ECCTA failure-to-prevent-fraud readiness: what evidence teams need to organise.

The Home Office guidance explains that the offence can apply to large organisations where an employee, agent, subsidiary undertaking, or other associated person commits a listed fraud offence intending to benefit the organisation or, in some circumstances, its clients.

The guidance also says senior-management knowledge is not required for the corporate offence, which came into force on 1 September 2025. That makes the operational record important: what the organisation assessed, who owned the decision, what evidence was reviewed, and where gaps remained.

A useful readiness file should record employee count, turnover, total assets, entity and group structure, UK nexus, source date, reviewer, and uncertainty notes. The official large-organisation thresholds are more than 250 employees, more than GBP 36 million turnover, and more than GBP 18 million in total assets, with two of the three conditions met.

Scope screening should be labelled as a screen, not a certification. The final interpretation belongs with the organisation and its legal advisers.

The government guidance frames reasonable fraud-prevention procedures around six principles: top-level commitment, risk assessment, proportionate risk-based prevention procedures, due diligence, communication including training, and monitoring and review.

The SFO's November 2025 compliance-programme guidance says prosecutors may evaluate reasonable-procedures evidence for s.199 ECCTA and will look beyond policies to how a programme operates. A defence-file workflow should therefore make it easy to see which source evidence maps to each principle, what is stale or missing, which reviewer approved the mapping, and why a board pack is blocked.

DefenceFile does not treat an absence of public prosecution comfort as a risk rating, and this guide does not make investigation-status claims.

The SFO Director's 3 June 2026 speech said the SFO is committed to making full use of the failure-to-prevent-fraud offence and described it as both an enforcement and prevention tool. Buyer readiness work should be documented on that basis, without assuming that policies alone will be enough.

DefenceFile is built as an evidence operating layer for this work: scope screening, associated-person attestation chases, evidence intake, human review, audit events, and board-pack exports.

The product does not replace counsel, legal advice, or a court's assessment. Its job is to make the underlying evidence and review trail inspectable.