The new “failure to prevent fraud” offence, introduced under the Economic Crime and Corporate Transparency Act takes effect from September 2025, and law firms can’t afford to ignore it.
On the surface, it’s a corporate offence aimed at tackling fraud but beneath that, it’s a cultural shift, a legal requirement to take fraud that may benefit the organisation risk seriously.
A quick refresher
The offence works much like the ‘failure to prevent bribery’ and ‘failure to prevent tax evasion’ offences that came before it. In short, if someone associated with your firm commits fraud that benefits the firm or intends to benefit the firm and you didn’t have reasonable fraud prevention procedures in place, your firm could be held criminally liable.
That person could be a partner, solicitor, secretary, business development executive or anyone acting on the firm’s behalf. Crucially, the fraud must be intended to benefit the firm. If it does, and you haven’t done enough to prevent it, your firm could be facing an unlimited fine.
Not just a Big Co. problem
Some firms are tempted to dismiss this as a concern for large commercial practices or City firms and that’s a mistake.
The offence only applies to large organisations, which are defined by meeting at least two of the following criteria: more than 250 employees, over £36 million in turnover and more than £18 million in assets. That said, even firms that don’t meet this threshold should be thinking about this because regulators, insurers and clients increasingly expect clear fraud prevention measures regardless of size.
There are also other benefits to taking this seriously which we explore in this article.
What fraud can look like in a law firm
The kinds of fraud that could fall under this new offence aren’t just the type of jaw dropping, headline grabbing scenarios like we’ve seen with the Axiom Ince debacle. They can look disturbingly mundane.
Practices that, if left unattended, risk exposing the firm to regulatory penalties and possible criminal consequences:
- Time recording and billing fraud: A partner encourages their team to round up hours or bill for internal catch-ups under client codes. Or a fee earner time dumps on a large account to hit billing targets. Even a few units here and there might seem harmless, but over time, it adds up and if it inflates client bills and benefits the firm financially, that’s fraud.
- Kickbacks from preferred suppliers: A firm’s procurement manager secretly arranges for certain suppliers, like expert witnesses, to inflate their invoices in exchange for a percentage kickback. The firm then passes these inflated costs on to clients as legitimate disbursements. This scheme boosts the firm’s overall revenue, creating a direct financial benefit and exposing the firm to risk under the failure to prevent fraud offence.
- Misrepresenting qualifications or experience: A pitch document includes exaggerated experience or claims about expertise to win business. If successful, that deception has benefited the firm.
- Third-party fraud risks: Litigation funders or deal introducers. If they engage in fraudulent conduct that benefits your firm, even indirectly, you might be at risk.
The key test is simple: did the fraud intend to benefit the firm, even if it didn’t succeed? If yes, you need to show you had reasonable procedures in place to prevent it.
So what does ‘reasonable’ look like?
The government guidance sets out six key principles for preventing fraud. Strong leadership, risk assessment, targeted procedures, due diligence, communication (including training), and ongoing monitoring. This builds on frameworks like the Bribery Act 2010.
It stresses that senior leaders must take responsibility for fraud prevention and highlights the importance of regular reviews. Whistleblowing is also emphasised as a crucial tool for uncovering fraud.
Here’s what law firms should focus on now:
1. Risk assessment first
Every firm should be mapping out where the fraud risks lie. Look across departments, client types, billing structures and third-party relationships. Where are the incentives? Where’s the pressure?
Ask the uncomfortable questions. Do teams understand the line between ‘commercial awareness’ and misrepresentation? How accurate and pressurised is time recording?
2. Policies that speak ‘human’
Some firms already have anti-fraud policies they are often buried somewhere in a hefty PDF. That’s not enough. Firms should update policies and procedures so they clearly define fraud, give practical examples relevant to the law firm and set expectations in plain language.
3. Training
Training needs to be more than a slideshow. Run fraud-focused workshops for partners and team leaders. Make sure junior staff understand the real-life impact of common practices they may not recognise as potentially fraudulent, like embellishing time recording or client conversations.
Focus on training your finance and HR teams, they’re often best placed to spot patterns that suggest something is amiss.
4. Nurture a ‘speak-up’ culture
Firms often have whistleblowing procedures, but cultural barriers can persist. Staff need to feel confident they can raise concerns without career self-destruction. Test whether employees actually know how to raise a concern and crucially whether they feel safe doing it.
5. Audit and review
This isn’t a one-and-done exercise. Build in regular reviews of billing practices, expenses, onboarding procedures and pitch materials. Spot check files. Use analytics and technology to detect anomalies.
Importantly, firms don’t need to eliminate all fraud to defend themselves under the offence they only need to demonstrate that reasonable steps were taken to prevent it.
The advantage for firms
For law firms, the risks extend beyond regulatory and criminal penalties. A conviction for failure to prevent fraud could bring regulatory sanctions, insurance issues, a loss of client trust and significant reputational damage.
This new requirement encourages firms to strengthen their overall approach to fraud prevention, not just in relation to the new offence. In the process of a fraud risk assessment, both internal and external threats that might be harming the business may come to light and be tackled.
Common employee frauds include diverting payments to personal accounts, procurement scams, asset theft, bribery and false travel or expense claims.
Data from RSM UK, obtained through a freedom of information request, shows a 10% increase in employee fraud cases reported to the City of London Police. The total loss from these frauds reached over £227 million in 2022, five times the £46 million lost the previous year. According to the data, on average, each case involved a loss of about £256,000. This tangential evidence demonstrates that fraud is happening out there in the world at an employee level and this might also be happening at your firm even if you aren’t actively tracking it.
Responding appropriately to this new offence is an opportunity to strengthen not only compliance but also the firm’s resilience by minimising the instances and impact of fraud on the business. This risk review and implementation exercise can take time, don’t leave it until September to start.