UK Failure to Prevent Fraud Hits Six-Month Enforcement Mark
The UK's failure to prevent fraud corporate offence under the ECCTA has been in force for six months. The SFO has opened its first investigations under the offence.
What Changed
The UK's "failure to prevent fraud" corporate offence under the Economic Crime and Corporate Transparency Act 2023 has now been in force for six months. The offence holds large organizations criminally liable when an associated person commits fraud intended to benefit the organization, unless the organization can demonstrate it had reasonable fraud prevention procedures in place. Six months in, the Serious Fraud Office has opened its first set of investigations under the new offence. The enforcement era has started.
Who It Affects
UK-incorporated entities and entities operating in the UK that meet two of three thresholds: more than 250 employees, more than £36 million in turnover, or more than £18 million in assets. The defence is "reasonable procedures," which the SFO has signalled will be evaluated against the November 2024 Home Office guidance.
What to Do
Three actions before the next quarter closes. First, document a fraud risk assessment covering customer onboarding, employee misconduct, supply chain integrity, and synthetic identity exposure. Second, demonstrate proportionate procedures, including identity verification, sanctions and PEP screening, and ongoing monitoring at an audit-defensible standard. Third, ensure your board has reviewed and signed off on the fraud prevention framework in the last six months. The SFO will ask. The minutes are your defence.
What is deepidv?
Not everyone loves compliance — but we do. deepidv is the AI-native verification engine and agentic compliance suite built from scratch. No third-party APIs, no legacy stack. We verify users across 211+ countries in under 150 milliseconds.
Learn More