Skip to main content
DefenceFile
Guidance trackerRequest pilot review

Glossary

ECCTA failure-to-prevent-fraud glossary.

A working glossary for teams organising ECCTA failure-to-prevent-fraud evidence without turning workflow labels into legal conclusions.

Source baseline: 2026-06-15

Failure to prevent fraud

The ECCTA s.199 offence that can apply to a relevant body where an associated person commits a listed fraud offence intending to benefit the body or its clients, subject to the statutory defence.

The offence is about organisational responsibility for fraud connected to services performed for the organisation or its clients. It is not a finding that every control failed.

2 sourced references

Large organisation

For ECCTA failure-to-prevent-fraud scope, a body is large when it meets at least two of the relevant size thresholds for turnover, balance-sheet total, and employee count in the preceding financial year.

The Home Office guidance uses the company-law size test, including group aggregation rules for parent undertakings.

2 sourced references

Associated person

A person associated with a relevant body can include employees, agents, subsidiaries, or others performing services for or on behalf of the body, assessed on all the circumstances.

The label is wider than payroll. Supply-chain and subsidiary activity can matter where services are being performed for the organisation.

2 sourced references

Reasonable procedures

The s.199(4) defence refers to reasonable prevention procedures, or to it not being reasonable to expect procedures in all the circumstances; the burden is on the relevant body on the balance of probabilities.

The guidance gives principles and examples, but the assessment remains fact-specific and evidence-led.

2 sourced references

Base fraud offence

A listed underlying offence in Schedule 13 to ECCTA that can form the fraud conduct for s.199; conspiracy to defraud is not listed in Schedule 13.

The offence starts with a listed fraud offence, so evidence reviews need to identify the alleged conduct and the relevant Schedule 13 category.

2 sourced references

UK nexus

The connection to the UK needed for the failure-to-prevent-fraud offence, considered by reference to the body, associated person conduct, and the underlying fraud offence.

Cross-border groups still need a careful UK-connection review rather than an assumption based on headquarters alone.

2 sourced references

Defence file

A structured evidence workspace that keeps prevention-procedure evidence, owners, dates, review decisions, and source lineage together for human and adviser review.

It is an operating record for how evidence was collected and reviewed, not a legal conclusion.

2 sourced references

Attestation

In DefenceFile workflow language, an attestation is a dated human statement about the status, source, or review of evidence supplied into the defence-file process.

An attestation captures who said what, when, and for which evidence item, so reviewers can inspect the basis later.

2 sourced references

Evidence register

A register of evidence items with source, owner, date, review status, gaps, and lineage so the organisation can show how prevention procedures operate in practice.

The register is the index for what exists, what is missing, and what still needs human review.

2 sourced references

Board pack

A board-facing evidence packet summarising material fraud-prevention risks, owners, review decisions, gaps, and next actions for top-level oversight.

The pack helps directors inspect the state of evidence and decisions without replacing adviser judgment.

2 sourced references

Senior manager (s.196)

A separate ECCTA corporate-liability route for senior-manager conduct under s.196, distinct from the s.199 failure-to-prevent-fraud offence.

Senior-manager liability is a different route from the failure-to-prevent-fraud workflow, so evidence teams should not collapse the two tests into one checklist.

2 sourced references

Identification doctrine

A corporate-criminal-liability concept concerned with when the acts and mental state of individuals can be attributed to a corporate body.

It is part of the wider corporate prosecution context and should not be treated as the same thing as the s.199 failure-to-prevent-fraud offence.

2 sourced references

Schedule 13

The ECCTA schedule listing the base fraud offences that can support the s.199 failure-to-prevent-fraud offence.

A review should identify which listed offence category is being considered and keep uncertainty visible.

2 sourced references

SFO

The Serious Fraud Office, the UK specialist authority that investigates and prosecutes serious or complex fraud, bribery, and corruption.

For ECCTA readiness copy, SFO materials are relevant to prosecution posture and compliance-programme evaluation, not to predicting a particular buyer outcome.

2 sourced references

DPA (deferred prosecution agreement)

A deferred prosecution agreement is an agreement between a prosecutor and an organisation under judicial supervision, where prosecution is suspended if specified conditions are met.

In this glossary, DPA means deferred prosecution agreement. It is separate from a data processing agreement used in privacy and procurement documents.

2 sourced references

Legitimate interests

A UK GDPR Article 6 lawful basis that requires a purpose, necessity, and balancing assessment before personal information is processed on that basis.

For fraud-readiness evidence, the controller should document why the processing is necessary and how individual rights and expectations have been weighed.

1 sourced references

Criminal offence data

Personal data relating to criminal convictions, offences, allegations, proceedings, or related security measures, which needs an Article 6 lawful basis and an Article 10 route.

The ICO guidance says Article 10 adds an extra layer: official authority or a DPA 2018 Schedule 1 condition, alongside the usual UK GDPR basis.

1 sourced references

Immutable audit trail

In DefenceFile workflow language, an immutable audit trail is an event history that records material evidence and review actions without editing earlier entries.

The aim is to show what changed, who acted, and when, while preserving earlier context for reviewers.

2 sourced references

Human review gate

A workflow control that keeps AI-assisted classification, evidence mapping, exports, or board-pack readiness in draft until a named human reviewer decides what happens next.

The gate makes reviewer ownership visible and keeps draft machine output separate from approved evidence decisions.

2 sourced references

Zero-login attestation

In DefenceFile workflow language, a zero-login attestation is a scoped external response flow where an associated person can answer a request without receiving internal workspace access.

The workflow should keep raw bearer tokens out of audit rows and exports while preserving the response status and evidence lineage.

2 sourced references

Replacement lineage

A record of how one evidence item supersedes, corrects, or replaces another, including dates, reviewers, and reason for replacement.

Lineage helps reviewers understand why an older policy, risk assessment, training record, or attestation should no longer be used as the current source.

2 sourced references

How to use these definitions

Use the terms as shared vocabulary for evidence collection, adviser review, and board reporting.

Where a term is a DefenceFile workflow label rather than a statutory label, the definition says so directly.

Official sources