Failure to prevent fraud: Large APAC corporates with UK links face enforcement scrutiny and compliance burden under new offence

New “failure to prevent fraud” offence

On 1 September 2025, a new strict liability corporate criminal offence of “failure to prevent fraud” (FtPF) will come into force in the UK under the Economic Crime and Corporate Transparency Act 2023 (ECCTA). This new offence has been described as a game-changer in combatting fraud. In this article, we focus specifically on a key feature of the offence: its extraterritorial reach, enabling prosecution by the SFO of a broad range of fraudulent acts committed anywhere in the world, and the significant implications for large APAC corporates with connections to the UK.

Under the FtPF offence, large organisations with a UK nexus will be strictly liable if an associated person commits a specified fraud offence intending to benefit the organisation or its clients. A “large organisation” is defined as meeting two out of three criteria: (i) more than 250 employees, (ii) turnover exceeding GBP 36 million, or (iii) total assets exceeding GBP 18 million. These criteria encompass the entire organisation, including subsidiaries, irrespective of the location of the organisation’s headquarters.

Crucially, every element of the offence is broadly defined. According to the UK Home Office’s published guidance:

• Associated person: An associated person includes employees, agents, subsidiaries and any person performing services for or on behalf of the organisation. Whether any person is an associated person will be determined by the function performed, not by whether there was a formal agreement in place between the organisation and the associated person. This broad definition of associated persons echoes the approach taken in the UK Bribery Act 2010. 
• Specified fraud offences: The specified fraud offences include fraud by false representation, fraud by failing to disclose information, fraud by abuse of position, participation in a fraudulent business, obtaining services dishonestly, false accounting, false statements by company directors, fraudulent trading and cheating the public revenue. Importantly, aiding, abetting, counselling or procuring any of these offences, even if the fraudulent act never in fact occurred, also fall within the FtFP offence. It is also not necessary for convictions to be obtained for these base fraud offences.
• Intention to benefit the organisation or its clients: The FtPF offence applies even if the organisation or its clients do not ultimately receive any benefit from the fraudulent act, as long as the associated person intended such benefit. Additionally, the intention to benefit the organisation or its clients does not need to be the sole or primary motivation behind the fraud. Even if the fraudulent individual’s main motive is personal gain, the offence still applies if the organisation also benefits.

As this is a strict liability offence, the SFO does not need to prove any intention or negligence on the part of the organisation for liability to arise, provided the other elements of the offence are satisfied. Consequently, organisations cannot defend themselves by pleading ignorance at senior levels of management, nor can they necessarily shift blame onto the proverbial rogue employee or foreign subsidiaries in far-flung jurisdictions.

Importantly, the FtPF offence targets outward-facing fraud—fraud committed by associated persons for the organisation’s benefit—bringing into focus a key compliance blind spot. Many corporate fraud prevention frameworks are designed to protect the organization as a victim from fraud, such as embezzlement and theft, rather than to prevent misconduct by the organisation or its agents as perpetrators in pursuit of commercial gain.

It is also the third in a line of “failure to prevent” corporate offences introduced in the UK, following the failure to prevent bribery offence under the UK Bribery Act 2010 and failure to prevent the facilitation of tax evasion offence under the Criminal Finances Act 2017. Together, these offences reflect a wider evolution in law and jurisprudence aimed at holding corporates to account – not based on the actions of senior management alone, but on the strength and effectiveness of their internal systems and controls.

What the “failure to prevent fraud” offence means for APAC corporates

APAC corporates with UK nexus “in-scope”

APAC corporates may dismiss this UK offence as irrelevant to their business—to their peril. Definitionally, so long as an APAC corporate meets the criteria for a “large organisation” and has business activities involving the UK—such as using UK financial services, raising funds in UK capital markets, serving UK-based customers or investors, or employing persons based in the UK)—it may fall within the jurisdictional scope of the offence. This includes scenarios where fraudulent acts are committed by its associated persons either within the UK or abroad, provided the fraud causes gain or loss in the UK and is intended to benefit the APAC corporate or its clients.

Even where an APAC corporate is not itself within scope as a target of the FtPF offence, it may still be treated as an “associated person” of a UK entity, such as where it acts as a service provider, distributor, joint venture partner or intermediary. Under such arrangements, “in-scope” UK entities may be required to demonstrate that they had “adequate procedures” in place to prevent fraud by the APAC corporate. This is likely to translate into more rigorous due diligence, more robust contractual safeguards, and monitoring obligations imposed on APAC corporates—particularly in high-risk sectors or jurisdictions—as part of UK entities’ broader FtPF compliance efforts.

SFO enforcement in APAC

APAC corporates have more than just theoretical exposure under the FtPF offence: the SFO has made clear that going forward it is “hungrier” and will be more aggressive in pursuing corporate misconduct.

Past enforcement actions under the UK Bribery Act 2010 demonstrate the scale of the risk. Misconduct linked to the APAC region has been at the epicentre of some of the SFO’s most significant investigations under the failure to prevent bribery offence—including the landmark deferred prosecution agreements (DPAs) involving Airbus and Rolls-Royce, which resulted in substantial settlement payments of EUR 1 billion and GBP 497 million respectively.

With the introduction of the new FtPF offence and the broader expansion of corporate criminal liability, the SFO’s Director Nick Ephgrave has issued a stern warning to corporates:

“I know that some companies will choose to ignore issues and hope they go away. To those companies and their advisers, my message is that this gamble has never been riskier. The likelihood of wrongdoing coming to light has never been higher thanks to international co-operation, pro-active intelligence, whistleblowers, traditional media and social media.”

The SFO is also rapidly expanding its cross-border investigatory capabilities. In February 2025, the SFO’s Director travelled to Jakarta to meet with Indonesia’s Corruption Eradication Commission (KPK). A month later, the SFO launched a joint taskforce with Swiss and French prosecutors to intensify investigations into transnational bribery and corruption. These signal that geographical distance is no longer a shield for APAC corporates.

Key risks for APAC corporates

While all large APAC corporates with even minimal UK connections fall within the scope of the offence, those operating in higher-risk sectors—such as natural resources and commodities, financial services, technology and telecommunications, and manufacturing—face significantly greater exposure. These sectors have historically been vulnerable to fraud, falsification and misrepresentation, with notable cases involving the manipulation of trading data and certification standards, abuses involving customer and transaction metrics in financial services, and the fabrication of production outputs in manufacturing.

Past SFO prosecutions and DPAs indicate a focus on serious, systemic misconduct spanning many years and involving multiple jurisdictions and senior-level knowledge or complicity. More recently, the SFO’s Director explicitly identified fraud that distorts or undermines public confidence in financial markets, as well as emerging fraud risks related to environmental, social and governance (ESG) factors, including “greenwashing”, as priority enforcement areas for the SFO. 

In the regulated financial services sector, firms should be alert to parallel enforcement risks posed by the UK Financial Conduct Authority (FCA). The FCA regulates firms conducting regulated activities such as banking, investment services, and insurance in the UK. The FCA wields broad enforcement powers, and may investigate and prosecute misconduct including market abuse and the making of false or misleading statements. While the new FtPF offence is a criminal provision primarily enforced by the SFO, it does not preclude separate or parallel action by the FCA. The two agencies have a history of coordinated investigations, often sharing intelligence while maintaining procedural independence.

What APAC corporates can do now

In the current regulatory and economic environment, large APAC corporates with UK links can find themselves inadvertently exposed to serious liability under the FtPF offence. Geographic distance or local practices are no insulation from scrutiny.

There is only one defence under the FtPF offence: organisations can avoid liability if they can demonstrate they had “reasonable procedures” in place to prevent fraud at the time of the offence.

In the period leading up to 1 September 2025 when the FtPF offence takes effect, and on an ongoing basis thereafter, it is critical for APAC corporates to assess their fraud risks and implement or strengthen their fraud prevention frameworks.

The UK Home Office guidance outlines six core principles that underlie “reasonable procedures”:

1. Top-level commitment: Senior leadership must explicitly endorse and promote fraud prevention as a strategic priority, regularly communicating this stance internally.
2. Risk assessment: Conduct comprehensive, documented assessments to identify fraud risks specific to business operations, sectors, and jurisdictions.
3. Proportionate prevention procedures: Implement preventive controls tailored specifically to assessed risks—simple for low-risk businesses, robust and extensive for higher-risk organisations.
4. Due diligence: Perform thorough background checks and ongoing monitoring of third parties and associated persons to ensure compliance and minimise fraud risk.
5. Communication and training: Regularly deliver clear anti-fraud messaging and practical training tailored to specific roles, enabling employees to recognise, prevent, and report fraudulent activities.
6. Monitoring and review: Continuously monitor and periodically review the effectiveness of fraud prevention controls, updating them to reflect evolving risks and regulatory expectations.

For comprehensive guidance on each of these principles and implementing “reasonable  procedures” generally, please consult our dedicated Failure to Prevent Fraud hub. If you require specific assistance or further clarification, please contact us.