Does following the six Home Office principles decide the defence?

No. The principles are an official frame for prevention procedures, but the assessment remains fact-specific and depends on the organisation's circumstances and evidence.

What should a reasonable-procedures file show first?

It should show the fraud risk assessment, ownership, mapped procedures, associated-person coverage, reviewer decisions, gaps, and the source version used for the review.

Why does evidence-in-operation matter?

The SFO evaluation guidance says policies and controls alone do not show that a programme is effective. Reviewers need to inspect how controls operated in practice.

Can DefenceFile decide whether procedures are reasonable?

No. DefenceFile organises evidence and review trails. The legal conclusion belongs with the organisation and its qualified advisers.

Reasonable procedures

Reasonable procedures in practice: what ECCTA evidence teams need to show.

A practical guide for legal, compliance, financial-crime, governance, and adviser teams turning s.199(4), Home Office principles, and SFO evaluation posture into inspectable workpapers.

Start with the two statutory limbs

Section 199(4) gives the relevant body a defence if it proves either that it had prevention procedures that were reasonable in all the circumstances, or that it was not reasonable in all the circumstances to expect any prevention procedures.

The phrase to keep visible is "reasonable in all the circumstances". The file should therefore show the circumstances considered, not just the existence of a policy set.

Treat the burden as an evidence-design problem

The Home Office guidance describes the defence as one for the relevant body to prove, on the balance of probabilities. A readiness file should make the basis for each conclusion inspectable before a board or adviser review.

Useful records include the date of the risk assessment, who owned it, which fraud scenarios were considered, what changed after review, which associated-person populations were covered, and what remained uncertain.

Use the six principles as a frame, not a checklist

The Home Office guidance frames reasonable fraud-prevention procedures around six principles: top-level commitment, risk assessment, proportionate risk-based prevention procedures, due diligence, communication including training, and monitoring and review.

The principles are a non-exhaustive frame. A defence file should connect each principle to source evidence, reviewer decisions, stale items, rejected items, and replacement lineage rather than presenting the principles as tick-box completion.

Show evidence in operation

The SFO compliance-programme evaluation guidance says prosecutors may look beyond policies to how a programme operates in practice. For s.199, that makes operation evidence central: training completion with dates, due-diligence outcomes, monitoring exceptions, issue remediation, and reviewer decisions.

A practical workpaper should separate draft AI-assisted classification from human-approved mapping, record who approved the mapping, and preserve audit events for material changes.

Keep the legal boundary explicit

DefenceFile can help organise the evidence, chase attestations, preserve review history, and surface blockers for board packs.

It does not decide whether procedures were reasonable, whether no procedures were reasonable, whether privilege applies, or whether a statutory defence will succeed. Those conclusions belong with the organisation and its qualified advisers.

Official sources

Economic Crime and Corporate Transparency Act 2023
Royal Assent 2023-10-26; accessed 2026-06-15.
Home Office failure-to-prevent-fraud guidance v1.5
Updated 2025-10-10; accessed 2026-06-15.
SFO compliance-programme evaluation guidance
Published 2025-11-26; accessed 2026-06-15.
Joint CPS-SFO Corporate Prosecutions guidance
Updated 2025-11-10; accessed 2026-06-15.

Related DefenceFile pages

Boundary

DefenceFile organises evidence for legal and compliance review. It does not provide legal advice, create privilege, certify scope, certify reasonable procedures, or guarantee that a statutory defence will succeed.

Request pilot review View pricing and FAQ