The clock is ticking for UK businesses to prepare for the "Failure to Prevent Fraud" law, effective September 1st, 2025. This landmark legislation shifts the responsibility for preventing fraudulent activity directly onto companies, demanding a proactive and strategic overhaul of treasury functions and fraud prevention measures.
The regulatory winds are shifting, and for UK businesses, particularly their treasury functions, the upcoming implementation of the “Failure to Prevent Fraud” offence under the Economic Crime and Corporate Transparency Act (ECCTA) demands immediate attention. With less than 150 days until the September 1st, 2025, deadline, treasurers must proactively fortify their defenses against the ever-present threat of financial crime.
This new legislation marks a significant departure, placing direct criminal liability on companies if an associated person (employee, agent, etc.) commits fraud for the organization’s benefit. The onus now lies squarely on businesses to demonstrate they had “reasonable fraud prevention procedures” in place. This echoes the principles of the UK Bribery Act 2010, but its application to the broad spectrum of fraudulent activities presents a fresh set of challenges and responsibilities for treasury teams.
The backdrop to this regulatory change is stark. Authorised Push Payment (APP) fraud has surged to become the UK’s most costly financial scam, exceeding half a billion pounds in losses in the first half of 2024 alone. This escalating threat underscores the urgent need for a unified front involving government, regulators, and, crucially, businesses themselves.
Laurent Sarrat, co-founder and CEO of Sis ID, a firm specializing in fraud detection and prevention, aptly points out that a piecemeal approach is no longer sufficient.
“Fraud prevention requires a broader, more strategic approach,” he emphasizes.
“Businesses with robust governance, compliance, and fraud prevention processes will be best positioned. However, demonstrating ‘reasonable procedures’ extends beyond internal controls. It necessitates rigorous due diligence across the entire ecosystem and supply chain to eliminate vulnerabilities. Ultimately, collaborative efforts are the most effective weapon against fraud.”
For treasury professionals, this translates into a clear call to action. Here are minimum steps to prioritize now:
This is the foundational layer. Treasury teams must meticulously review and strengthen existing internal controls, ensuring segregation of duties, robust authorization processes, and regular reconciliation procedures. Clear anti-fraud policies, communicated effectively and consistently, are paramount. Furthermore, embedding a culture of vigilance through comprehensive staff training on identifying and reporting suspicious activity is no longer a nice-to-have but a necessity.
A thorough risk assessment is the compass guiding your fraud prevention strategy. This assessment must extend beyond internal operations to encompass the vulnerabilities inherent in your supply chain and wider business relationships. Understanding where your organization is most susceptible to fraud – be it invoice fraud, mandate fraud, or cyber-enabled financial crime – allows for targeted and effective preventative measures.
Relying solely on manual processes is no longer sustainable in the face of sophisticated fraud tactics. Treasurers should actively explore and invest in dedicated anti-fraud technologies that offer real-time detection and prevention capabilities. These tools can range from sophisticated payment verification systems to AI-powered anomaly detection, providing an essential layer of defense.
Viewing these new regulations as a mere compliance hurdle is a missed opportunity. A holistic approach that integrates risk audits, enhanced controls, and continuous staff training can yield benefits far exceeding simply ticking regulatory boxes. By proactively strengthening their fraud defenses, treasury teams can significantly reduce financial and reputational risks, contributing to broader collaborative efforts in the fight against financial crime.
While partnering with banks and technology providers for fraud detection solutions is prudent. Treasurers must remember that the ultimate responsibility for verification errors – and the impending significant fines – rests with the business. Implementing automated fraud detection is crucial, but ensuring these tools are correctly implemented, integrated into workflows, and diligently utilized by a well-informed team is equally vital. Fraud prevention must be embedded within the company’s DNA.
Beyond the direct impact of the “Failure to Prevent Fraud” legislation, treasurers must also be cognizant of the broader wave of payment regulations on the horizon in 2025. Even with the UK’s departure from the European Union, regulations such as the Instant Payment Regulation (IPR), the Digital Operational Resilience Act (DORA), and PSD3 will indirectly affect UK businesses with EU financial entities or those transacting with EU partners. These regulations further underscore the increasing global focus on payment security and operational resilience.
In conclusion, the impending “Failure to Prevent Fraud” law is a watershed moment for UK businesses. For treasury professionals, it necessitates a proactive, strategic, and collaborative approach to safeguarding their organizations against financial crime. By taking decisive action now to strengthen controls, conduct thorough risk assessments, invest in technology, and cultivate a culture of fraud awareness, treasurers can not only ensure compliance but also build greater resilience in an increasingly complex and fast-moving payment ecosystem.
The time to act is now, ensuring your organization is well-prepared for the regulatory landscape of tomorrow.