We've been having many conversations with clients and our wider network of contacts regarding the preparedness of large organisations for section 199 of the Economic Crime and Corporate Transparency Act 2023 (which introduces a new corporate offence from 1 September 2025 of failing to prevent fraud and requires organisations to have carefully considered their fraud risk and implemented any appropriate measures if they are to avoid being guilty in the event of a fraud incident). Please see here for further detail about the offence. 

What has become clear from those conversations is that many organisations do not appreciate the full scope of s199 and why it represents a significant risk to them. Yes - it's correct that s199 is limited to the offences listed in Schedule 13 of the Act and the organisation would need to derive a benefit from the fraud offence in order to be caught by s199 - but these have the potential to capture what might be considered to some as fairly routine behaviour but therefore create a risk of criminal prosecution for the organisation. 

What is captured by Schedule 13?

The types of offences that are caught are broad. Schedule 13 includes:

• Cheating the Public Revenue 
• False statements by directors
• False accounting
• Fraud by false representation
• Fraud by failing to disclose information
• Fraud by abuse of position
• Obtaining services dishonestly

Fraud by false representation and abuse of position are particularly broad as they can cover a wide range of potentially fraudulent scenarios. 

How does the organisation derive a benefit from fraudulent acts of an individual?

S199 will apply even if the company did not directly authorise or encourage the fraudulent behaviour. If the organisation derives any benefit from the fraudulent conduct, it risks being found guilty unless it can demonstrate that it had "reasonable fraud prevention measures" in place.

Even when fraudulent behaviour is primarily intended to benefit an individual (e.g. a bad actor in the organisation), companies can inadvertently derive a benefit, which could bring them within the scope of Section 199 (because the intention to benefit the organisation does not have to be the sole or dominant motivation for the fraud). For example:

• Financial Reporting Fraud: Manipulating financial statements to overstate profits or assets could attract investment or secure loans, even though the fraudulent act was intended to enhance the reputation of a particular department or individual.
• Expenses Fraud: An employee might falsify expenses or payroll records to benefit themselves. However, the organisation could inadvertently benefit by reducing its taxable income. 
• Procurement Fraud: If an employee accepts kickbacks from a supplier, the organisation might secure favourable contract terms or lower costs. Similarly, collusion in bid rigging could help the organisation win contracts, even if the employee acted for personal gain.
• Third-Party Fraud: If a supplier delivers substandard goods but charges for higher-quality products, the organisation might unknowingly sell these goods at a premium, deriving a financial benefit.
• Bribery and Corruption: Unlawful facilitation (or "grease") payments might expedite processes, reducing delays and associated costs, while improper influence could help secure lucrative contracts.
• Fraudulent Applications: Misrepresenting information to secure grants or loans, or submitting false insurance claims, could provide direct financial benefits to the organisation.

How else does s199 present a risk to organisations?

• The employee or associate does not have to be prosecuted or convicted of the offence. It's enough that the offence has been committed (which can lead to the large organisation being guilty). The threshold for culpability is therefore lowered as a result. 
•  S199 also includes aiding, abetting, counselling or procuring the commission of an offence within its scope. 
•  The offence might be committed by an employee, subsidiary or agent of the organisation. Agency is a high risk area because the organisation might not have complete oversight of the actions and processes of others. 
•  An organisation does not need to actually receive any benefit for the offence to apply - since the fraud offence can be complete before any gain is received.

Conclusion

S199 presents a real risk to organisations due to its broad application and the wide range of fraudulent behaviours it captures. Organisations must act now to conduct a thorough fraud risk assessment and implement effective prevention measures. Failure to have effective measures in place for 1 September and beyond could expose organisations to an unlimited fine and significant reputational damage, even where the fraudulent behaviour was primarily intended to benefit others. Please speak to our Fraud team to discuss how we can assist you with your preparations.