What training evidence do I need for ECCTA Principle 5?
Principle 5 requires evidence that relevant staff and associated persons received training on fraud prevention procedures — with dated completion records, training content, and confirmation the training was role-appropriate.
Not sure this applies to you? The offence targets large organisations that meet the size test — check whether you are in scope.
In short
- Training must be role-appropriate — generic compliance training is insufficient for high-risk roles.
- Keep the training content, delivery date, attendee list, and completion confirmation.
- Third-party training evidence requires the provider's certificate and syllabus.
- Associated persons in fraud-risk roles need documented, dated training — not just onboarding paperwork.
Principle 5 of the ECCTA reasonable procedures guidance covers communication and training. It requires evidence that the organisation communicated its fraud prevention procedures to relevant staff and associated persons, and that training was proportionate to the risk profile of each role.
The most common gap is generic compliance training that covers fraud briefly alongside anti-bribery and data protection, with no evidence it was specifically tailored to ECCTA failure-to-prevent-fraud obligations or the individual's role in associated-person oversight.
For in-house training, evidence includes: dated attendance or completion records, the training content itself (slides, materials, or a summary), evidence of who delivered it and their qualifications, and evidence of how often training is refreshed.
For training delivered by third-party providers, keep the provider's completion certificate, the syllabus or course description, and confirmation of the date and attendees. If the provider is a law firm or regulated adviser, note their credentials.
Associated persons — particularly agents and intermediaries — are a frequent gap. Generic onboarding does not satisfy Principle 5 if those individuals are in a position to commit fraud on the organisation's behalf. Role-specific training, documented and dated, is required.
The sample board pack — a one-page view of where evidence is complete and what is missing — opens in your browser, no email, no form.
Official sources
- Home Office failure-to-prevent-fraud guidance v1.5
Updated 2025-10-10; accessed 2026-06-15.
- SFO compliance-programme evaluation guidance
Published 2025-11-26; accessed 2026-06-15.
Keep reading
DefenceFile organises evidence for legal and compliance review. It does not provide legal advice, create privilege, certify scope, certify reasonable procedures, or guarantee that a statutory defence will succeed.