ECCTA failure to prevent fraud: a guide for company secretaries
Company secretaries sit at the centre of the governance record the failure-to-prevent-fraud offence cares about: board commitment, oversight, and the minute trail that shows procedures were owned at the top. DefenceFile organises that evidence so it is reviewable rather than scattered across minutes, inboxes, and shared drives.
The sample board pack opens in your browser — no email, no form.
What you are accountable for
You steward the evidence of top-level commitment — board and committee oversight of the fraud risk assessment, sign-off of procedures, and the record that the board engaged with them.
The worries
- Board commitment is real but the evidence of it is scattered across minutes and emails
- No single, dated record linking procedures to the board that approved them
- Producing a defensible governance trail at short notice for advisers or auditors
How the defence file helps
- Keep board and committee oversight of the fraud risk assessment in one reviewable place
- Link fraud-prevention procedures to the meetings and sign-offs that approved them
- Maintain a sign-off-gated board pack that shows top-level commitment over time
- Preserve a dated audit trail of who reviewed and approved what
Evidence to prioritise
Company Secretary questions
- What governance evidence does the failure-to-prevent-fraud offence expect?
- The Home Office guidance treats top-level commitment as a principle, so the practical evidence is board and committee engagement with the fraud risk assessment and procedures. DefenceFile organises that record; whether it is sufficient is a legal judgement for your advisers.
- Does the board need to do this itself?
- Top-level commitment is about genuine board ownership, not delegation to a tool. DefenceFile keeps the evidence of that ownership organised and review-ready; it does not substitute for the board's engagement.
- Can this produce our board pack?
- DefenceFile assembles a sign-off-gated board pack from the underlying evidence so oversight is demonstrable. It organises the record; it does not provide legal advice or certify that the procedures were reasonable.
For other roles
- Audit Committee ChairHow audit committee chairs and NEDs evidence oversight and challenge of ECCTA fraud-prevention procedures.
- Chief Risk OfficerHow CROs own the fraud risk assessment and monitoring for the ECCTA offence and keep the evidence reviewable in a defence file.
- Head of Internal AuditHow internal audit provides independent assurance over ECCTA fraud-prevention procedures using a reviewable evidence trail.
Keep going
- Failure to prevent fraud: the offence explainedThe statutory offence, the size test, and what a defence file is for.
- Reasonable proceduresHow the six principles map to evidence you can organise.
- Straight answersSourced answers on scope, penalties, and the defence.
- Pricing and pilotsHow a structured pilot review of your evidence works.
DefenceFile organises evidence for legal and compliance review. It does not provide legal advice, create privilege, certify scope, certify reasonable procedures, or guarantee that a statutory defence will succeed.