Skip to main content
DefenceFile
Help centre

Scope and compliance · 6 min

The six fraud-prevention principles

An overview of the six GOV.UK guidance principles that frame a reasonable-procedures defence under the ECCTA failure-to-prevent-fraud offence.

Help baseline: 2026-06-15

principlesreasonable proceduresECCTAGOV.UK guidancesix principles

Why the six principles matter

The Home Office guidance sets out six principles that the prosecution will consider when assessing whether an organisation had reasonable procedures in place. Covering all six with reviewed evidence is the core workflow in DefenceFile. Source: Home Office ECCTA failure-to-prevent-fraud guidance d4.

  • The principles are: top-level commitment, risk assessment, proportionate procedures, due diligence, communication and training, and monitoring and review.
  • Having evidence across all six does not guarantee a defence succeeds — that is a question for legal advisers and ultimately the court.
  • DefenceFile maps evidence to each principle to help you demonstrate coverage, not to certify adequacy.
  • Gaps shown in the workspace are evidence-coverage gaps, not a statement that no procedures exist.

Evidence per principle

Each principle calls for different types of evidence. DefenceFile suggests evidence types based on the principle, but the final decision on what counts belongs to you and your advisers.

  • Top-level commitment: board minutes, board-approved anti-fraud policy, named senior owner.
  • Risk assessment: fraud risk register, risk assessment methodology, scope screen.
  • Proportionate procedures: control matrix, policy documents, procedures tied to identified risks.
  • Due diligence: third-party attestations, supplier onboarding records, ongoing monitoring records.
  • Communication and training: training records, staff briefing records, completion rates.
  • Monitoring and review: board review papers, audit findings, control testing records.

Coverage versus adequacy

DefenceFile shows evidence coverage — what is in the file — not whether the procedures are adequate. Adequacy is a legal conclusion that depends on the nature and size of the business and the risks it faces. Source: Home Office guidance d4.

  • A score of 6/6 covered means all six principles have evidence mapped and reviewed — it does not mean the defence is guaranteed.
  • A score below 6/6 means at least one principle has no reviewed evidence — the gap is shown honestly.
  • DefenceFile does not certify, score, or rate the quality of your procedures against the statutory test.

Boundary

DefenceFile help explains workflow operation. It does not provide legal advice, create privilege, certify scope, certify reasonable procedures, or guarantee that a statutory defence will succeed.

Request pilot review