New UK Fraud Law in Force But 84% of Companies Aren’t Ready

A new VinciWorks poll reveals that most organizations are underprepared for the UK’s latest corporate offense, with key failures in fraud training, AML systems, and risk assessments.

Only 16% of compliance professionals say their organization is fully prepared for the UK’s new corporate fraud offense, according to a VinciWorks poll of 278 professionals. The Failure to Prevent Fraud offense, which came into force on 1 September, makes large companies criminally liable if they benefit from fraud committed by staff, subsidiaries, or agents — even if senior leadership was unaware.

The poll findings expose a significant disconnect between the requirements of the new offense and the procedures many businesses currently have in place. Just 29% of respondents said their organization has delivered training on failure to prevent fraud, while over two-fifths (41%) either haven’t started or are unsure whether training has taken place. This uncertainty is especially concerning given that documented training is likely to form a core part of any “reasonable procedures” defense.

The same pattern appears around tax evasion, an offense with a nearly identical legal standard, where only 29% conduct annual training and over a quarter either don’t train or don’t plan to.

The data also reveals serious gaps in core compliance infrastructure. More than a third (35%) of respondents still rely on spreadsheets for anti-money laundering onboarding, and 23% are operating without any formal system at all. These kinds of ad hoc processes make it difficult to track risk assessments, monitor due diligence, or evidence oversight, all of which are essential for demonstrating compliance.

When asked about the most challenging area of the new law, the most common answer was risk assessment (25%). This suggests that many organizations are struggling with the very first step in building a defensible anti-fraud framework.

“This offense wasn’t designed to catch fraudsters. It was designed to catch companies that failed to prevent fraud,” said Nick Henderson-Mayo, Head of Compliance at VinciWorks. “Organizations need to be doing more than simply having policies on paper or vague intentions to train staff. The SFO have made it clear they expect evidence of risk assessments, of due diligence, of internal systems that actually work. If you’re still relying on spreadsheets or haven’t documented your fraud training, you may already be exposed. Reasonable procedures aren’t about perfection, but they are about proof.”

“We’ve seen this before,” added Henderson-Mayo. “When failure to prevent bribery was introduced, many thought enforcement would be rare; that was until the Swett Group and Airbus cases landed. Fraud will be no different.”

The recent “failure to prevent fraud” offense applies to large organizations, with those meeting at least two of the following thresholds: over 250 employees, more than £36 million in turnover, or over £18 million in assets.

Any single incident of fraud, whether in procurement, sales, accounting, or third-party contracting, could now trigger a criminal investigation. With no requirement to prove intent or knowledge at board level, the burden shifts squarely to organizations to show they took prevention seriously.

While some firms have begun putting procedures in place, the poll suggests many are still relying on fragmented processes or legacy tools. In contrast, organizations that have invested in structured fraud frameworks, combining policy, risk assessment, training and reporting, will be better placed to demonstrate compliance and protect themselves in the event of regulatory scrutiny.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.