Four-in-ten companies haven’t trained staff on the new offence, despite training being the only defence. Only 29% of UK organisations have delivered training on the new Failure to Prevent Fraud offence, according to a new poll* of 278 compliance professionals. The law, which came into force on 1 September, introduces strict liability for large companies that benefit from fraud committed by staff, subsidiaries or agents, even if senior leadership is unaware.

With no requirement to prove intent, the only defence under the law is for organisations to show they had “reasonable procedures” in place, including documented, role-relevant staff training. But over 40% of organisations surveyed said they either haven’t started training or are unsure whether it’s happened. The same gap appears around failure to prevent tax evasion. On this nearly identical offence, only 29% of companies conduct annual training, and over a quarter don’t train or don’t plan to.

The poll also highlights wider gaps in compliance infrastructure. More than a third (35%) of respondents still rely on spreadsheets for anti-money laundering onboarding, and 23% are operating without any formal system at all. These kinds of ad hoc processes make it difficult to track risk assessments, monitor due diligence, or evidence oversight, all of which are essential for demonstrating compliance.

When asked which aspect of the new law they were most concerned about, the most common response was risk assessment (25%), the very foundation of any “reasonable procedures” defence. This suggests that many organisations are struggling with the first and most basic step in building a defensible fraud prevention framework.

“This offence wasn’t designed to catch fraudsters. It was designed to catch companies that failed to prevent fraud,” said Nick Henderson-Mayo, Head of Compliance at VinciWorks. “Organisations need to be doing more than simply having policies on paper or vague intentions to train staff. The SFO has made it clear that it expects evidence of risk assessments, due diligence, and internal systems that actually work. If you’re still relying on spreadsheets or haven’t documented your fraud training, you may already be exposed. Reasonable procedures aren’t about perfection, but they are about proof.”

“We’ve seen this before,” added Henderson-Mayo. “When failure to prevent bribery was introduced, many thought enforcement would be rare; that was until the Swett Group and Airbus cases landed. Fraud will be no different.”

The Failure to Prevent Fraud offence applies to large organisations, defined as those meeting at least two of the following thresholds: over 250 employees, more than £36 million in turnover, or over £18 million in assets. A single incident of fraud, whether in procurement, sales, finance, or third-party contracting, could now trigger a criminal investigation.

While some firms have begun putting procedures in place, the poll suggests many are still relying on fragmented processes or legacy tools. In contrast, organisations that have invested in structured fraud frameworks, combining policy, risk assessment, training and reporting, will be better placed to demonstrate compliance and protect themselves in the event of regulatory scrutiny.

*Poll by VinciWorks