Is your charity protected against fraud?

Fraud is a growing concern for the charity sector, and the new legislation, the Economic Crime and Corporate Transparency Act 2023 (“ECCTA”), places greater responsibility on larger organisations to put in place preventative measures or risk criminal liability.

In this article, we explain what the ‘failure to prevent fraud’ offence means for charities, who it applies to, and the practical steps trustees and senior management should now be considering.

What is the ‘failure to prevent fraud’ offence?

As of 1 September 2025, the Economic Crime and Corporate Transparency Act 2023 applies a new corporate offence: failure to prevent fraud.

Under this law, a charity may be held criminally liable if an employee, agent, or other ‘associated person’ commits fraud for the benefit of the organisation (or, in some cases, its clients) and the charity did not have reasonable fraud prevention procedures in place at the time. Importantly, the organisation does not need to have actually received the benefit of the fraud for the offence to be applicable. An intent to benefit is enough.

Does the failure to prevent fraud offence apply to all charities?

This new offence applies only to incorporated charities that meet at least two of the following criteria:

• Have more than 250 employees;
• Generate £36 million or more in turnover; or
• Have assets totalling £18 million or more.

These thresholds are based on the charity’s financial year immediately preceding the fraudulent offence and apply across the organisation, including any subsidiaries.

What are the legal implications?

One of the most notable features of the new offence is that it does not require knowledge or involvement from trustees, directors, or members. In other words, even if the board was unaware of the fraudulent conduct, the charity itself can still be held criminally liable if proper safeguards were not in place.

However, individuals within the organisation will not be personally liable unless they themselves committed fraud.

Why is this change being introduced?

The primary aim of the legislation is to:

• Improve accountability within organisations for fraudulent acts committed by its employees, agents or ‘associated persons’;
• Encourage organisations to actively implement and review fraud prevention systems; and
• Deter associated persons from engaging in fraudulent conduct.

Charities are entrusted with public and donor funds, so ensuring those resources are protected is vital to maintaining public confidence.

How can charities comply with the legislation?

If your charity falls within the scope of this offence, it is recommended that you do the following to comply with the new legislation:

Review and risk assessment

Conduct a comprehensive fraud risk assessment. Pay particular attention to:

• Areas of high risk in your operations (e.g., procurement, grant distribution, fundraising); and
• The likelihood of opportunity, motive, and rationalisation within your charity.

Proportionate prevention procedures

Develop and implement policies and internal controls that are proportionate to your risk level. These may include:

• Segregation of duties in financial processes;
• Enhanced due diligence on partners, agents, and third parties; and
• Anti-fraud training for all staff and volunteers.

Board and senior management commitment

Set the tone from the top. The commitment of trustees and leadership is essential to embed a culture of prevention.

Communication and training

Ensure your internal policies are clearly communicated. Run regular training and awareness sessions for all levels of staff, especially those in financial or operational roles.

Monitoring and ongoing review

Keep your fraud prevention policies under regular review. Ensure they are updated in response to changing risks, new regulations, or emerging threats.

Whilst it is recommended that organisations should consider the above, it is not an exhaustive list. Organisations need to adopt measures which best suit their needs. If a situation arises which may trigger the offence, it is up to them to prove they had reasonable procedures in place at the time to prevent such behaviour.

Practical tips for smaller or unincorporated charities

Even if your charity doesn’t meet the criteria for the new offence, fraud prevention remains essential. All charities should:

• Have basic internal financial controls in place;
• Ensure a clear reporting process for suspected fraud;
• Consider appointing a designated fraud officer or contact; and
• Refer to the Charity Commission’s guidance on tackling fraud.

More guidance for charities

The UK Home Office has published detailed guidance on complying with the new offence.

We also recommend reviewing the Charity Commission's collection of fraud prevention resources.

If your charity is affected by this legislation and you have not considered the above practical steps to comply, the time to act is now. The legal implications are significant, and organisations will need to demonstrate they took reasonable steps to prevent fraud before any wrongdoing occurs.