Note:
This guidance is advisory only. The guidance is not a substitute for reading the legislation or obtaining professional legal advice where appropriate or necessary.
Statutory guidance in relation to fraud prevention procedures is published by the Home Office at Economic Crime and Corporate Transparency Act 2023: Guidance to organisations on the offence of failure to prevent fraud (accessible version) - GOV.UK. All organisations should review the Home Office Guidance when establishing and reviewing their fraud prevention procedures.
See Section 1.4 of the Home Office Guidance for any conflict between alternative sources of guidance.
Prosecution risk
NHS organisations are at risk of being prosecuted.
The failure to prevent fraud offence holds organisations to account if any fraud offence is committed by their employees, agents, subsidiaries or other ‘associated’ persons who provide services for, or on behalf of, the organisation. Please refer to the other sections of this advice and the Home Office Guidance for details of the persons associated with an organisation whose fraud may give rise to liability of the organisation.
The offence arises whether or not the organisation benefitted from the offence; it is simply required that the person committing the fraud intended a benefit to the organisation. See Annex 1 to the Home Office Guidance for a summary of the requirements of the offence as regards ‘associated’ persons and their intention to benefit the organisation.
The offence comes into effect on 01 September 2025. In order to have a defence to the offence NHS organisations will need to have reasonable fraud prevention procedures in place before that date.
In the context of an NHS organisation falling within the scope of the offence, it is likely to be reasonable for the organisation to have in place fraud prevention procedures that take account of the provisions of the Economic Crime and Corporate transparency Act 2023 (ECCTA) together with:
- the statutory guidance provided by the Home Office (Home Office Guidance); and
- the advice provided on this website including the NHSCFA guidance on the application of the Public Sector Fraud Authority requirements.
However, organisations should be aware that this may not be sufficient in the context of any particular organisation and each organisation will need to consider in ‘all the circumstances’ what fraud prevention measures are appropriate. The various guidance notes are therefore a starting point but the organisation will need to have applied the guidance to its own circumstances and will need to give active consideration to the scope of the measures it puts in place.
Where relevant organisations do not have reasonable procedures in place those organisations are at risk of being prosecuted and facing significant fines.
The offence of failure to prevent fraud can be prosecuted by the Crown Prosecution Service (for England and Wales), the Crown Office and Procurator Fiscal Service (for Scotland), the Public Prosecution Service for Northern Ireland, and the Serious Fraud Office (for England, Wales and Northern Ireland. The relevant prosecution service will apply the appropriate code to decide which offence reflects the criminality in any given case. Whether against an individual or corporate, evidential sufficiency and public interest tests will be applied (see Home Office Guidance section 2.7).
Penalties and sanctions
If convicted, an organisation can receive a fine.
Section 199(12) of ECCTA sets out the applicable sanctions where a relevant body is guilty of this offence. As set out in sentencing guidelines under section 125 of the Sentencing Act 2020, courts will take account of all the circumstances in deciding the appropriate level of fine for a particular case.
The Home Office Guidance (section 2.7.2) acknowledges that there are particular challenges involved when fining charities, public bodies and other organisations which provide services to the public. Sentencing guidelines require that when setting a fine, the court must have regard to the impact of that fine on the performance of a public or charitable function.
Reputational damage
Non-compliance can lead to reputational damage.
Non-compliance with the failure to prevent fraud offence might lead to reputational damage and public scrutiny, which could impact patient trust and staff confidence.
Protecting the NHS
Implementation of the new offence will help protect the NHS.
The new offence will help to protect the NHS by driving a culture change towards improved fraud prevention procedures in organisations and by holding organisations to account through prosecutions if they profit from the fraudulent actions of their employees.
Whilst reasonable procedures to prevent fraud should be in place to provide a defence to a potential prosecution for this offence, they will also help to protect the NHS from fraud in the first place. This offence will encourage NHS organisations and ‘associated’ persons to take responsibility for poor systems and controls that may be exploited by individuals to break the law. This will also encourage NHS organisations to ask ‘associated’ persons what reasonable fraud prevention procedures they have in place.
For example, asking large suppliers who are under contract to the NHS, what procedures they have in place to prevent their staff from committing fraud that benefits their organisation might help protect the NHS from fraud committed by its suppliers (that are large enough to qualify for this offence). It is also worth noting that the NHS Standard Contract and the NHS standard terms and conditions for the provision of services include obligations variously on providers, their sub-contractors and suppliers to comply with NHSCFA guidance and to prevent fraud by suppliers and staff of suppliers.