The UK’s new Failure to Prevent Fraud Offence (FTPF) comes into force in September 2025. Introduced by the Economic Crime and Corporate Transparency Act 2023 (ECCTA), the FTPF offence creates a corporate criminal liability for organisations that fail to prevent fraud committed by an ‘associated person’ with the intention of benefiting the organisation.
The guidance published by the Home Office in November 2024 makes it clear that an organisation’s primary defence will be demonstrating reasonable fraud prevention procedures. What are the key aspects of the Guidance and its implications for Private Equity (PE) firms and their portfolio companies?
Impact on PE firms
The FTPF offence has significant implications for PE firms, particularly on how they manage risk and governance in their investments and operations. PE firms could face legal, financial, and reputational consequences, as well as be held accountable for fraudulent activities committed by employees, portfolio company executives, or third parties associated with their investments. Limited partners may also lose trust, leading to difficulty in raising future funds.
Impact on portfolio companies
During an exit process, a portfolio company’s lack of robust fraud prevention measures may, in addition to losses from the actual fraud, increase the burden on the eventual acquirer to implement remedial measures, negatively impacting the valuation and sales process.
Ensuring compliance with fraud prevention regulations can be crucial to achieving a smooth and timely exit. The increased focus on preventing fraud may require portfolio companies to invest significantly in resources, such as new technology for fraud detection, regular financial audits, or compliance certifications.
Key considerations
The Guidance provides a fraud prevention framework for compliance with ECCTA, which PE firms should review and adapt to their specific structure and risks. This framework is underpinned by six principles for an organisation to consider when reviewing procedures:
- Top-level commitment
- Risk assessment
- Proportionate risk-based prevention procedures
- Due diligence
- Communication (including training)
- Monitoring and review
Three of the six principles set out in the Guidance are particularly critical for PE firms to consider in their fraud prevention efforts: risk assessment, proportionate risk-based prevention procedures, and due diligence.
Risk Assessment
The FTPF offence builds on the Failure to Prevent Bribery (Bribery Act 2010). Organisations should already have many of the systems and processes in place necessary to tackle the new offence.
However, a key difference – and one that will help identify the relevant fraud risks – is the Guidance’s suggestion that organisations undertake risk assessments with the three elements of the Fraud Triangle in mind. These three elements are:
- Opportunity
- Motive
- Rationalisation
Given the importance of investor reporting in this sector, key risk owners identified within the portfolio companies should assess whether there are pressures on staff to report fraudulently.
Portfolio companies’ financial and non-financial reporting (such as ESG metrics) must be accurate and not misleading. Exaggerating claims with the intention to deceive consumers or investors can constitute fraud by false representation.
Key risk owners within the portfolio companies must have sufficient training to understand the significance of their role and any risks associated with a failure to prevent fraud.
With this approach, organisations will review persons in key positions at both the PE firm and the associated portfolio companies to determine and map out potential scenarios where the associated person might commit fraud. In assessing the risk, the assessment should consider both the likelihood and the impact of that fraud on the organisation.
The Guidance also clearly states that the risk assessment should be kept under review and suggests an interval of every two years.
Proportionate risk-based prevention procedures
Fraud prevention measures identified in the risk assessment should align with the level of risk each organisation faces. It is important to note that the Guidance acknowledges the differing levels of control and oversight that an organisation can exercise over different associated persons. For instance, an organisation can reasonably be expected to exercise more control and supervision over its own employees than an employee of a third party.
Appropriate risk-based prevention procedures should be designed to reduce the opportunities and motives for fraud and may include:
- Implementing fraud prevention plans for portfolio companies and their internal functions susceptible to higher fraud risks
- Identifying potential conflicts of interest
- Carrying out robust pre-employment checks
- Ensuring that bonus and performance frameworks do not encourage behaviours that could lead to fraud, such as excessive risk-taking to meet unrealistic sales targets
The Guidance also states that in “some limited circumstances”, it may be reasonable not to implement prevention procedures in relation to an identified fraud risk. Crucially, any decision not to do so must be documented (together with the name and position of the person who authorised that decision) and reviewed regularly.
Due diligence
PE firms must ensure that due diligence performed as part of the investment process is sufficiently robust to identify fraud risks at their portfolio companies. This should include a detailed review of internal controls, fraud prevention measures, and assessing whether the company's compliance frameworks are adequate.
PE firms must ensure that portfolio companies have solid anti-fraud frameworks in place to avoid potential liability:
- PE firms should strengthen pre-investment due diligence to screen for past fraud, regulatory breaches, and accounting irregularities
- Given the potential legal and financial impacts of failing to prevent fraud, PE firms may also consider regularly monitoring their investments, ensuring that fraud prevention measures are continuously effective and any emerging risks are addressed promptly.
Summary
The FTPF offence puts a greater onus on PE firms to ensure that fraud prevention measures are integrated – not just into their operations, but into those of their portfolio companies, too.
By rigorously prioritising compliance and fraud prevention, PE firms can potentially protect themselves from legal and reputational risks, ensuring long-term sustainability for their investments. The obligations under the new offence could also become a differentiator for firms that make themselves more attractive to investors by proactively implementing and enforcing fraud prevention systems.