Economic Crime & Compliance

ECCTA Failure to Prevent Fraud — Advisory & Compliance Support

The failure to prevent fraud duty under ECCTA Part 4 came into force on 1 September 2025. If your organisation has not yet completed a gap analysis or assessed the adequacy of your fraud prevention procedures, that work is overdue.

Action required. The duty applies to large organisations meeting two of three Companies Act size thresholds, and to all UK subsidiaries of large groups. If your organisation falls within scope and has not yet assessed the adequacy of its fraud prevention procedures, your board is carrying unaddressed risk.

What the duty requires

The core question the failure to prevent fraud duty asks is whether your organisation has reasonable procedures in place to prevent fraud being committed for its benefit. The Home Office guidance sets out six principles, but it does not prescribe what reasonable looks like for your firm.

That is a judgement your board will need to make — and support with evidence. Without a documented assessment, your organisation cannot rely on the reasonable procedures defence if a prosecution arises.

Where most firms are right now

Based on our conversations across the sector, most firms have acknowledged the duty but fall into one of four positions:

The board has been briefed but no gap analysis has been commissioned
The compliance team has mapped the guidance but is uncertain how to assess control adequacy
Initial work has been completed internally but requires independent validation before board presentation
Internal audit is planning to cover ECCTA but needs external SME input to do so credibly

All four positions are addressable. The starting point is understanding where your organisation stands today.

Our experience in this area

Our work in this space draws on direct experience of financial crime audit and advisory in UK financial services, including firms that have been through FCA enforcement, Consent Orders, and s166 skilled person reviews. We understand how regulators assess the adequacy of financial crime frameworks, and we apply that lens to ECCTA advisory work.

We are not a law firm. We do not provide legal advice on the application of the duty to your specific circumstances — your legal advisers should cover that ground. What we provide is practical, operationally grounded advisory: the kind that helps you actually build the procedures and evidence the board needs, rather than produce a report that sits in a drawer.

How we can help

Practical support across the full ECCTA lifecycle

We help firms from initial assessment through to independent validation and board reporting.

Gap analysis & risk assessment

We work through your business model, existing fraud risk framework, and current controls against the six Home Office principles. The output is a clear, board-ready assessment — not a generic template.

Procedures adequacy review

If you have already developed fraud prevention procedures, we can review them for adequacy against the guidance and against what regulators and prosecutors are likely to consider reasonable for a firm of your type and size.

Audit support & assurance

For internal audit functions planning to cover ECCTA in their audit plan, we provide subject matter expertise to support scoping, fieldwork, and reporting — drawing on direct financial crime audit experience.

Board & senior management briefing

We support firms in preparing clear, accurate board briefings on the duty. Boards have personal accountability for the adequacy of procedures. They need to understand the substance, not just the headline.

Who this serves

Firms that fall within scope

This service is primarily relevant to:

Large UK companies and LLPs meeting the Companies Act size thresholds
UK subsidiaries of large overseas groups
Financial services firms with existing financial crime frameworks that need to be assessed against the ECCTA duty
Internal audit teams that need SME support to deliver credible ECCTA audit coverage

If you are a smaller firm below the size thresholds, the duty does not apply directly — but demonstrating reasonable fraud prevention procedures remains good governance and is increasingly expected by counterparties and investors.

Related services

Advisory

Risk & Regulatory Advisory

ECCTA sits within a broader financial crime and regulatory risk framework. For firms also dealing with AML concerns or FCA findings.

Assurance

Internal Audit Consulting

If your internal audit function needs to build ECCTA into its annual plan and lacks subject matter expertise in-house.

Get in touch

Ready to understand where your firm stands?

The most common thing we hear from firms on ECCTA is that they know they need to act but are not sure where to start. A short initial conversation — thirty minutes, no charge — is usually enough to establish what you need and whether we are the right people to help.

Email us directly → Read our ECCTA insights