By Stephen Sidebottom, Chairman, Institute of Risk Management

The UK government has introduced a new corporate criminal offence under the Economic Crime and Corporate Transparency Act, set to take effect in 2025. This legislation holds large organisations accountable if they fail to prevent fraud committed by employees, agents, or subsidiaries acting on their behalf. The offence applies to businesses that meet specific size criteria based on employees, turnover, and assets.

If fraud occurs within an organisation and benefits the company, it can be prosecuted unless it can demonstrate reasonable fraud prevention measures were in place. This law aims to reshape corporate culture, encouraging businesses to proactively combat fraud rather than merely reacting to incidents. With fraud remaining a significant issue in England and Wales, this offence is a step toward strengthening corporate accountability and protecting victims.

Fraud is not just a financial crime, it’s a systemic risk that threatens businesses, economies, and society at large. In an era where digital transactions dominate and regulatory scrutiny intensifies, organisations must take a proactive stance in managing fraud risks. Effective Enterprise Risk Management (ERM) is the cornerstone of this approach, ensuring businesses remain resilient against financial crime while fostering trust among stakeholders.

Fraud: A Growing Global Concern

The scale of fraud is staggering. According to recent reports, fraud costs the global economy trillions of dollars annually. From procurement fraud to cybercrime, organisations face an evolving landscape of threats that demand sophisticated risk management strategies. The financial and reputational damage caused by fraud can be devastating, leading to regulatory penalties, loss of investor confidence, and operational disruptions.

Beyond corporate losses, fraud has far-reaching consequences for society. It erodes trust in financial institutions, increases costs for consumers, and diverts resources away from essential services. Governments and regulators worldwide are tightening compliance requirements, making it imperative for organisations to integrate robust fraud prevention measures into their risk frameworks.

The Role of Enterprise Risk Management

ERM is not just about compliance, it’s about strategic foresight. A well-structured ERM framework enables organisations to identify vulnerabilities, assess risks, and implement controls that mitigate fraud before it occurs. This proactive approach ensures that businesses are not merely reacting to fraud incidents but actively preventing them.

Key components of an effective ERM strategy include:

  • Risk Assessment & Monitoring – Continuously evaluating fraud risks and adapting strategies to emerging threats.
  • Internal Controls & Governance – Establishing clear policies, ethical guidelines, and oversight mechanisms.
  • Technology & Data Analytics – Leveraging AI and machine learning to detect anomalies and prevent fraudulent activities.
  • Regulatory Compliance – Aligning risk management practices with evolving legal requirements.

By embedding ERM into corporate culture, organisations can create a fraud-resistant environment that safeguards assets and enhances long-term sustainability.

Qualified Professionals: The Frontline Defence Against Fraud

Risk management is only as effective as the people implementing it. Having qualified professionals in place is essential to meeting regulatory requirements and ensuring fraud prevention strategies are executed effectively. Certified risk managers bring expertise in fraud detection, compliance, and strategic risk mitigation, making them invaluable assets to any organisation.

The IRM champions the development of risk professionals through internationally recognised qualifications and training programs. By investing in skilled personnel, businesses can strengthen their fraud prevention capabilities and foster a culture of accountability.

The Responsibility of Organisations

Fraud prevention is not just a regulatory obligation, it’s a corporate responsibility. Organisations must take ownership of their risk management strategies, ensuring they are proactive, adaptive, and resilient. This means fostering a culture of integrity, equipping employees with the right tools, and collaborating with industry experts to stay ahead of fraud trends.

I urge businesses to prioritise ERM as a fundamental pillar of their operations. The cost of inaction is far greater than the investment in prevention. By embracing a risk-aware mindset, organisations can protect themselves, their stakeholders, and the broader economy from the damaging effects of fraud.