The UK Bribery Act 2010 and the New Failure to Prevent Fraud Offence

Bribery and corruption sit close to money laundering in any compliance programme, and the UK has some of the toughest corporate anti-bribery law in the world. For finance professionals, understanding the Bribery Act 2010 — and the newer failure to prevent fraud offence — is essential, because both can make an organisation criminally liable for the actions of people associated with it.

The four offences under the Bribery Act 2010

The Act creates four key offences. The first two are general: offering, promising or giving a bribe (section 1), and requesting, agreeing to receive or accepting a bribe (section 2). The third targets bribing a foreign public official to obtain or retain business (section 6). The fourth — and the one that transformed corporate compliance — is the section 7 offence of failure to prevent bribery: a commercial organisation is liable where a person associated with it bribes someone to win business or an advantage for the organisation.

The "adequate procedures" defence

Section 7 is a strict-liability corporate offence, but it provides a complete defence if the organisation can show it had adequate procedures in place to prevent bribery. Government guidance frames these around six principles: proportionate procedures, top-level commitment, risk assessment, due diligence, communication and training, and monitoring and review. This defence is why anti-bribery policies, training and third-party due diligence became standard across UK business.

The new failure to prevent fraud offence

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) introduced a new corporate offence of failure to prevent fraud, which came into force on 1 September 2025. It deliberately mirrors the section 7 model: a large organisation can be criminally liable, and face an unlimited fine, where a person associated with it commits a specified fraud offence intending to benefit the organisation (or someone to whom it provides services). As with bribery, there is a defence where the organisation had reasonable fraud-prevention procedures in place.

Which organisations are caught?

The failure to prevent fraud offence applies to "large organisations" — broadly those meeting at least two of three criteria: more than 250 employees, more than £36 million turnover, and more than £18 million in total assets. Smaller organisations are outside the direct scope of this offence, though they remain exposed to the other fraud and bribery offences and to reputational and commercial risk.

The wider failure-to-prevent family

These offences now form a recognisable family of corporate liability: failure to prevent bribery (Bribery Act 2010), failure to prevent the facilitation of tax evasion (Criminal Finances Act 2017), and failure to prevent fraud (ECCTA 2023). The common thread is that organisations are expected to actively prevent economic crime by those acting on their behalf, not merely avoid participating themselves. This connects directly to a firm's anti-money laundering obligations and its handling of higher-risk relationships such as politically exposed persons.

What finance teams should do

Review and document your anti-bribery and anti-fraud procedures against the relevant guidance, carry out a fraud risk assessment, train staff and associated persons, and keep evidence that the procedures are real and monitored. Building this knowledge is part of the compliance CPD that regulated professionals increasingly need.

What the offences mean in practice

The UK Bribery Act 2010 created broad offences covering giving and receiving bribes, bribing foreign officials, and — importantly for organisations — the corporate offence of failing to prevent bribery. The newer failure-to-prevent-fraud offence extends a similar logic to fraud, holding organisations responsible where they fail to put adequate measures in place. The common thread is corporate accountability: it is no longer enough for senior management to be personally uninvolved if the organisation has not taken reasonable steps to prevent the conduct.

The "reasonable procedures" defence

For both regimes, the practical protection is having proportionate, well-documented prevention procedures in place. That typically means a clear risk assessment, top-level commitment, due diligence, communication and training, and monitoring and review. The procedures must be genuinely implemented and proportionate to the organisation's risk — a policy on paper that no one follows offers little defence.

What firms should do

Assess where bribery and fraud risks actually sit in your business and supply chain, put proportionate controls around those risks, train people on what's expected, and keep evidence that the procedures operate in practice. Review them regularly as the business and the law change.

Frequently asked questions

What is the difference between sections 1, 6 and 7 of the Bribery Act?

Section 1 covers giving a bribe, section 6 covers bribing a foreign public official specifically, and section 7 is the corporate offence of failing to prevent bribery by an associated person.

Does the failure to prevent fraud offence apply to small firms?

The offence directly targets large organisations meeting the size thresholds. Smaller firms are not caught by this specific offence but remain liable under other fraud and bribery laws.

What counts as "adequate" or "reasonable" procedures?

There is no fixed checklist — the test is whether procedures are proportionate to the organisation's risk. Government guidance sets out principles such as risk assessment, top-level commitment, training and monitoring to shape them.

The failure-to-prevent model has reshaped corporate criminal liability in the UK: prevention is now an active duty, and the strength of your procedures is the difference between a defence and a conviction.