 

• Employees 
• Agents 
• Subsidiaries 
• Anyone performing services on behalf of the organisation 

This means that parent companies can be responsible for fraud carried out by an employee of a subsidiary.   

The term “associated person” does not include those providing services to the organisation (e.g. external lawyers or accountants). 

Importantly, the fraud must be committed in the course of providing services and with the intention to benefit the organisation (financially or otherwise). The benefit does not need to be realised. 

What type of fraud is caught by the new offence? 

The new offence relates to a wide range of fraud offences but does not extend to money laundering offences.  This includes: 

• Fraud offences under section 1 of the Fraud Act 2006 including: 
  • Fraud by false representation (section 2 Fraud Act 2006) 
  • Fraud by failing to disclose information (section 3 Fraud Act 2006) 
  • Fraud by abuse of position (section 4 Fraud Act 2006) 
• Participation in a fraudulent business (section 9, Fraud Act 2006) 
• Obtaining services dishonestly (section 11 Fraud Act 2006) 
• Cheating the public revenue (common law) [footnote 10] 
• False accounting (section 17 Theft Act 1968) 
• False statements by company directors (section 19 Theft Act 1968) 

Are there any defences? 

Yes. In line with other similar offences, the defences are designed to ensure organisations put in place fraud prevention measures.

There are two key defences: 

• The organisation was the intended victim of the fraud; and 
• the organisation had reasonable fraud prevention procedures in place, or it was reasonable not to have such procedures. 

What are reasonable fraud prevention procedures? 

The legislation is non-prescriptive, but government guidance outlines six key principles: 

1. Top-level commitment: Senior leadership must foster a culture of zero tolerance for fraud. 
2. Risk Assessment: The organisation must identify its associated persons and assess potential fraud risks. 
3. Proportionate risk-based prevention procedures: A fraud prevention plan must be put in place, tailored to the organisation’s risk profile. 
4. Due diligence: Vet associated persons to mitigate fraud risks. 
5. Communication & training: Ensure staff understand fraud risks and prevention procedures. 
6. Monitoring & review: Regularly evaluate and improve your procedures. 

What does this mean for RPs? 

If your RP meets the size criteria, you should act now to ensure compliance. Recommended steps include: 

• Board-level commitment 
  • Embed anti-fraud messaging in your mission and governance.
  • Promote a speak-up culture and lead by example. 
• Appoint a fraud prevention lead 
  • Nominate a senior individual to oversee your fraud prevention strategy. 
• Conduct a risk assessment (likely as an extension of existing risk assessments for other forms of economic crime) 
  • Identify associated persons (including outsourced service providers). 
  • Assess fraud risks by role, staff turnover, incentives (e.g. do sales bonuses/time pressures inadvertently incentivise fraud?), and technology. 
  • Review existing contractual controls and guidance, in particular ensuring your procedures and training extend to associated persons that are not directly employed by you. 
  • Review best practice advice from the sector and regulatory enforcement actions, as well as the outcome of previous audits and data analytics 
  • Document findings and review regularly. 
• Develop a tailored fraud prevention plan 
  • Include procedures that reflect, and are proportionate to, the risks identified in the risk assessment

For example, this might include pre-employment checks, anti-fraud training, reporting lines, contractual provisions etc. 

• Justify any decision not to implement measures for specific risks. 
• Group-wide policies and training 
  • Ensure all associated persons, including subsidiaries and non-employees, follow procedures and policies and are provided with training. 
  • Tailor training to high-risk roles and include practical examples.  Training should cover whistleblowing procedures and to stress the importance of the organisation’s zero-tolerance approach to fraud. 
• Review contracts with associated persons 
  • Impose fraud prevention obligations aligned with your policies. 
• Conduct due diligence 
  • Use technology and behavioural indicators to identify risk-prone individuals. 
• Prepare for mergers and acquisitions 
  • Integrate fraud prevention into due diligence and post-completion processes. 
• Monitor and review 
  • Regularly assess the effectiveness of your procedures. 
  • Respond to whistleblowing and sector developments. 

Always bear in mind that the procedures to prevent fraud should be proportionate to the risk.   

Final Thoughts 

This new offence represents a shift in how corporate fraud is tackled in the UK. For RPs, it’s not just about legal compliance—it’s about protecting public funds, maintaining trust, and demonstrating leadership in ethical governance. 

How Capsticks can help  

Whether you are looking for support in reviewing your fraud prevention procedures or contractual provisions. Capsticks' team of specialists are here to advise on all the matters discussed in this insight and the impact on your organisation. Please contact Susie Rogers and/or the social housing team to find out more about how Capsticks can help.