The New Anti-Fraud Law with Big Implications for Education Providers

New legislation under the Economic Crime and Corporate Transparency Act 2023 (ECCTA) has raised the bar in terms of how education providers are expected to manage fraud risk. In addition, under the ECCTA, senior managers and governors could face liability – making proactive prevention more vital than ever.

The ECCTA introduces new legal responsibilities aimed at improving corporate accountability and fraud prevention in the UK. While originally designed with corporate entities in mind, it has important implications for education providers, including schools that are incorporated bodies (such as academies which are set up as charitable companies limited by guarantee), further education colleges, higher education institutions, and independent training providers.

Managing fraud risks is nothing new for education providers. However, the ECCTA creates a new layer of obligations and risks which education providers will need to feed into their processes.

Key changes

‘Senior management’ offence (“SM offence”)

Education providers could face criminal liability if a senior manager (such as a principal, finance director or senior leadership team member) commits a specified economic offence (such as false accounting or fraud) whilst acting with the authority of the education provider. If this occurs, the education provider itself could be found guilty of the same offence.

This SM offence applies to all education providers and there is no defence available, meaning all providers need to be alive to this risk.

There have been a number of matters before the Teaching Regulation Agency in the past, for example where senior members of the leadership team have been prohibited from teaching due to fraud.  If such fraud had been undertaken since the ECCTA came into force, there is a real chance that the incorporated body could have faced liability too.

‘Failure to prevent fraud’ offence (“FTPF offence”)

The FTPF offence came into force on 1 September 2025.

Under this provision, education providers that meet the definition of a ‘large organisation’ may also be held criminally liable, and receive an unlimited fine, if someone associated with the education provider (such as staff, governors, trustees, contractors, or agents) commits fraud with the intention of benefitting the provider, even if the education provider was unaware of this.

An education provider is considered ‘large’ if it meets two of the following three criteria:

• It has more than 250 employees.
• Its turnover exceeds £36 million.
• It has assets greater than £18 million.

If an education provider is part of a larger group (for example a multi-academy trust), note that these thresholds apply to the group as a whole.

Furthermore, even if an education provider is not classified as ‘large’, the Home Office and the Department of Education (DfE) recommend that all education providers adopt good practice in fraud prevention.

Unlike the SM offence, there is a defence to the FTPF offence where the education provider can demonstrate that it was or was intended to be a victim of fraud, it had reasonable fraud prevention measures in place, or it was not reasonable to expect such prevention procedures to be in place.

How can education providers prevent fraud?

Recommended fraud prevention procedures include:

• Risk assessments: Undertake and regularly review risk assessments. Identify areas of vulnerability, such as procurement, payroll, student funding and sub-contracting arrangements.
• Due diligence: Have proportionate and risk-based due diligence procedures in place to vet third-party providers, agents and contractors (especially those involved in financial transactions or student recruitment).
• Policies and training: Ensure anti-fraud and whistleblowing policies are up-to-date and clearly communicated, and that staff receive regular training.
• Contracting: Make sure that relevant contracts contain clauses to protect the education provider as far as possible. For example, there have been high profile examples of fraud committed by subcontractors to colleges so subcontracts should put obligations on subcontractors in this regard.
• Culture: Ensure staff are comfortable to speak up about concerns and that reporting channels are clear and accessible.
• Governance and oversight: Ensure senior managers understand their responsibilities and that oversight mechanisms are in place.

The DfE has issued sector-specific guidance on fraud prevention which outlines common risks and provides useful templates. Education providers should review this guidance in detail.

Education providers are encouraged to develop a fraud response plan, using the DfE’s fraud indicators checklist, and align with cyber security standards to prevent digital fraud.

We’re here to help

The ECCTA marks a significant shift toward greater transparency and accountability and raises the bar in terms of how education providers are expected to manage fraud risk.

Whether or not an education provider is a ‘large’ organisation under the ECCTA, adopting recommended procedures is a proactive step toward safeguarding its reputation and finances and protecting against possible criminal liability.

Now is the time to review policies and staff training, update internal processes, and seek professional support where necessary to ensure you meet the evolving regulatory requirements. If you need any support in this regard, speak to our expert education team.