On 6 November 2024, the government published general guidance on the new failure to prevent fraud offence and has confirmed the offence will come into effect on 1 September 2025. As expected, the guidance covers the six pillars referenced in guidance for similar “failure to prevent” offences.
Many financial services firms will be in the process of reviewing their anti-fraud controls to identify any enhancements required to allow them to take advantage of the reasonable procedures defence. This guidance will inform that work pending more specific sector focused guidance for the financial services industry which is currently anticipated.
In the meantime, the general guidance emphasises the importance of the following:
- Top level commitment: The guidance provides that for organisations subject to the FCA’s “Senior Managers and Certification Regime”, the lead senior manager for the purposes of failure to prevent fraud may be the same person as the “Senior Manager” with responsibility for an organisation’s financial crime compliance systems and controls, or if not, should work closely with them.
- Risk assessments: The guidance recognises that relevant organisations may already undertake a range of risk assessments relating to fraud and economic crime, as is the case in the regulated sector, and that such firms may find it most effective to extend their existing risk assessments to include the risk of frauds in scope of this offence. Sources of information about potential risks includes regulator enforcement actions, including by the FCA.
- Procedures: The guidance emphasises that it is not necessary or desirable for organisations to duplicate existing work and that to avoid this firms should assess whether their existing regulatory compliance mechanisms and fraud prevention measures would be sufficient to prevent each of the fraud risks identified in the risk assessment. Only where existing mechanisms are insufficient do firms need to develop further measures.
- Whistleblowing: Regulated firms should assess whether the whistleblowing procedures required by the FCA would be suitable for the risks identified in the risk assessment.
- Enforcement: The guidance states that where a base fraud offence also constitutes a breach of regulations, it expects that prosecutorial bodies and regulators will work together to deliver coordinated resolutions, taking public interest considerations into account, but recognises that, in some cases, regulators could choose to prosecute the offence of failure to prevent fraud themselves (the FCA has specific prosecution powers in relation to fraud).
For information on key steps for regulated financial services firms to take now see: Failure to prevent fraud: five key steps for regulated financial services firms
For general information on the offence see: Failure to prevent fraud: UK government today publishes important guidance on the new offence