Why fraud prevention is no longer just a finance function
On September 1, 2025, the UK’s new corporate criminal offense—Failure to Prevent Fraud—will take effect, ushering in a stricter regulatory framework for corporate accountability.
Introduced as part of the Economic Crime and Corporate Transparency Act (ECCTA), the law is expected to place significant pressure on businesses to formalize and strengthen their fraud prevention procedures.
Modeled on the UK Bribery Act 2010, the law enables prosecution of a company when an employee or agent commits fraud for the organization’s benefit.
Liability can only be avoided if the company can demonstrate that it had reasonable fraud prevention procedures in place at the time.
The regulatory update comes amid a marked rise in financial crime, with Authorised Push Payment (APP) fraud now the UK’s most significant financial scam.
More than £500 million was lost to APP fraud in the first half of 2024 alone, intensifying scrutiny from regulators and legislators.
“Businesses with strong governance, compliance and fraud prevention processes will be best positioned for the regulatory changes ahead,” said Laurent Sarrat, co-founder and CEO of fraud prevention technology firm Sis ID.
Sarrat emphasized that compliance with the new law will require companies to look beyond internal processes.
“Reasonable procedures under Failure to Prevent Fraud requires more than internal controls—businesses must also be extending due diligence and responsibility to their entire ecosystem and supply chain to ensure no gaps exist.
“As, ultimately, the only effective way to tackle fraud is through collaboration.”
A comprehensive fraud risk assessment, enhanced internal controls, and clear anti-fraud policies are considered essential starting points.
Many organizations are investing in technology to support real-time fraud detection and analytics, but experts caution that automation is only effective if fraud prevention is integrated into broader business culture and governance structures.
While the new law introduces legal risk, it also presents an opportunity to strengthen resilience.
Organizations that adopt a strategic approach to compliance—incorporating staff training, risk auditing, and policy integration—may gain operational advantages beyond regulatory requirements.
Enhanced visibility, fewer losses, and stronger supply chain relationships are among the potential benefits.
At the same time, the growing use of outsourced and automated fraud detection systems is prompting fresh questions about responsibility.
Despite banks being responsible for executing payments, it will be the businesses themselves that face liability for verification failures.
The introduction of Failure to Prevent Fraud coincides with other significant regulatory changes on the global and EU levels.
These include the Digital Operational Resilience Act (DORA), Instant Payment Regulation (IPR), and the upcoming Payments Services Directive (PSD3).
Although the UK is no longer part of the European Union, businesses with financial operations in the EU—or those transacting with EU-based partners—are still expected to comply with these new rules.
The cumulative effect is a more complex and interdependent compliance landscape, particularly for organizations engaged in cross-border activity.
With less than five months until enforcement, companies operating in the UK face an urgent compliance deadline.
Those that can demonstrate robust, auditable, and forward-looking fraud prevention frameworks will be better positioned to avoid liability and adapt to a more stringent regulatory environment.
The importance of fraud prevention as a business imperative is now underscored by legal obligation.
For organizations navigating an increasingly volatile financial crime landscape, the upcoming shift represents not only a regulatory challenge but also a potential competitive advantage.