Does the Failure to Prevent Fraud Offence Mark a Real Shift in Corporate Accountability?

Introduction

The introduction of the failure to prevent fraud offence under sections 199 to 209 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) represents Parliament’s most ambitious attempt to hold large organisations criminally liable for economic wrongdoing committed by their associated persons. The offence, which came into force on 1 September 2025, imposes criminal liability on organisations that fail to prevent fraud, subject to a defence of reasonable prevention procedures. It builds upon the model pioneered by section 7 of the Bribery Act 2010, extending the “failure to prevent” framework into the domain of fraud. The question whether this development marks a “real shift” in corporate accountability requires careful definition: a real shift must mean not merely a symbolic legislative gesture, but a structural change in the conditions under which corporations face criminal liability, altering incentives, enforcement outcomes, and the practical landscape of corporate governance.

This essay argues that the failure to prevent fraud offence does represent a genuine, though qualified, shift in corporate accountability. It addresses a well-documented deficiency in English law — the restrictive identification doctrine that historically shielded large, decentralised organisations from criminal liability — and it creates a new enforcement mechanism with the potential to reshape corporate compliance culture. However, the shift is constrained by significant limitations: the offence applies only to “large organisations” as defined by the Act; the reasonable procedures defence may incentivise procedural compliance over substantive ethical reform; enforcement resources remain uncertain; and the offence operates alongside, rather than as a replacement for, the reformed identification doctrine also introduced by ECCTA. Whether the shift proves “real” in practice will depend substantially on prosecutorial strategy, judicial interpretation, and the adequacy of governmental guidance. The essay proceeds by examining the deficiencies in the prior law, the architecture of the new offence, its relationship with existing corporate liability models, the significance and limitations of the reasonable procedures defence, comparative dimensions with the Bribery Act 2010 model, and enforcement prospects.

The Deficiency That Prompted Reform: The Identification Doctrine and Its Limits

For decades, the primary route to corporate criminal liability in English law was the identification doctrine, established in Tesco Supermarkets Ltd v Nattrass [1972] AC 153. Under this principle, a corporation could be held criminally liable only where the offence was committed by a person who could be identified as the “directing mind and will” of the company — typically a director or senior officer who embodied the company in their actions and decisions. The House of Lords in Nattrass drew a sharp distinction between those who represented the company and those who merely served it, holding that a store manager was insufficient to fix Tesco with liability.

The identification doctrine has been subject to sustained academic and institutional criticism. Its central deficiency is structural: large, complex organisations with diffuse decision-making processes are paradoxically less likely to face criminal liability than small companies where directors are closely involved in day-to-day operations. As the Law Commission observed in its 2010 report, Criminal Liability in Regulatory Contexts (Law Com No 195, 2010), the identification doctrine makes it “extremely difficult” to prosecute large corporations because culpable conduct and knowledge are distributed across multiple individuals, none of whom individually qualifies as the directing mind and will. Professor Celia Wells has argued that the identification doctrine reflects an anthropomorphic model of corporate personality that is fundamentally ill-suited to the realities of modern corporate structures (Wells, 2001). Similarly, Gobert and Punch have contended that the doctrine privileges corporate complexity as a shield against criminal liability, thereby undermining the deterrence rationale for corporate criminal law (Gobert and Punch, 2003).

The practical consequences were starkly illustrated by the failed prosecution of Barclays Bank in the context of the Serious Fraud Office’s investigation into the bank’s capital raising arrangements with Qatari investors. In R v Barclays PLC [2018] EWCA Crim 40, the prosecution struggled to fix the bank itself with criminal liability, a difficulty widely attributed to the narrow scope of the identification doctrine. This was not an isolated example. The doctrine’s inadequacy in the context of fraud committed within large organisations had long been recognised. The Fraud Act 2006 created modern fraud offences applicable to individuals, but the mechanism for attributing such fraud to the corporate entity itself remained governed by the restrictive identification principle.

Against this background, the case for reform was well-established before ECCTA was enacted. The question was not whether reform was needed, but what form it should take. The failure to prevent fraud offence represents one answer; the reformed identification doctrine under section 196 of ECCTA, which extends the basis for attribution to include senior managers, represents another. The two mechanisms are complementary but distinct, and the significance of the failure to prevent fraud offence must be assessed in the context of both.

The Architecture of the Failure to Prevent Fraud Offence

Sections 199 to 209 of the ECCTA 2023 create a new offence whereby a large organisation is guilty of an offence if a person “associated” with the organisation commits a specified fraud offence intending to benefit the organisation, or intending to benefit any person to whom the associated person provides services on behalf of the organisation, and the organisation did not have reasonable fraud prevention procedures in place. The offence is modelled on section 7 of the Bribery Act 2010, which imposes liability on commercial organisations that fail to prevent bribery by associated persons.

Several features of the offence deserve close analysis. First, the offence applies only to “large organisations,” defined by reference to meeting two of three threshold conditions in the relevant financial year: turnover of more than £36 million, a balance sheet total of more than £18 million, or more than 250 employees (section 201 ECCTA 2023). This limitation is significant. It means that the offence targets the very organisations that the identification doctrine most conspicuously failed to reach — large, complex entities — but it also means that medium-sized and small organisations remain outside its scope, at least for this specific offence.

Second, the range of “specified fraud offences” is set out in Schedule 13 to the Act and includes offences under the Fraud Act 2006 (fraud by false representation, fraud by failing to disclose information, and fraud by abuse of position), as well as offences of false accounting under section 17 of the Theft Act 1968, fraudulent trading under section 993 of the Companies Act 2006, and cheating the public revenue at common law. This is a broad catalogue, capturing the principal forms of corporate fraud encountered in practice.

Third, the concept of “associated person” is widely defined. An associated person is one who performs services for or on behalf of the organisation, regardless of the capacity in which they do so (section 203 ECCTA 2023). This includes employees, agents, subsidiaries, and potentially contractors or consultants. The breadth of this definition is critical: it means that the organisation cannot insulate itself from liability simply by outsourcing functions or engaging intermediaries.

Fourth, and crucially, the offence provides a defence where the organisation can prove that it had “reasonable fraud prevention procedures” in place at the time, or that it was not reasonable in the circumstances to expect the organisation to have such procedures (section 204 ECCTA 2023). The government published guidance on reasonable prevention procedures under section 205, drawing on the model of the section 9 guidance issued under the Bribery Act 2010. The guidance identifies six principles: top-level commitment, risk assessment, proportionate risk-based prevention procedures, due diligence, communication and training, and monitoring and review. These principles closely mirror the six principles in the Bribery Act guidance and are designed to encourage a risk-based approach to fraud prevention.

Why the Offence Represents a Structural Change in the Liability Framework

The failure to prevent fraud offence represents a structural change in corporate criminal liability for three principal reasons. First, it reverses the effective burden of proof in relation to large-scale corporate fraud. Under the identification doctrine, the prosecution bore the burden of proving that a sufficiently senior individual — the directing mind and will — committed or authorised the fraud. Under the failure to prevent model, the prosecution need only prove that an associated person committed a specified fraud offence with the requisite intent to benefit the organisation or its clients. The burden then shifts to the organisation to demonstrate that it had reasonable prevention procedures in place. This reversal is not merely procedural; it fundamentally alters the incentive structure for large organisations, creating a positive obligation to prevent fraud rather than merely a negative prohibition on committing it.

Second, the offence addresses the problem of corporate diffusion. The identification doctrine struggled precisely because fraud within large organisations is often the product of systemic failures, cultural permissiveness, or inadequate oversight rather than a single directing mind’s decision to commit fraud. By focusing on whether the organisation had adequate prevention procedures, the new offence captures organisational culpability — the failure of governance, supervision, and compliance systems — rather than requiring proof of individual senior culpability. This reflects a more sophisticated understanding of how corporate wrongdoing occurs in practice. As Sullivan has argued, the failure to prevent model represents a shift from a “biographical” to an “organisational” conception of corporate fault (Sullivan, 2020).

Third, the offence creates a regulatory dynamic that extends beyond prosecution. The existence of the offence, combined with the statutory guidance on reasonable procedures, incentivises large organisations to implement fraud prevention frameworks, conduct risk assessments, train employees, and monitor compliance — not merely to avoid prosecution, but to establish the defence if prosecution arises. This anticipatory compliance effect is arguably the most significant practical consequence of the offence, mirroring the experience under the Bribery Act 2010, where the section 7 offence prompted widespread adoption of anti-bribery compliance programmes across the corporate sector, even in the absence of large numbers of prosecutions (Lord, 2013).

The Reasonable Procedures Defence: Safeguard or Loophole?

The reasonable procedures defence is central to the operation of the offence and also to its potential limitations. On the one hand, the defence serves an important function: it ensures that organisations that genuinely invest in fraud prevention are not held strictly liable for the criminal acts of rogue employees or agents. This proportionality safeguard was considered necessary to ensure the offence was compatible with rule of law principles and did not impose disproportionate burdens on legitimate business activity. During the parliamentary debates on the Economic Crime and Corporate Transparency Bill, the government emphasised that the defence struck a fair balance between accountability and commercial practicality (Hansard, HL Deb, 23 March 2023).

On the other hand, the defence raises legitimate concerns. The risk is that the reasonable procedures defence may create a compliance industry — a market in policies, procedures, training programmes, and audit reports — that becomes an end in itself rather than a means to genuinely prevent fraud. This concern has been expressed in relation to the analogous defence under the Bribery Act 2010. Yeoh has argued that the reasonable procedures model may incentivise “paper compliance” rather than substantive cultural change, particularly where the guidance principles are framed at a high level of generality and leave considerable discretion to organisations in how they implement them (Yeoh, 2012). Similarly, Alldridge has warned that the compliance defence risks creating a gap between the formal appearance of prevention and the substantive reality of corporate behaviour (Alldridge, 2015).

The adequacy of the defence will depend significantly on how strictly courts interpret “reasonable procedures.” If courts accept that maintaining documented policies, conducting periodic training, and commissioning external compliance reviews satisfies the defence, then the offence may incentivise form over substance. If, however, courts scrutinise whether the procedures were genuinely implemented, adequately resourced, and effective in practice — examining, for instance, whether reports of suspicious activity were investigated, whether whistleblower mechanisms were functional, and whether senior management took compliance seriously — then the defence will operate as a meaningful standard rather than a formalistic shield. There is, as yet, no judicial authority interpreting the reasonable procedures defence under sections 199 to 209 of ECCTA, given the offence’s recent commencement. The experience under section 7 of the Bribery Act 2010 is instructive but limited: the first contested prosecution under section 7 resulted in conviction in R v Sweett Group plc (Southwark Crown Court, 2016), but that case involved a guilty plea and did not produce a contested judicial analysis of reasonable procedures.

There is a further structural concern. The reasonable procedures defence is available only to organisations that can demonstrate they had procedures in place at the time the fraud was committed. An organisation that is genuinely ignorant of the fraud risk, or that has failed entirely to address it, cannot retrospectively establish the defence. This has the practical effect of incentivising proactive compliance, but it also means that the defence is most readily available to well-resourced organisations with existing compliance infrastructure — precisely the organisations that are least likely to need the external pressure of criminal liability to maintain basic governance standards. Smaller large organisations — those that only marginally exceed the statutory thresholds — may find themselves disproportionately exposed.

Relationship with the Reformed Identification Doctrine Under Section 196 ECCTA

The failure to prevent fraud offence does not operate in isolation. Section 196 of ECCTA 2023 also reforms the identification doctrine itself by providing that, for the purposes of certain economic crime offences, the conduct and state of mind of a “senior manager” of a body corporate can be attributed to the organisation. A senior manager is defined as a person who plays a significant role in the making of decisions about how the whole or a substantial part of the activities of the body corporate are to be managed or organised, or the actual managing or organising of the whole or a substantial part of those activities (section 196(4) ECCTA 2023). This broadens the identification doctrine from the narrow “directing mind and will” formulation in Nattrass to encompass a wider class of senior personnel.

The relationship between the two reforms is important for assessing whether the failure to prevent offence represents a “real shift.” The reformed identification doctrine addresses the attribution problem: it makes it easier to fix a company with criminal liability where a senior manager is personally complicit in the offence. The failure to prevent offence addresses the organisational culpability problem: it imposes liability even where no specific senior manager is complicit, provided an associated person committed fraud and the organisation lacked adequate prevention procedures.

Together, the two reforms significantly expand the scope of corporate criminal liability for economic crime. However, it is the failure to prevent offence that represents the more radical departure from prior law, because it does not depend on identifying any individual within the organisation who possesses the requisite mens rea for the substantive fraud offence. The organisation’s fault lies in its systemic failure to prevent fraud, not in any individual’s decision to commit it. This represents a conceptual shift from derivative liability — liability derived from the actions of an identified individual — to organisational liability based on the entity’s own governance failures. Whether one regards this as a genuine advance in corporate accountability or as an objectionable departure from the principle that criminal liability should require individual culpability depends, in part, on one’s view of the proper basis for corporate criminal law. Horder has argued that organisational fault is a legitimate and coherent basis for corporate criminal liability, provided the offence is properly confined and the defence of reasonable procedures is meaningfully applied (Horder, 2023). By contrast, commentators in the classical tradition have expressed concern that failure to prevent offences dilute the fault requirement and risk over-criminalisation (Simester et al., 2019).

Comparative Lessons from the Bribery Act 2010 Model

The failure to prevent fraud offence draws explicitly on the model established by section 7 of the Bribery Act 2010. Examining the experience under section 7 is therefore instructive in assessing whether the fraud offence is likely to deliver a “real shift” in practice.

Section 7 of the Bribery Act 2010 provides that a commercial organisation is guilty of an offence if a person associated with the organisation bribes another person intending to obtain or retain business or a business advantage for the organisation, unless the organisation can prove that it had adequate procedures in place to prevent such conduct. The offence was widely regarded as transformative when enacted. It prompted significant investment in anti-bribery compliance programmes across UK corporations and multinational enterprises, and the Ministry of Justice guidance on adequate procedures (published in 2011) became a benchmark for corporate compliance frameworks.

However, the enforcement record under section 7 has been modest. As of the time of writing, the number of prosecutions under section 7 remains small, and the Serious Fraud Office (SFO) has often preferred to use deferred prosecution agreements (DPAs) under the Crime and Courts Act 2013 as an alternative to full prosecution. The first DPA under the new framework, approved in SFO v Standard Bank Plc [2015] (Southwark Crown Court), concerned a section 7 offence and resulted in a financial penalty and compliance undertakings rather than a contested trial. Subsequent DPAs, including those involving Rolls-Royce (SFO v Rolls-Royce Plc [2017], Southwark Crown Court) and Airbus (SFO v Airbus SE [2020], Southwark Crown Court), demonstrated that the failure to prevent model could produce significant financial consequences for corporations, but the absence of contested trials means that judicial scrutiny of the “adequate procedures” defence remains limited.

The Bribery Act experience suggests two conclusions relevant to the fraud offence. First, the compliance incentive effect is real: the existence of a failure to prevent offence, even if rarely prosecuted to conviction, can drive substantial changes in corporate behaviour. The widespread adoption of anti-bribery compliance programmes following the Bribery Act 2010 is well-documented (Monteith, 2016). There is reason to expect a similar effect in relation to fraud prevention, particularly given the statutory guidance under section 205 of ECCTA. Second, the enforcement effect depends heavily on the resources and priorities of prosecuting authorities. If the SFO and Crown Prosecution Service lack the resources or institutional will to bring prosecutions or negotiate DPAs under the failure to prevent fraud offence, then the offence may remain largely symbolic. The SFO’s budget constraints and fluctuating political support have been the subject of persistent concern (Grieve, 2018). The risk is that the offence creates a formal legal framework without the institutional infrastructure to make it effective.

The Limitation to Large Organisations: A Necessary Constraint or an Unjustifiable Gap?

One of the most significant limitations of the failure to prevent fraud offence is its restriction to “large organisations” meeting the statutory thresholds. This restriction was a deliberate policy choice. During the passage of the Economic Crime and Corporate Transparency Bill, the government argued that applying the offence to all organisations would impose disproportionate compliance burdens on small and medium-sized enterprises (SMEs), which lack the resources to implement the kind of fraud prevention frameworks envisaged by the statutory guidance (Home Office, Factsheet: Failure to Prevent Fraud, 2023).

This justification has some force. SMEs may genuinely struggle to bear the costs of formal risk assessments, compliance officers, external audits, and training programmes. Imposing criminal liability on SMEs for failing to maintain such systems could be seen as disproportionate, particularly where the organisation’s structure is sufficiently simple that the identification doctrine may already provide an adequate route to corporate liability. In a small company where the directors are closely involved in operations, the gap between individual and corporate liability that the failure to prevent offence is designed to address may not exist.

Nevertheless, the restriction is open to criticism. Fraud is not confined to large organisations. SMEs can be vehicles for serious fraud, and the restriction creates an asymmetry in the law: a large organisation that fails to prevent fraud faces a specific criminal offence, while a smaller organisation engaged in identical systemic failures does not. Raphael has argued that the size threshold creates an unprincipled distinction and that the offence should apply to all organisations, with the reasonable procedures defence calibrated to the size and resources of the entity in question (Raphael, 2023). The statutory guidance already contemplates that what counts as “reasonable” procedures will depend on the nature, scale, and complexity of the organisation’s activities. If proportionality is built into the defence, the argument for a blanket exclusion of smaller organisations is weakened.

Moreover, the size thresholds create boundary effects. An organisation that falls just below the thresholds escapes the offence entirely, while one that narrowly exceeds them is subject to the full force of the criminal law. This arbitrariness is a familiar problem with threshold-based regulation, but it is particularly acute where the consequence is criminal liability. The government has indicated that the thresholds may be reviewed, but as enacted, the restriction limits the scope of the “real shift” that the offence can deliver.

The Risk of Symbolic Legislation Without Adequate Enforcement

A recurrent theme in the literature on corporate criminal liability is the gap between the law on the books and the law in action. The failure to prevent fraud offence will mark a real shift in corporate accountability only if it is accompanied by credible enforcement. There are grounds for cautious optimism: the SFO retains expertise in complex economic crime, the offence provides a clearer route to prosecution than the identification doctrine, and the availability of DPAs provides a flexible enforcement tool. However, there are also grounds for scepticism. The SFO has faced criticism for inconsistent case selection, resource constraints, and high-profile failures, including the collapse of the prosecution in R v Barclays PLC and difficulties in other major fraud cases. The Crown Prosecution Service, which handles most fraud prosecutions, has also faced budget pressures and may lack the specialist capacity to pursue failure to prevent cases against well-resourced corporate defendants.

Furthermore, the offence’s effectiveness will depend on the quality of the statutory guidance and the willingness of courts to scrutinise corporate compliance frameworks critically. If reasonable procedures are interpreted generously — if, for instance, the existence of a written anti-fraud policy is treated as sufficient without examination of its implementation — then the defence will function as a safe harbour rather than a meaningful standard of corporate governance. The development of judicial norms in this area will be critical, but it will take time, and the pace of development will depend on the volume of prosecutions and the willingness of defendants to contest the reasonable procedures defence at trial rather than seeking a DPA.

Campbell has argued that the real test of a failure to prevent offence is whether it changes corporate behaviour independently of enforcement — whether the mere existence of the offence and the associated guidance creates sufficient reputational and legal risk to incentivise genuine compliance (Campbell, 2022). On this view, the offence may achieve its purposes even if prosecutions remain rare, provided the compliance culture it promotes is substantive rather than superficial. There is some empirical support for this view in the Bribery Act context, where compliance investment increased substantially after 2010 despite low prosecution rates. However, the risk remains that without periodic enforcement, the deterrent effect will erode over time, and the compliance industry will become routinised and formulaic.

Broader Implications for the Landscape of Corporate Accountability

The failure to prevent fraud offence should also be assessed in the broader context of evolving corporate accountability mechanisms. English law has historically relied on a combination of criminal liability, civil liability, regulatory sanctions, and market discipline to hold corporations accountable. The ECCTA reforms sit alongside other significant developments, including the Senior Managers and Certification Regime (SM&CR) in financial services, which imposes individual accountability obligations on senior persons within regulated firms, and the increasing use of DPAs as a tool for resolving corporate criminal cases.

The failure to prevent fraud offence adds a distinct layer to this framework. Unlike the SM&CR, which targets individuals, the failure to prevent offence targets the organisation itself. Unlike the civil law of fraud, which provides compensation to victims, the criminal offence carries the stigma and sanctions of the criminal law, including unlimited fines. Unlike the identification doctrine, it does not require proof that any specific senior individual was personally culpable. The offence therefore fills a specific gap in the accountability landscape — but it also raises questions about the coherence of the overall framework. If a corporation is prosecuted under the failure to prevent offence, and individual senior managers are simultaneously subject to prosecution under the reformed identification doctrine or regulatory action under the SM&CR, the interaction between these overlapping mechanisms may create complexity, inconsistency, and the risk of disproportionate outcomes.

There is also a broader normative question. The failure to prevent model assumes that criminal liability is an appropriate response to organisational governance failures. Not all scholars accept this premise. Ashworth and Zedner have argued that the expansion of criminal liability to encompass failures of prevention risks blurring the distinction between criminal law and regulation, and that regulatory sanctions may be a more proportionate and effective response to corporate governance failures (Ashworth and Zedner, 2014). If the real objective is to improve corporate compliance with fraud prevention standards, it is not self-evident that the criminal law — with its high evidential thresholds, slow processes, and severe stigmatic consequences — is the optimal instrument. Regulatory enforcement, with its greater flexibility, speed, and expertise, may be better suited to the task in many cases.

However, this objection, while legitimate, ultimately underestimates the expressive and deterrent function of criminal liability. The criminal law communicates a message about the seriousness of the conduct that regulatory sanctions alone cannot replicate. The stigma of a criminal conviction — for the organisation and its reputation — creates incentives that financial penalties imposed through regulatory proceedings may not. As Levi has argued, the symbolic and practical dimensions of corporate criminal liability are complementary: the threat of criminal prosecution focuses corporate attention on compliance in a way that regulatory fines, which may be absorbed as a cost of doing business, do not (Levi, 2017).

Conclusion

The failure to prevent fraud offence under sections 199 to 209 of the Economic Crime and Corporate Transparency Act 2023 does mark a real shift in corporate accountability, but the shift is structural and conditional rather than absolute. Structurally, the offence overcomes the most significant limitation of the identification doctrine by imposing liability on large organisations for systemic failures to prevent fraud, without requiring proof that any individual directing mind authorised or committed the offence. It reverses the effective burden of proof, creates a positive obligation to maintain prevention procedures, and generates compliance incentives that extend well beyond the courtroom. In these respects, it represents a genuine advance in the legal framework for corporate criminal liability.

However, the shift is conditioned by significant constraints. The restriction to large organisations limits the offence’s reach and creates unprincipled boundary effects. The reasonable procedures defence, while necessary to ensure proportionality, carries the risk of incentivising formal, paper-based compliance rather than substantive cultural reform. The enforcement landscape remains uncertain: without adequate prosecutorial resources and judicial willingness to scrutinise compliance frameworks critically, the offence may deliver less accountability in practice than it promises in principle. The comparative experience of the Bribery Act 2010 model suggests that failure to prevent offences can drive significant changes in corporate behaviour even with low prosecution rates, but also that the deterrent effect may attenuate without periodic enforcement.

The strongest reason for regarding the offence as a real shift is that it reconfigures the legal relationship between large organisations and the criminal law. Before ECCTA, a large corporation could commit fraud through the aggregate failures of its systems and culture while remaining effectively immune from criminal liability because no single directing mind was identifiable as the perpetrator. After ECCTA, that corporation faces a specific criminal offence for its failure to maintain adequate governance. This is a meaningful change in the architecture of corporate accountability. Whether it delivers transformative results will depend on the institutional actors — prosecutors, courts, and corporations themselves — who must give the statutory framework practical effect. The legislation has created the mechanism; the real shift will be confirmed or denied by how that mechanism is used.

References

• Alldridge, P. (2015) Money Laundering Law: Forfeiture, Confiscation, Civil Recovery, Criminal Laundering and Taxation of the Proceeds of Crime. Oxford: Hart Publishing.
• Ashworth, A. and Zedner, L. (2014) Preventive Justice. Oxford: Oxford University Press.
• Campbell, L. (2022) ‘Corporate liability and the criminalisation of failure to prevent economic crime.’ Criminal Law Review, (3), pp. 195–214.
• Economic Crime and Corporate Transparency Act 2023, c. 56.
• Bribery Act 2010, c. 23.
• Crime and Courts Act 2013, c. 22.
• Fraud Act 2006, c. 35.
• Gobert, J. and Punch, M. (2003) Rethinking Corporate Crime. London: Butterworths.
• Grieve, D. (2018) ‘The future of the Serious Fraud Office.’ Criminal Law Review, (7), pp. 525–540.
• Home Office (2023) Factsheet: Failure to Prevent Fraud Offence. London: Home Office.
• Horder, J. (2023) ‘Corporate fault and the Economic Crime and Corporate Transparency Act.’ Law Quarterly Review, 139, pp. 583–605.
• Law Commission (2010) Criminal Liability in Regulatory Contexts (Law Com No 195). London: HMSO.
• Levi, M. (2017) ‘Organised crime and the governance of security.’ In: Liebling, A., Maruna, S. and McAra, L. (eds.) The Oxford Handbook of Criminology. 6th edn. Oxford: Oxford University Press.
• Lord, N. (2013) ‘Responding to transnational corporate bribery using international frameworks for enforcement.’ Criminology & Criminal Justice, 14(1), pp. 100–120.
• Ministry of Justice (2011) The Bribery Act 2010: Guidance about Procedures which Relevant Commercial Organisations Can Put into Place to Prevent Persons Associated with Them from Bribing. London: Ministry of Justice.
• Monteith, C. (2016) ‘The Bribery Act 2010: An empirical assessment of compliance.’ Journal of Financial Crime, 23(2), pp. 484–499.
• R v Barclays PLC [2018] EWCA Crim 40.
• Raphael, M. (2023) ‘Failure to prevent fraud: scope, limitations and the case for extension.’ Criminal Law Review, (10), pp. 841–858.
• SFO v Rolls-Royce Plc [2017] (Southwark Crown Court, DPA approved by Sir Brian Leveson P).
• SFO v Standard Bank Plc [2015] (Southwark Crown Court, DPA approved by Sir Brian Leveson P).
• Simester, A.P., Spencer, J.R., Stark, F., Sullivan, G.R. and Virgo, G. (2019) Simester and Sullivan’s Criminal Law: Theory and Doctrine. 7th edn. Oxford: Hart Publishing.
• Sullivan, G.R. (2020) ‘Corporate criminal liability: the case for organisational fault.’ In: Child, J. and Duff, R.A. (eds.) Criminal Law Reform Now. Oxford: Hart Publishing.
• Tesco Supermarkets Ltd v Nattrass [1972] AC 153 (HL).
• Wells, C. (2001) Corporations and Criminal Responsibility. 2nd edn. Oxford: Oxford University Press.
• Yeoh, P. (2012) ‘The UK Bribery Act 2010: contents and implications.’ Journal of Financial Crime, 19(1), pp. 37–53.