The regime ' s reach extends far beyond the UK, applying worldwide to " large organisations” where the underlying fraud has a UK nexus. For Turkish companies with UK customers, suppliers, group entities, or other commercial connections, the message is clear: check your fraud risk management as it might find itself subject to UK legal scrutiny.
Understanding the Mechanics On paper the offence operates simply: an associated person commits fraud intending to benefit the organisation, and reasonable prevention procedures are lacking. No board knowledge( or indeed knowledge of anyone in the organisation) is required.
" Large organisations " are those meeting two of three thresholds: more than 250 employees, more than £ 36 million turnover, or more than £ 18 million total assets. These thresholds apply group-wide, regardless of where the parent company is incorporated. A UK nexus suffices to establish jurisdiction: where any part of the fraudulent conduct occurs in the UK, or where the intended gain or loss materialises within the UK, overseas organisations may face prosecution.
In practice, the position is more nuanced, and determining applicability requires detailed examination of individual circumstances. Whether to adopt a compliance management framework only for business units clearly within scope of the offence, or to implement fraud prevention measures globally, is ultimately a matter of risk appetite and efficiency.
The critical distinction lies between services provided " to " versus those performed " for " the organisation.
The Associated Person Web Employees, agents and subsidiaries automatically qualify as " associated persons," as does anyone performing services " for or on behalf of " the organisation while acting in that capacity. This captures distributors, sales agents, joint venture partners, and outsourced service providers.
The critical distinction lies between services provided " to " versus those performed " for " the organisation. External lawyers, auditors and valuers providing professional advice typically fall outside this definition, whereas a third-party logistics provider handling customs declarations or a commission agent selling on the organisation ' s behalf would be firmly within scope.
For Turkish exporters working with UK-based distributors, or UK groups with Turkish manufacturing subsidiaries, this gives rise to a dense web of potential liability – where the requisite UK nexus exists. A fraudulent customs declaration in Istanbul, a misstatement to UK tax authorities, or inflated invoicing by a Turkish agent can all trigger criminal exposure for the organisation, wherever it is headquartered.
Intending to Benefit: A Low Bar The " intent to benefit " test is deliberately broad. Benefit need not materialise; intention at the time suffices. Mixed motives count: a salesperson mis-selling products to earn commission triggers liability if increased company revenue is a foreseeable consequence, even where personal enrichment was the dominant motive. Indirect business advantages competitive edge, customer retention – may also qualify. Conversely though, the organisation cannot argue that it was the victim of the fraud simply because it suffered financial loss and reputational harm as a result of the ensuing criminal investigation and negative publicity.
The Defence: Reasonable Fraud Prevention Procedures The only defence is proving, on the balance of probabilities, that the organisation had reasonable fraud prevention procedures – or that it was unreasonable to expect any procedures in the circumstances.
Many compliance departments will find this " inside-out " focus on internal fraudulent conduct a departure from traditional practice. Historically, compliance efforts have concentrated on preventing corruption, competition law violations, money laundering, and data protection breaches, while fraud has typically been viewed as an " outside-in " risk – an external threat to the organisation requiring only general employee adherence to legal standards. Companies subject to the FTPF offence must now implement measures specifically targeting " inside-out " fraud prevention.
Whether an organisation’ s procedures were“ reasonable” will be a matter for the UK authorities, and ultimately the UK courts, to decide on a case-by-case basis, guided by six Home Office principles:
9