Preparing for the Failure to Prevent Fraud Offence: Using Public Records to Show You Took Reasonable Steps

The UK’s new Failure to Prevent Fraud offence means that if your employee or associate commits fraud that benefits your organisation, and you didn’t have reasonable prevention procedures in place, your company is liable.

For many organisations, especially in finance, retail, insurance, and legal services, this represents a serious shift. It’s no longer enough to respond to fraud. You need to prove you took reasonable steps to prevent it.

At Public Insights, we’ve started working closely with investigative, compliance, and risk teams across sectors that are starting to take action in advance of this new legislation, which comes into force on 1st September 2025. In this blog, we break down what’s changing and how public records and OSINT can help.

What the Offence Means in Practice

The offence applies when:

• An employee or associated person commits fraud,
• That fraud benefits the organisation, and
• The organisation lacks reasonable procedures to prevent it.

If convicted, the company can face unlimited fines, reputational damage, and long-term business disruption.

The legislation doesn’t define a strict set of prevention procedures. Instead, it offers six guiding principles for what’s considered “reasonable.” That flexibility is useful but also a risk if you’re unsure whether you’re doing enough to avoid culpability.

The Six Principles, Explained Simply

To avoid liability, companies need to show they had reasonable procedures in place. These should reflect six principles:

1. Proportionality – Tailored to your organisation’s size, sector, and risk profile.
2. Top-Level Commitment – Leadership visibly supporting anti-fraud policies.
3. Risk Assessment – Regular, documented fraud risk reviews.
4. Due Diligence – Vetting staff, partners, and suppliers.
5. Communication & Training – Ensuring staff understand fraud risks and how to report them.
6. Monitoring & Review – Reviewing and adapting controls over time.

Why External Checks Matter

Many internal frauds have external signals. Employees committing fraud often:

• Register businesses using their home address
• Become directors of companies related to procurement or billing
• Fail to declare income from rental properties or other work

All of these leave footprints in public records, but most organisations don’t check them.

Additionally, not all frauds are this straightforward. Individuals often try to conceal their involvement. You might see:

• Businesses registered under a spouse or family member’s name
• Related parties acting as directors of shell companies
• Frequent changes to directorships or company addresses
• Multiple properties tied to the same name or network, suggesting undisclosed income or interests

These patterns are harder to spot, but they can be discovered by linking public records.

Regardless of the level of complexity, that’s where open-source intelligence (OSINT) and tools like Cradle come in.

Where OSINT and Public Records Fit In

Public record checks aren’t about reviewing every employee every month. That would be resource-intensive if done manually. Instead, they’re most effective at key moments.

1. Before Access is Granted

• During pre-employment checks
• When onboarding suppliers or contractors
• Before staff move into higher-risk roles

At these points, public data can reveal red flags like:

• Undisclosed directorships or business ownership
• Links to suppliers or conflicts of interest
• Rental properties or income sources that weren’t declared

2. When Red Flags Arise

Trigger targeted checks when issues such as these surface:

• Whistleblower reports
• Expense or procurement irregularities
• Sudden unexplained wealth or lifestyle changes

Instead of launching a full audit, OSINT tools allow investigative or security teams to quickly trace connections between people, properties, and businesses, helping confirm suspicions or eliminate concerns efficiently.

How Cradle Helps Build a Defensible Framework

Cradle brings together multiple UK public record sources in one search, including:

• Company directorships and ownership roles
• Planning permission and HMO rental records that may indicate undeclared properties
• Insolvency filings that point to financial distress
• Electoral roll to verify residence 

You can search a person’s name to identify connected addresses, companies, and risk factors, data that typically sits in silos across 1,500+ local and national sources.

This data helps you:

• Spot red flags early in onboarding and supplier due diligence
• Corroborate whistleblower reports or suspicious activity
• Demonstrate robust prevention procedures when fraud occurs

Free Checklist: Are You Ready?

To help organisations prepare, we’ve created a Fraud Prevention Readiness Checklist, a one-pager covering each of the six principles with simple yes/no questions.

📝 Download the checklist now

You can use it to:

• Assess your current prevention framework
• Identify gaps in your procedures
• Strengthen your compliance position before the offence takes effect

Looking Ahead

The Failure to Prevent Fraud offence doesn’t expect perfection. It expects effort. By taking proportionate, documented steps, and integrating external data into your risk checks, you can build a framework that prevents fraud and protects your organisation.

If you’re building or refreshing your fraud prevention strategy, we’d love to help.