Written by Laurent Sarrat, co-founder and CEO of fraud detection and prevention company, Sis ID
A wave of international payment regulations is set to reshape the financial landscape in 2025, but none will hit UK businesses as directly as the new corporate criminal offence: ‘Failure to Prevent Fraud’. Introduced under the Economic Crime and Corporate Transparency Act (ECCTA), this law takes effect on 1st September 2025, placing direct responsibility on businesses to prevent fraudulent activity within their organisations.
Following similar logic to the UK Bribery Act 2010, the new regulation means that if an employee or agent commits fraud for the company’s benefit, the company itself will be held criminally liable – unless it can prove it had ‘reasonable fraud prevention procedures’ in place.
For Independent Financial Advisors (IFA), there is urgency to ensure that they themselves don’t inadvertently commit an offence on the part of a company they act for, at the same time as advising their clients on the appropriate controls to have in place for this new law.
Fraud prevention requires a broader, more strategic approach
With Authorised Push Payment (APP) fraud now the UK’s biggest financial scam – costing the economy over half a billion pounds in the first half of 2024 – financial fraud is an increasingly pressing issue for government, regulators and businesses combined.
Businesses with strong governance, compliance and fraud prevention processes will be best positioned for the regulatory changes ahead. But ‘reasonable procedures’ under Failure to Prevent Fraud requires more than internal controls – businesses must also be extending due diligence and responsibility to their entire ecosystem and supply chain to ensure no gaps exist. Ultimately, the only effective way to tackle fraud is through collaboration.
There are a few bare minimum steps that businesses must take now:
- Strengthen internal controls and policies
Conduct a comprehensive fraud risk assessment, covering both internal operations and supply chain vulnerabilities. Implement clear anti-fraud policies and ensure staff are trained to detect and report suspicious activity. Invest in dedicated anti-fraud tools that enhance real-time fraud detection and prevention.
- See compliance as a strategic opportunity
Businesses can treat these regulations as a box-ticking exercise – or they can use them as an opportunity to make impactful operational improvements. A holistic approach that includes risk audits, staff training and enhanced controls can deliver benefits that extend far beyond compliance, reducing financial and reputational risk – and contributing to wider collaborative efforts to fight fraud.
- Outsource tools but not responsibility
While banks are responsible for executing payments, ultimately it is businesses that will bear responsibility for any verification errors – and with these errors will soon come the very real threat of significant fines and penalties. Automated fraud detection solutions are essential, but having the right tools isn’t enough – companies must embed fraud prevention into their culture and ensure that these tools are properly utilised.
The value of IFA support in a complex environment
IFAs will provide real value in multiple ways during this wave of payment regulation, including by: keeping clients informed of regulatory changes, supporting with payment infrastructure and ensuring a business’ tools and systems comply with regulatory standards, connecting clients with specialists for more complex compliance needs, and offering regular reviews to ensure clients stay compliant.
They can also play a key role in fostering a more proactive compliance culture by helping clients frame regulation not just as an obligation, but as an opportunity to enhance governance, reduce risk and futureproof their operations.
Raft of payment regulations set to impact cross-border businesses in 2025
The importance of fraud prevention has never been higher. Businesses that take a proactive and strategic approach to fraud prevention now will not only ensure compliance, but will also strengthen their resilience against financial crime in an increasingly fast-moving payment ecosystem.
Failure to Prevent Fraud comes alongside multiple global and European Union level payment regulations which will indirectly impact UK businesses. Despite the UK no longer being in the EU, any UK businesses with financial entities in the EU, or those transacting with EU partners, will be impacted by other regulations, including: IPR (Instant Payment Regulation) DORA (Digital Operational Resilience Act) and PSD3. Again, IFAs will be called upon to provide information, advice and support on how businesses can navigate this complex web of regulation.
