Aberdein Considine Skip to main content

Strict penalties await Scottish businesses that fail to prevent fraud

By Ross Webb, partner in Dispute Resolution

New “failure to prevent fraud guidance” for Scottish businesses introduces strict liability for large organisations, demanding proactive fraud risk management and cultural change. 

The UK’s new Failure to Prevent Fraud offence came into force on 1 September 2025, under the Economic Crime and Corporate Transparency Act 2023. While this applies across the UK, its enforcement in Scotland carries distinct implications, particularly for large organisations operating under the jurisdiction of the Crown Office and Procurator Fiscal Service.

The Failure to Prevent Fraud offence creates strict liability for companies that fail to prevent fraud committed by employees, agents or subsidiaries intended to benefit the organisation or its customers. In Scotland, unlike England and Wales where Deferred Prosecution Agreements (DPAs) are common, enforcement is expected to be more direct, unless the offence is self-reported, with fewer opportunities for negotiated settlements.

This shift places significant pressure on Scottish businesses to implement robust anti-fraud measures. Assigning responsibility to overstretched compliance teams without adequate support risks non-compliance and potential prosecution.

The guidance urges organisations to adopt reasonable procedures to prevent fraud, including: tailored risk assessments, staff training, whistleblowing channels and board level oversight. For large organisation, defined as those meeting two of three thresholds (over 250 employees, £36 million turnover, or £18 million in assets), the stakes are high.

Failure to comply could result in criminal liability and reputational damage, as well as financial penalties. More broadly, the guidance signals a cultural shift: fraud prevention is no longer a reactive compliance task but a proactive governance priority.

It’s therefore crucial for Scottish businesses to act swiftly to align with the new expectations, embedding fraud prevention into their operational DNA. As enforcement ramps up, those who delay risk becoming cautionary tales in a new era of corporate accountability.