ECCTA ANTI-FRAUD POLICY TEMPLATE ================================== This template is provided for evidence-organisation purposes only. It does not constitute legal advice, certify scope, certify reasonable procedures, or guarantee that a statutory defence under s.199 ECCTA will succeed. Complete the sections with your own assessed facts; named human review (legal counsel, compliance officer, or qualified adviser) is required before treating this document as evidence. Source: Home Office failure-to-prevent-fraud guidance v1.5 (Updated 2025-10-10). Accessed 2026-06-15. --- DOCUMENT DETAILS ---------------- Organisation name: Policy version: Effective date: Owner (name, role, function): Approved by: Next scheduled review: ECCTA threshold basis (large organisation / group): --- 1. PURPOSE AND SCOPE --------------------- This policy sets out [ORGANISATION]'s commitment to preventing fraud committed by associated persons acting on its behalf or to its benefit. Scope: This policy applies to employees, contractors, agents, and other associated persons as defined in s.199 of the Economic Crime and Corporate Transparency Act 2023 ("ECCTA"). UK nexus: [State whether a UK nexus applies and the basis for that assessment. If uncertain, record the uncertainty and seek legal advice.] --- 2. COMMITMENT STATEMENT ------------------------ [ORGANISATION] is committed to preventing fraud. We will not condone, facilitate, or permit fraud committed by persons associated with us. Fraud includes the offences listed in Schedule 13 of the ECCTA. This policy reflects our commitment to reasonable fraud-prevention procedures as described in the Home Office guidance on the failure-to- prevent-fraud offence. --- 3. ASSOCIATED-PERSON IDENTIFICATION -------------------------------------- We have identified the following categories of associated persons: [ ] Employees [ ] Contracted workers [ ] Subsidiaries [ ] Agents and distributors [ ] Joint venture partners [ ] Other: _____________________ A maintained associated-person register is held at: ________________ The register is reviewed on: [quarterly / annually / on material change] Last review date: _______________ --- 4. FRAUD RISK ASSESSMENT -------------------------- A documented fraud risk assessment has been completed: Assessment date: Assessor (name, role): Methodology: Coverage (business units, geographies, associated-person types): Linked risk register reference: We review the fraud risk assessment at least annually or following a material change to business activities, the associated-person population, or the fraud risk environment. --- 5. PREVENTION PROCEDURES -------------------------- Based on the fraud risk assessment, we have implemented the following fraud-prevention procedures: | Procedure | Description | Owner | Evidence reference | Status | |-----------|-------------|-------|-------------------|--------| | Due diligence | | | | | | Training | | | | | | Contractual controls | | | | | | Monitoring | | | | | | Reporting channel | | | | | | Incident response | | | | | (add rows as needed) Evidence of procedures in operation is maintained in: _______________ --- 6. TRAINING AND AWARENESS -------------------------- Training is provided to the following groups: [ ] All employees [ ] Senior management [ ] Persons with associated-person oversight responsibilities [ ] Other: _____________________ Training frequency: [on appointment / annually / biannually] Training record maintained at: _____________________ Last training cycle completed: _____________________ --- 7. REPORTING AND ESCALATION ----------------------------- Suspected fraud by an associated person should be reported to: Name/role: _____________________ Contact: _____________________ Confidential reporting channel: _____________________ Reports will be acknowledged within [N] working days. The investigation process is documented at: _____________________ --- 8. MONITORING AND REVIEW -------------------------- This policy is reviewed at least annually or following: - A material change to business activities - An incident or near-miss involving associated-person fraud - A change in applicable guidance or regulation Review log: | Version | Review date | Reviewer | What changed | Trigger | |---------|-------------|----------|--------------|---------| | 1.0 | | | Initial | | (add rows as needed) --- 9. ATTESTATION RECORD ---------------------- This document was reviewed and accepted by the following persons: | Name | Role | Date | Method of acceptance | |------|------|------|----------------------| | | | | | (add rows as needed) For digital attestations, records are maintained in: _______________ --- 10. LEGAL BOUNDARY ------------------- This policy is an internal governance document. It does not constitute legal advice, create privilege, certify reasonable procedures, or guarantee that a statutory defence under s.199 ECCTA 2023 will succeed. Whether these procedures meet the "reasonable procedures" standard under s.199(4) is a legal determination requiring qualified human review. --- DefenceFile organises evidence for legal and compliance review. It does not provide legal advice, create privilege, certify scope, certify reasonable procedures, or guarantee that a statutory defence will succeed. Template version: 2026-06-15. Source: Home Office failure-to-prevent- fraud guidance v1.5 (Updated 2025-10-10).