Failure to Prevent Fraud – What You Need to Know About ECCTA in 2025

Last month, “failure to prevent fraud” became a corporate criminal offence as part of the Economic Crime and Corporate Transparency Act 2023. This means that organisations will be held accountable if they profit from fraud committed by their employees or other associated persons, strengthening pre-existing fraud legislation and closing loopholes that have previously seen businesses escape prosecution. If found guilty, a business could face an unlimited fine.

Examples given by the government of situations where the law might be used include dishonest sales activities, hiding information from consumers or investors and deceitful practices involving financial markets.

What does the “failure to prevent fraud” offence mean for Financial Services organisations?

First, let’s look at how we got here and the goals of the legislation –

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) was designed to “tackle economic crime and improve transparency over corporate entities”, following on from the Economic Crime (Transparency and Enforcement) 2022 Act (ECTE) which was more specifically focussed on overseas entities laundering money in the UK.

ECTA is much more wide-ranging, including reforms to how Companies House operates, additional powers to seize criminal crypto assets, changes to the rules around what information businesses share relating to money laundering and the removal of some previous reporting burdens that were deemed unnecessary.

One part of this suite of changes was the introduction of “failure to prevent fraud” as a corporate criminal offence for all ‘large organisations’ – incorporations, subsidiaries, not for profit organisations and public bodies that meet the Companies Act 2006 definition of a large organisation. To fall in scope an organisation must meet any two of the three criteria – having more than 250 employees, more than £36 million in turnover or more than £18 million in total assets. November 2024 saw the publication of full, detailed information on how businesses could prepare, giving them 10 months to make the necessary changes before the new offence came into effect on September 1st of this year.

The guidelines require all those organisations within the category to have “reasonable procedures in place to prevent fraud” and guidance from the Home Office set out six principles that should inform the relevant businesses’ fraud prevention frameworks :

• Top level commitment – The board of directors and senior management need to be leading the way on preventing fraud and building an anti-fraud culture
• Risk assessment – Organisations need to asses the “nature and extent” of their exposure to the risk of employees, agents and associated parties committing fraud, and the risk assessment should be documented and regularly reviewed.
• Proportionate risk-based prevention procedures – Any given organisation’s work to prevent fraud will be different based on their specific risk exposure
• Due diligence – Risk-based due diligence procedures should be applied to anyone who performs or will perform services for the business in order to mitigate fraud risks
• Communication (including training) – Fraud prevention policies and procedures need to be communicated throughout the business, embedded in their culture and understood by staff at all levels, with training on these issues being crucial.
• Monitoring and review – Businesses need to monitor and review their fraud detection and prevention procedures, revising and improving as needed.

They noted that these principles are “intended to be flexible and outcome-focussed, allowing for the huge variety of circumstances that relevant bodies find themselves in”.

What should organisations be focussing on right now?

In Financial Services, there is already a heightened awareness of fraud issues, and many firms will have adapted their previous anti-fraud work – fraud prevention is an FCA priority mentioned in their 2024/2025 report, so these are issues about which the sector is already on alert.

Still, every business needs to conduct thorough gap analysis, assessing and comparing current fraud protocols and controls against the guidance on the new law, identifying where current practices are not aligned or need revision.

From there, firms should be in a good position to map out what they need to do to ensure they are fulfilling the requirements – what exactly that looks like will be to unique to each business. Some may need to fundamentally alter fraud controls to account for fraud risks covered by the new law, others may need to enhance training, ensuring fraud awareness becomes a fundamental part of the company culture.

Whatever an organisation’s specific needs are, subsequent testing will be crucial to be confident that controls are effective and that you are fulfilling all of your commitments under the new rules, as will documenting all activity, both remedial and ongoing.

How can Kind help?

Kind Consultancy works with a number of best-in-field consultants with extensive expertise relating to Fraud, Economic Crime and Regulatory Transformation, some of whom are immediately available for new projects. Whether you’re considering bringing in an expert eye to review work you’ve already done, or you think you might need an interim to substantially redesign and rebuild your anti-fraud framework to be fit for purpose, contact Kind Consultancy via our website or on 0121 643 2100 for a confidential discussion.