UK ECCTA failure-to-prevent-fraud readiness

Your board meeting is six weeks away. Here is what an organised ECCTA defence file looks like before you walk in.

DefenceFile turns scattered ECCTA evidence into a scope-screened, adviser-ready defence file — with an audit trail your board can read.

Request pilot review See a sample board pack Open demo workspace

The sample board pack opens in your browser — no email, no form.

Named human reviewSHA-256 sealed exportsUK data regionNo third-party AI

Software for organising evidence and review trails. Not legal advice, not a legal opinion, not scope or reasonable-procedures certification, and not a guarantee that a statutory defence will succeed.

Northwind Group plc (sample)

ECCTA defence-file control room

Human review required

Principles mapped

4 of 6

Coverage (illustrative)

74/100

Alerts

2 critical

Top level commitment

Mapped evidence present

Due diligence

Gap: supplier refresh evidence

Monitoring and review

Gap: testing record missing

Export gate

Blocked

A gate status, not a grade — the pack will not export clean while these are open:

4 evidence items still need named review.
2 ECCTA principle gaps remain open.
Associated-person chase overdue.

Illustrative sample. “Evidence coverage” is the weighted share of the six principles with mapped, reviewed evidence — how complete the file is, not a measure of defence strength.

Why we built this

The readiness gap is well-documented. The tooling wasn't.

“The publication of this guidance means that time is running short for corporations to get their house in order or face criminal investigation.”

Nick Ephgrave QPM, Director of the Serious Fraud Office — GOV.UK, November 2024

“Large companies, charities and other organisations need to act now to make sure they have proper fraud prevention systems in place.”

Hannah von Dadelszen, Chief Crown Prosecutor, CPS — GOV.UK, November 2024

“The onus will remain on the relevant organisation, where it seeks to rely on the defence, to prove that it had reasonable prevention procedures in place. It will rarely be considered reasonable not to have even conducted a risk assessment.”

Source: Home Office statutory guidance — ECCTA Failure to Prevent Fraud Guidance, GOV.UK

Built for the six Home Office prevention principles

6: Prevention-procedure principles mapped
90-day: Focused readiness pilot
100%: Classifications held for named human review
0: Raw bearer tokens stored

Built around the regulatory job

One workspace for scope, associated persons, evidence, review, and export.

Scope screen

Capture large-organisation thresholds, UK nexus, group uncertainty, reviewer, source date, and legal-review notes.

Associated-person attestations

Send zero-login requests to suppliers, agents, subsidiaries, and other service providers without creating internal accounts. Links are scoped, expiring, and rate-limited — never raw bearer tokens.

Evidence review

Keep AI-assisted classifications draft until a named reviewer approves or rejects them with notes.

Board-pack exports

Generate hashed export manifests with source-register lineage, blocker reasons, approval state, and adviser share links.

ECCTA readiness guide

Scope criteria, associated persons, UK nexus, six prevention-procedure principles, and legal-boundary notes.

Evidence register guide

How to structure source lineage, human review, gap mapping, audit events, and board-pack blockers.

Associated-person evidence

How to organise service-provider populations, due diligence, attestations, chase status, and unresolved gaps.

Readiness checklist

An ungated, print-friendly evidence checklist structured around the six fraud-prevention principles.

Trust posture

Serious controls, with claims kept inside the evidence.

The product is designed for sensitive compliance evidence: tenant-scoped storage, redacted extracted text, HMAC token boundaries, rate-limited public links, immutable audit events, and board-pack hashes. Official-source and privacy-law copy was last refreshed against the 2026-06-15 public source baseline.

Private evidence boundary

Original files stay in private tenant-scoped object storage; exports use source metadata, hashes, and redacted text.

Token discipline

Attestation and adviser-share links are scoped, expiring, rate-limited, and never stored as raw bearer tokens.

Human review gate

Evidence remains draft until a named human reviewer records an approval or rejection decision. Draft classifications come from in-tenant keyword signal matching — your evidence is never sent to a third-party AI service.

Deployment checks

Health checks cover signing secrets, HTTPS public origin, S3 evidence storage, email delivery, workers, backup targets, and database connectivity.

ECCTA Defence File Pilot

The first working session is about visible progress, not another policy template.

Scope posture using large-organisation and UK-nexus prompts.

Evidence gap map against the six Home Office prevention-procedure principles.

Named human-review queue for draft classifications.

Associated-person attestation chase list.

Board-pack blockers with the reason an export is or is not ready.

Pilot packaging

GBP 2,500 setup + GBP 950/month for 90 days

For 90-day ECCTA readiness pilots where a buyer needs a defensible workpaper, adviser handoff, and evidence workflow. If the first working session does not produce the agreed workflow artifacts, the setup fee is waived.

Request pilot review View pricing and FAQ

Not ready to request a pilot yet?

Download the first-session agenda

Plain text. No email required. Shows exactly what the first 90-minute session covers.

ECCTA Defence File Pilot

Turn scattered readiness work into one reviewable defence file.

Request a fit review before sharing any evidence. If the first working session does not produce the agreed workflow artifacts, you do not pay the setup fee.

Request pilot review