From 1 September 2025, some charities will face a new compliance obligation under the Economic Crime and Corporate Transparency Act 2023: the corporate offence of failure to prevent fraud.

This legislation is designed to hold large organisations accountable when individuals acting on their behalf commit fraud, intended to benefit the charity or its beneficiaries, and where the organisation lacks reasonable procedures to prevent it.

If an employee, agent, contractor or an individual working for a subsidiary of a charity engages in fraudulent conduct, the charity could be prosecuted unless it can demonstrate that it had proportionate and effective fraud prevention measures in place.

Importantly, the offence does not require proof that the board of trustees or senior management knew about or authorised the fraud. Instead, liability arises from the charity’s failure to prevent it. This shift places a renewed emphasis on governance, risk assessment, and internal controls – areas where charities must now act decisively. The government has issued comprehensive guidance on the new offence, which you can access here.

It is important to note that although the offence applies to “large” charities, defined as those meeting at least two of the following thresholds: more than 250 employees, over £36 million in turnover, or more than £18 million in total assets, in practise this means that charities which may normally be considered medium sized would be captured by the new offence. The offence covers a wide range of fraud offences, including false representation, abuse of position, and false accounting.

The guidance is clear that even if the agent or representative’s primary intention was to benefit themselves, if their actions also benefit the charity, for instance through more people signing up to pay for services provided by the charity, the charity could be guilty of the new offence.

Given their wider duties, even charities that are not caught by the legislation may be expected to take all reasonable steps to prevent fraud. The guidance recommends that organisations put in place a fraud prevention framework based on the following core principles:

  1. Top-Level Commitment
    • Senior leadership (e.g. trustee board / directors) must actively promote a culture of integrity and zero tolerance for fraud.
    • This includes formal statements rejecting fraud, visible endorsement of anti-fraud policies, for instance during webinars or “town halls” or by email updates.
  2. Risk Assessment
    • Conduct a dynamic and documented assessment of risk areas for fraud. This should include reviewing different areas of the charities’ operations to assess whether they are likely to be suspectable to fraud.
    • Identify high-risk roles, for instance, agents or contractors acting for the charity, particularly if they are not being closely monitored (for example because they are overseas).
    • Review risk assessments regularly, especially after incidents, during structural changes, or regulatory changes.
  3. Proportionate Risk-Based Procedures
    • Develop a fraud prevention plan proportionate to the risks identified.
    • This may include:
      • Vetting and training for high-risk roles.
      • Reducing the motive for fraud – this could include looking at payment and incentive structures to ensure that these do not encourage fraud.
      • Contractual clauses with employees, contactors and agents explicitly requiring those individuals to comply with the relevant laws and policies relating to fraud, and to notify the  organisation if they becomes aware of any breaches.
      • Clear notification and escalation routes for suspected fraud, which could include whistleblowing arrangements.
  4. Due Diligence
    • Carry out due diligence on all associated persons — including agents and employees of the charity and any subsidiary of the charity.
    • This could involve:
      • Screening for past misconduct – including of any key personnel at the charity.
      • Reviewing contractual arrangements to ensure such agreements include appropriate obligations and termination rights.Assessing the processes and training in place at those organisations.
      • Reviewing and monitoring the well-being of staff to identify individuals who may be at a higher risk of committing fraud because of stress, workloads or targets.
  5. Communication and Training
    • Ensure anti-fraud policies are well communicated and understood across the organisation and the organisation’s delivery network.
    • Provide tailored training for staff and delivery partners, especially those in high-risk roles.
    • Reinforce whistleblowing procedures and ensure that these are communicated to staff at delivery partners.
  6. Monitoring and Review
    • Monitor the effectiveness of fraud prevention measures through:
      • Data analyticsInternal audits
      • Feedback from staff and centresLessons from investigations or whistleblowing
    • Review procedures at least every two years or sooner if risks change.

What’s next?

If your organisation is “large” for the purposes of the new offence, then consider which of the steps above you will need to take. The risk points for each organisation are going to be different, and it is important to assess where the highest risk areas are for your charity.

If you have any questions around your obligations under ECCTA 2023 or would like to discuss how you can implement robust fraud prevention policies, please contact Rob Oakley or Laura Hobbs.


The material in this article is provided for guidance and general information only and is not intended to constitute legal or other professional advice upon which you should rely. In particular, the information should not be used as a substitute for a full and proper consultation with a suitably qualified professional. Please do contact the Bates Wells team if you require further advice or information about management training which we offer.