What counts as reasonable fraud prevention procedures?
The Home Office guidance frames reasonable fraud-prevention procedures around six principles: top-level commitment; risk assessment; proportionate risk-based prevention procedures; due diligence; communication and training; and monitoring and review. The guidance is principles-based, so what is reasonable is fact-specific.
Not sure this applies to you? The offence targets large organisations that meet the size test — check whether you are in scope.
In short
- Six principles: top-level commitment; risk assessment; proportionate procedures; due diligence; communication and training; monitoring and review
- Principles-based — reasonableness is fact-specific, decided by the courts
- The burden is on the body, on the balance of probabilities
The six principles are a frame, not a checklist. Whether procedures were reasonable in all the circumstances is a fact-specific assessment that only the courts can determine, and the burden is on the organisation on the balance of probabilities.
Practically, the principles map to evidence you can organise: the risk assessment, the procedures themselves, due-diligence and attestation records, training and communication logs, and monitoring and board-oversight records. DefenceFile structures that evidence for human and adviser review.
The sample board pack — a one-page view of where evidence is complete and what is missing — opens in your browser, no email, no form.
Official sources
- Home Office failure-to-prevent-fraud guidance v1.5
Updated 2025-10-10; accessed 2026-06-15.
- SFO compliance-programme evaluation guidance
Published 2025-11-26; accessed 2026-06-15.
Keep reading
DefenceFile organises evidence for legal and compliance review. It does not provide legal advice, create privilege, certify scope, certify reasonable procedures, or guarantee that a statutory defence will succeed.