Insurance sector ‘could become vulnerable’ to new fraud rules

The failure to prevent fraud offence (FTPF) that recently became law in the UK could expose the country’s insurance sector and its clients to vulnerabilities and prosecution, if sufficient action is not taken to comply with the statute and prepare for potential legal challenges.

New rules on failing to prevent fraud came into effect in the UK on 1 September 2025 via legislation introduced in The Economic Crime and Corporate Transparency Act 2023 (ECCTA). 

These rules place legal obligations on organisations – including insurers, brokers and their suppliers – to implement robust fraud prevention procedures, with these firms open to prosecution if an employee, agent or supplier commits fraud for their benefit. 

Any UK company is included in these rules if it meets two of three criteria – these are having over 250 employees, more than £36m in annual turnover or exceeding £18m in total assets.

Counter fraud experts that attended the most recent Insurance Times Fraud Charter roundtable – held on 16 September 2025 and sponsored by law firm Carpenters Group – noted that while the legislation has only recently come into force, the Serious Fraud Office (SFO) of the UK government was keen to utilise the new powers. 

Indeed, during the launch of the SFO’s 2025-26 Business Plan in April this year, director Nick Ephgrave gave a speech warning companies to prepare their counter fraud procedures for the deadline. 

Ephgrave added: ”Come September, if [companies] haven’t sorted themselves out, we’re coming after them. I’m very, very keen to prosecute someone for that offence. We can’t sit with the statute book gathering dust – someone needs to feel the bite.” 

Speaking at the Fraud Charter roundtable, Matt Gilham, director at WhiteElk Consulting, noted that the SFO had pushed hard on publicising the FTPF rules and seemed to be preparing action. 

He commented: ”As [the insurance sector], it strikes me that there’s two aspects of this we need to be alert to.

”One is the impact on our clients. I’m super pleased that some insurers have already taken the lead in publicising this to help support their corporate clients – especially under directors’ and officers’ and corporate liablity offences. But if the SFO does pick up the pace, there’s potential for more claims, particularly around what costs are covered and potentially around legal defence.

“Two, however, is that the rules cover the insurance sector itself. Any material insurers will be in scope according to the size criteria and what strikes me about the sector is that we’re one of the industries with the most complex ecosystems of associated persons, both in the acquisition of business and in service to customers and servicing claims.

”The sector has a double interest – both protecting our clients and understanding what this [legislation] might mean for future claims, but also potential risk and impact to ourselves.”

Agents and suppliers

New rules around the FTPF offence mandate that companies covered by the legislation implement “reasonable fraud prevention procedures” organised along six principles – leadership commitment, risk assessment, proportionate procedures, due diligence, communication and training and monitoring and review. 

Companies found guilty of an offence under these rules may face “unlimited fines”, with the SFO or other authorities acting as prosecutor. SMEs below the threshold of the size criteria are exempt from the rules, but subsidiaries of larger organisations may still be covered.  

As a result, it is vital that companies ensure they compliant with rules – while insurers hold a strong interest in ensuring their insureds are properly prepared. 

Gilham added: “In many ways, the reasonable procedures [required] are no more than sound fraud risk management, so should not be new to any financial services company or legal firm.”

However, Mike Brown, head of fraud at Weightmans, added: ”ECCTA is somewhat different to previous corporate offences. We need to take stock of the fact that, unlike the [Bribery Act and Failure to Prevent the Facilitation of Tax Evasion rules], in which the focus was on directors and officers, ECCTA applies to all employees, irrespective of position within that organisation.

”That is a significant risk for insurers, law firms and indeed corporates.”

Additionally, Brown explained that the rules also applied to agents and suppliers acting on a given company’s behalf, which further “heightened the potential risk”.

As a solution, he suggested that organisations add ECCTA-specific training scenarios into existing fraud training for staff.

”Insurers or any of the organisations that fall into scope need to ensure that any suppliers or agents likely to act on their behalf have the relevant controls and processes in place to mitigate the risk,” he said.

”If you don’t, and the agent commits the offence, then you’re also culpable.”

One of the difficulties in addressing the partner and supplier ecosystem for insurers, however, lies in the fact that it is not yet clear which firms do and do not fall under this umbrella. 

Sian Davies, group head of financial crime at Admiral Group, said: ”One of the biggest issues for us has been to through and identify who does fall into our associated persons populations. We’re trying to be very clear over what does fall into that camp because of the potential obligations further down the line in the event of a relevant offence.” 

Gilham echoed this point, noting that he had encountered “unusual examples” of what some firms had identified as falling under their remit. 

He said: “It is difficult to figure out how to strike this balance between very specific training and a framework for reasonable procedures to mitigate the failure to prevent offence, versus being hyperspecific and missing something. 

“Fraud risk management is by no means new and the benchmark should be sound for risk management. But it has to come down to case law and I’m certainly waiting to see what cases come through. 

”It feels like the SFO is waiting for an opportunity and may even have something in the pipeline. The risk for us as an insurance sector is not that [the SFO] would target us specifically, but were there to be a complaint or regulatory issue crop up that raised the spectre of fraud within the extended ecosystem, that’s when we could become vulnerable.”