The Economic Crime Survey 2024: A wake-up call for corporate Britain

The UK government's Economic Crime Survey 2024 offers the most comprehensive picture yet of how UK businesses are targeted by, and respond to, fraud, corruption, money laundering and sanctions breaches. Its findings are stark: almost a third of companies surveyed had fallen victim to fraud in the previous twelve months. Yet fewer than one in three of those incidents were reported to anyone, and only 15% of affected businesses believed they were at material risk of fraud in the first place.

For compliance leaders, the survey provides a detailed snapshot of how businesses experience economic crime not as perpetrators, but as victims – and how persistent gaps in perception, reporting and understanding continue to weaken deterrence. It also highlights that the same weaknesses which expose companies to external fraud can, in different circumstances, enable internal misconduct – an increasingly important consideration under the new Failure to Prevent Fraud offence.

Fraud remains pervasive – and under-recognised 

According to the survey, 27% of UK businesses experienced at least one incident of fraud in the past year. Of these, around 40% were cyber-facilitated, most commonly through phishing or other forms of social engineering. Invoice and payment diversion frauds were particularly prevalent, affecting roughly one in ten fraud victims.

The findings mirror a broader shift in how fraud manifests. What once appeared opportunistic now often reflects organised, targeted activity exploiting digital systems and dispersed workforces. Digital payment channels, remote working and automated procurement processes all widen the surface area for attack. Yet despite this scale, only a small proportion of businesses perceive themselves as vulnerable: just 15% of victims considered their organisation at risk of fraud, suggesting that exposure often goes unrecognised until after the event. Encouragingly, some lessons are being learned – around a third of affected businesses reported tightening internal processes after their most recent incident.

This disconnect is not for lack of attention to controls. Around 93% of medium and large businesses report having some form of fraud prevention or risk management framework in place. Yet the value of that figure is debatable: a single policy, such as a code of conduct or an insurance clause, is enough to qualify. Perhaps more striking is that 7% of larger businesses still have no formal measures at all. Sectors such as agriculture, food and hospitality, construction, transport and storage, and retail and wholesale were less likely to have fraud prevention measures in place – where day-to-day commercial pressures and fragmented oversight can make consistent fraud prevention harder to achieve.

The perception gap – confidence without consequence

The survey's most striking finding is behavioural rather than statistical. Only around a third of businesses (32%) that experienced fraud reported it externally – and most turned to external partners rather than law enforcement. Banks and building societies accounted for 41% of reports, while smaller shares went to credit card companies (5%) or insurers (3%).

Just one in five of those who reported (21%) contacted police or other enforcement bodies – roughly 6% of all fraud victims. Mentions of specific agencies were minimal: the Serious Fraud Office (2%), the National Crime Agency (2%), and HMRC's Fraud Hotline (1%). Reporting to suppliers (11%) was more common than reporting to any enforcement agency, and only 12% of businesses reported to more than one organisation.

Among the 68% who did not report, most said the incident was too minor to justify it, while others doubted it would make any difference. The message is clear: even as companies strengthen controls, few believe external reporting leads to meaningful action.

For compliance leaders, that gap in confidence is critical. Deterrence depends as much on belief in the system as on enforcement capacity. If victims see little value in reporting, under-disclosure becomes the norm. Many still view fraud primarily as an external risk rather than a cultural one. Controls against phishing and invoice scams are widespread, but fewer firms test internal vulnerabilities or embed consistent messaging from the top.

Bribery and corruption: rare, but misunderstood 

By contrast, the survey records far lower incidence of bribery and corruption – roughly one-tenth the rate of fraud. Reported cases were concentrated in construction, utilities, production, transport and storage, echoing sectors long associated with procurement-driven risk.

Beyond the headline figures, the study exposes a deeper problem of definition and understanding. Many businesses struggled to draw clear lines between corruption, other forms of economic crime, and even lawful commercial practice. Interviewees often described activities such as VAT fraud, accepting deposits ahead of insolvency, or facilitating money laundering as “corruption” – although none fall within the UK government's definition.

Equally, some respondents equated corruption with conduct they regarded as unethical rather than illegal, such as aggressive subscription pricing, excessive retail promotion fees or informal referral payments.

These findings point to a significant awareness gap. Policymakers face the challenge of promoting a clearer and more practical understanding of what constitutes corruption, while businesses must ensure staff can recognise and escalate it when they see it. Without that shared baseline, the risk is that genuine misconduct goes unreported while ordinary commercial behaviour is misclassified, diluting both compliance focus and enforcement impact.

For corporates, that finding reinforces the need for clear internal guidance. As enforcement attention refocuses on domestic supply chains and procurement practices, ambiguity in staff understanding can quickly translate into legal exposure.

Money laundering and sanctions: low numbers, high uncertainty 

Incidents of suspected money laundering or sanctions breaches were recorded at far lower levels than fraud, but the authors caution that under-reporting and misunderstanding may distort the picture. Only 2% of businesses said that they had experienced a money-laundering incident in the past 12 months – yet among those, almost six in ten (59%) had faced more than one incident, suggesting that when problems arise, they are rarely isolated. Some respondents appeared unsure as to how to identify or categorise money-laundering activity, suggesting that the true scale may be understated.

Across the business population, the total number of estimated money-laundering incidents (225,000) is strikingly lower than the volume of Suspicious Activity Reports (SARs) filed nationwide. The National Crime Agency's UK Financial Intelligence Unit received 872,048 SARs in 2023/24. The discrepancy likely reflects several factors: multiple SARs may stem from a single event; SARs also capture terrorist-financing suspicions and instances of other crimes, including fraud; and many firms take a “defensive reporting” approach to avoid regulatory risk.

Even so, only around a quarter (27%) of businesses that experienced money-laundering incidents reported them externally. Of these, just over half (52%) reported to police or law-enforcement agencies, and 27% to banks or building societies.

Many businesses cited a lack of feedback after submitting reports, where they would “send off information and hear nothing back.” Others found the SARs process too time-consuming or burdensome, while smaller firms said uncertainty over evidence made them reluctant to report at all. Together, these findings suggest that low reporting rates reflect low confidence in the system rather than low risk. More broadly, the survey shows that anti-money-laundering awareness remains patchy beyond the regulated financial sector. Many corporates are still unsure of their obligations or what amounts to “reasonable suspicion.” With agencies placing growing emphasis on SAR quality, clearer guidance and practical training will be essential for all businesses.

Conclusion 

The Economic Crime Survey 2024 offers a nuanced but troubling snapshot: fraud is widespread, increasingly cyber-enabled and under-reported; bribery risks persist but are unevenly understood; and many businesses remain overconfident in their own defences.

For enforcement authorities, the findings underline that awareness campaigns and new legislation must be matched by credible, visible enforcement. For companies, the timing is significant. While the new Failure to Prevent Fraud offence focuses on misconduct that benefits a company, the Economic Crime Survey 2024 highlights the mirror image – the scale of fraud committed against companies. Together, they show that corporate exposure runs in both directions: as potential perpetrators and as persistent victims.  Yet the same weaknesses in governance and control that leave a business vulnerable to fraud from outside may equally enable wrongdoing from within – and expose it to potential liability under the new offence. Never has there been a better time to act, by ensuring prevention frameworks stop fraud both against the business and for its benefit.

Authored by Claire Lipworth, Liam Naidoo, Olga Tocewicz, Reuben Vandercruyssen and Alex Cumming.