From 1 September 2025, large UK organisations will be subject to a new FTP offence.
Introduced under the Economic Crime and Corporate Transparency Act 2023, FTP applies to fraud committed by persons "associated" with a firm, where that offence is intended to benefit the organisation or its customers.
"Associated persons" can be employees, agents or subsidiaries of a firm, and includes those who perform services on behalf of the business.
The offence applies to incorporated entities and partnerships across all sectors that meet at least two of the three qualifying criteria of more than 250 employees; turnover exceeding £36 million, and/or assets exceeding £18 million.
FTP is a strict liability criminal offence, which means that where an underlying fraud can be proven, the organisation will be deemed liable for failing to prevent it. If convicted, the firm may receive an unlimited fine and significant reputational damage.
The only defence is for a firm to show it had reasonable and proportionate controls in place to manage the risk.
Read more: Age UK finance manager jailed for fraud after stealing £460k
In most firms, the biggest risk will be offences committed by employees. This means that HR professionals will need to help to build effective control frameworks, provide advice on inherent people risks in business choices, and help to spot where there is a risk of fraud being committed.
This will require effective channels of communication between a firm's compliance and HR functions.
Risky business
Highly competitive industries that operate on thin margins and are driven by sales targets are likely to have a higher risk of fraud, as there is a more obvious incentive for employees to push boundaries to achieve targets or commission.
But even where the risks are clear, identifying fraud before it takes place can be tricky.
While most organisations above a certain size will have designated officers with responsibility for fraud as part of a wider compliance remit, few businesses currently have policies that cover prevention of fraud committed by the organisation itself, rather than fraud where the firm is the victim. This means most firms will need to assess their high-risk areas and consider what controls need to be put in place.
Fraud red flags
While motivations vary, human pressures – such as personal financial difficulties, demanding sales targets, overwork, discontent with working conditions and performance concerns – are common drivers for employees to commit fraud.
HR professionals are not always privy to employees' feelings but, in many cases, HR will be notified about problems such as work-related stress and performance issues, which are red flag indicators for fraud. These concerns must be documented.
Read more: The new Failure to Prevent Fraud offence: the employer perspective
For most companies, fraud indicators will not make it out of the HR department, and no additional safeguarding will be put in place to manage the potentially higher risk. There are good reasons for this, such as restrictions on sharing personal data under the GDPR, as well as general expectations of confidentiality by employees who confide personal problems to HR.
However, some barriers to sharing information, such as siloed working practices and a lack of awareness of how to spot fraud risk and deal with it, can be overcome with appropriate training, policies and processes.
Although HR teams may be less able to report on individuals, they can take responsibility for mapping patterns and escalating those. For example, if a number of people complain that they can't hit their targets, HR teams should be able to spot this and query with managers whether those targets are in the right place.
For individuals who report feeling stressed or unhappy with their jobs, or who are on performance improvement plans (PIPs), it is sensible to ascertain whether those people have non-essential access to material or assets that give them opportunities to commit fraud, particularly if they have moved roles during their employment and so may have historic access to sensitive material.
Sarah Partridge-Smith is counsel in Dentons' regulatory and investigations practice
