CareersContact

Looking for something?

Back to news and insights
Article

A Practical Discussion on Preparing for the UK Failure to Prevent Fraud Offence

July 14, 2025
HomeNews and insightsA Practical Discussion on Preparing for the UK Failure to Prevent Fraud Offence

With the UK’s new Failure to Prevent Fraud (FTPF) offence coming into effect on 1 September, it is not long until we see how quickly the UK Serious Fraud Office (SFO) starts testing its new powers in expanding the corporate liability regime. Companies will soon be held accountable not just for internal fraud, but for fraudulent acts committed by associated parties, including agents, contractors, subsidiaries, and joint ventures, without the need to prove senior leadership involvement.

Building on previous articles outlining the FTPF offence and how to prepare for it, FRA partner Weng Yee Ng invited Dan Jarman, Head of Ethics, Compliance & Insurance at Deliveroo to join FRA director Sharon Hall for a practical discussion on the opportunities and challenges in this process. The recording of the webinar, summarised below, is also available here.

A Shift in Scope and Liability

Sharon began by outlining what makes the offence so different. The scope of fraud risk has widened dramatically, both in terms of who can trigger liability and what types of activities are covered. “There are two critical elements,” she explained. “One is the inclusion of associated persons. The second is that there’s no longer a need to prove that senior managers were directly involved.”

This shift challenges traditional fraud risk assessments, which have typically focused inward on risk areas such as accounting misstatements or internal theft. Now, companies must also consider risks from third parties and other associated persons, even across borders where a UK nexus is present. This means evaluating potential fraud exposure arising from distributors, sales agents, affiliates, contractors, and joint ventures.

Leveraging Existing Risk Frameworks

Although the offence is new, Sharon and Dan both agreed that companies did not need to start from scratch. Many can build on compliance programs already developed for the UK Bribery Act or other regulatory regimes like AML or sanctions. “If you’ve conducted anti-bribery risk assessments, you’ll find synergies,” Sharon said. “Due diligence, third-party risk, controls, they all overlap.”

Dan echoed that sentiment but warned against complacency: “It’s tempting to copy-paste an old assessment, share it for comment, and move on. But you skip critical thinking that way. We got much more out of our whiteboarding sessions, asking ‘what could go wrong’ with a blank sheet.”

Building a Credible Defence

Sharon stressed that a risk assessment is the foundation. “It will guide you on where to focus, and help you avoid unnecessary pressure or fatigue.” She warned against one-off compliance efforts. “A risk assessment that’s been done once and filed away is worthless. It needs to be updated regularly, especially in dynamic or high-growth sectors.” (Read more from Sharon on robust risk assessment frameworks here.)

In adopting these, it is very important to remember that reasonable procedures should be proportionate to the risk and the size/nature of the business. To this end, regular risk assessments ensure the right focus, avoiding fatigue or overburdening while building a programme fit for purpose.  

Documentation is equally critical. “You’ll need to show why you selected certain controls, and why others weren’t used. That justification matters.” Simply pointing to a typical inventory of internal financial controls is unlikely to be sufficient. (Read more on demonstrating effective internal fraud controls here.)

Engaging the Whole Business

One recurring challenge is that many employees, especially outside the finance function, are not involved nor practiced in assessing fraud risk in their business area. Dan stressed that legal and compliance teams engaging these teams must do so in an active, creative, and relatable manner. He described leading sessions that explored why good people make bad decisions, touching on concepts like moral muteness, blindness, and rationalization. “We use videos and humour to anchor ideas in memory,” he said. “It sparks recognition.”

This approach was supported by Sharon who reiterated the importance of tailoring examples to each function, for example, sales teams understanding how fake contracts can inflate commissions and harm the business, procurement being alert to vendor manipulation and even engineers’ potential involvement in questionable revenue recognition judgments. “You have to make it real,” she said. “Relevance is everything.”

The Role of Culture

Culture, Dan said, is the theme that connects everything. “Does your board and senior leadership know where the fraud policy is? Do they know who owns it? Are they prepared to terminate risky third parties? That’s culture in action.”

“You are going to need to demonstrate that your company has integrity”, Sharon added. For a defence to hold up, its culture must be authentic—not just words on a slide. It needs to show up in training, decision-making, and how the organization handles red flags.

Technology and Monitoring

At Deliveroo, machine learning models are integral in helping detect and prevent fraudulent transactions at scale. “We’ve built our own, which lets us learn and improve,” Dan said. “But AI isn’t magic. We still need to verify results and avoid relying blindly on algorithms.”

Sharon added that structured and unstructured data analysis is crucial. FRA uses transaction monitoring and anomaly detection to look for evidence of suspicious transactions, document reviews, keyword libraries, and even simulations—like “fake a fraud” drills—to test the resilience of the fraud controls in real-world conditions.

From Data to Defence

Both Dan and Sharon emphasized the importance of using internal data like whistleblower alerts, audit findings, and past investigations to refine risk assessments and control frameworks. “These feedback loops are essential,” Dan said. “They’re not just best practice, they’re expected by regulators.”

Looking Ahead

Unlike the UK Bribery Act, which saw a gap of several years between its launch and first major investigation, Sharon noted that SFO Director Nick Ephgrave’s public statements to date suggested that the SFO may not wait so long this time. “The SFO has said they’re ready to use this law. They’ve learned from the past, and they will act quickly.”

Dan noted that companies with integrated, risk-based compliance programs will be better positioned to respond. “This isn’t more red tape. It’s about embedding fraud risk into how you already manage your business.”

With thanks to Antonia Brooks for preparing this summary.

No items found.
Authors

Weng Yee Ng

Partner
Associée
,
London

Sharon Hall

Director
Directrice
,
London
Related expertise
Governance, Risk Management and Compliance Enhancement
Advisory
Fraud
Get in touch
Related Experts
Related case studies
Related News and insights
Miguel Carrillo

Miguel Carrillo

Senior Associate
Dallas
More info
Amy Cheung

Amy Cheung

Director
London
More info
Frances McLeod

Frances McLeod

Founding Partner
Washington DC
More info
Amina Hussain

Amina Hussain

Associate
London
More info

Binance

Find out more

Gunvor SA

Find out more
News

Equal Representation for Expert Witnesses Spotlight Series Featuring Victoria Richards

July 4, 2025
Article

Pre-acquisition due diligence for corporate investors: a sobering reminder

June 26, 2025
Webinar

Live Webinar | Navigating the FCA’s Motor Finance Redress Direction

July 10, 2025
Article

FCPA Enforcement Update: Strategic Shift, Renewed Focus

June 19, 2025

Contact Us

To request further information about our services and industry experience or to have an FRA Partner contact you directly, please complete the contact form or send us an email.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Article
Article
Governance, Risk Management and Compliance Enhancement
Advisory
Fraud