The construction sector is on the brink of a significant regulatory shift with the pending implementation of a new criminal offence under the Economic Crime and Corporate Transparency Act 2023 (“ECCTA”). As the countdown to 1 September 2025 begins, organisations operating in the UK construction sector must brace themselves for the new failure to prevent fraud (“FTPF”) offence. This legislation aims to hold large organisations criminally liable when an associated person engages in fraudulent conduct intended to benefit the organisation or its customers.
ECCTA is a comprehensive legislative framework designed to combat economic crime and enhance corporate transparency. The FTPF offence specifically targets large organisations, defined as those meeting two or more of the following attributes: a net turnover exceeding £36 million; a balance sheet over £18 million; and/or more than 250 employees. The FTPF offence encompasses a wide range of common law and statutory fraud offences including non-financial elements such as Environment, Social and Governance (“ESG”) reporting making it broader in scope than previous failure to prevent offences.
Key Risks for the Construction Sector
Within the construction sector, projects often face immense political and public pressure to meet deadlines and deliver results. This urgency can create an environment where corners are cut, and fraudulent activities are overlooked to ensure project completion. Additionally, the construction sector is characterised by its lack of standardisation, with each project being unique and presenting its own set of challenges and requirements. This variability can make it difficult to implement consistent fraud prevention measures across different projects. Delays and cost overruns, which are common in construction projects, can be exploited by unscrupulous individuals to push forward fraudulent claims or inflate costs.
The construction industry relies on long, and often complex, supply chains involving numerous contractors, subcontractors, suppliers, and stakeholders. This can obscure fraudulent activities and make it challenging to trace accountability. The common practice of awarding contracts to the lowest bidder can incentivise contractors to seek profits through fraudulent means, such as inflating costs or cutting corners on quality. The substantial costs associated with construction projects can provide cover for fraudulent activities and waste, as large sums of money can be siphoned off without immediate detection. Furthermore, the quality of construction work can be difficult to assess, especially in large-scale projects, allowing fraudulent practices of carrying out low quality work to save costs to go unnoticed.
Local autonomy in project management can create opportunities for financial leakage and fraud and decentralised decision-making can make it harder to enforce consistent fraud prevention measures. Inadequate supervision and oversight in project management can lead to lapses in fraud prevention, where proper checks, balances and controls are overlooked or ignored, allowing fraudulent activities to thrive. Remote project locations can pose additional challenges for fraud prevention, as limited access and oversight can create opportunities for fraudulent activities to go undetected. The construction sector is also subject to extensive regulatory burdens and bureaucratic red tape, which can divert attention, focus and resources from fraud prevention efforts.
The construction industry has historically had a reputation for corruption, bribes, and collusive behaviour, making it a higher risk sector for fraud compared to others. The combination of political and public pressure, lack of standardisation, complex supply chains, and local autonomy creates a perfect storm for fraudulent activities to flourish. The FTPF offence means that change is required, and urgently.
Steps to Be Taken Now
The only defence against the FTPF offence will be if an organisation can show that it had in place reasonable prevention procedures. The UK government released Statutory Guidance[1] on 6 November 2024, outlining the reasonable prevention procedures, which are centred around six key principles:
- Top-level commitment – Senior leaders taking responsibility for fraud risk management, and fostering a culture and environment where fraud is not acceptable;
- Risk assessment – Assessing the risk regularly, of associated persons committing fraud for the benefit of the organisation, its group, or its clients. The guidance specifically notes concerning the review of the risk assessment that it “is a matter for the relevant organisation, but risk assessments are typically conducted at consistent intervals once every two years”;
- Proportionate risk-based fraud prevention procedures – Tailored procedures that are proportionate and appropriate to the risks identified from the risk assessment process;
- Due diligence – Tailored due diligence procedures, the guidance specifically notes ““merely applying existing procedures tailored to a different type of risk will not necessarily be an adequate response”;
- Communication – Effective communication and training within the organisation, covering scenarios of how offences could materialise in practice. The communication principle also encompasses an effective whistleblowing framework;
- Monitoring and review – Monitoring and reviewing the fraud prevention program to ensure its effectiveness and keeping the risk assessment up to date.
The FTPF offence signifies an opportunity for transformational change, with the government implementing the offence to drive a major shift in corporate culture to help reduce fraud and to demonstrate a commitment that fraud and unethical behaviour are not tolerated.
Large organisations need not ‘reinvent the wheel’ for the FTPF offence. The guidance states that “organisations may find it most effective to extend their existing risk assessments to include the risk of frauds in scope of this offence”. Therefore, organisations should consider what existing fraud risk management processes they have in place and review this with a lens that assess the fraud offences that are in scope under this new legislation.
It is crucial for organisations to conduct thorough risk assessments to identify prevalent fraud risks, and to ensure there are proportionate and appropriate controls in place to help mitigate these risks. The Home Office has said that if an organisation does not conduct a risk assessment, they will have close to zero change of benefitting from the reasonable prevention defence. Organisations are unlikely to have considered scenarios whereby the organisation, or an associated person, is committing a fraud to benefit the organisation as part of their risk assessments and this is the real shift that the offence brings into play.
Hinesh Shah, Partner Forensic Accountant, Pinsent Masons & Hannah Bragg, Associate Forensic Accountant, Pinsent Masons
[1] Economic Crime and Corporate Transparency Act 2023: Guidance to organisations on the offence of failure to prevent fraud (accessible version) – GOV.UK