ECCTA FRAUD RISK ASSESSMENT TEMPLATE ===================================== This template is provided for evidence-organisation purposes only. It does not constitute legal advice, certify scope, certify reasonable procedures, or guarantee that a statutory defence under s.199 ECCTA will succeed. Fill the sections below with your own assessed facts; named human review (legal counsel, compliance officer, or qualified adviser) is required before relying on any output as evidence. Source: Home Office failure-to-prevent-fraud guidance v1.5 (Updated 2025-10-10). Accessed 2026-06-15. --- ORGANISATION DETAILS -------------------- Organisation name: Assessment date: Assessment owner (name, role): Business units / geographies in scope: Applicable ECCTA threshold basis (large organisation / group): UK nexus confirmed (yes / uncertain / no): Associated-person population types included: --- PROCEDURE: Risk assessment (Home Office guidance principle 1) Purpose: Document the structured fraud-risk assessment covering fraud scenarios, associated persons, controls, gaps, and reviewer decisions. SECTION 1 — FRAUD SCENARIOS CONSIDERED --------------------------------------- List the material fraud scenarios relevant to the organisation's activities and associated-person populations. | # | Fraud scenario | Associated-person type | Risk rating (H/M/L) | Date assessed | |---|----------------|------------------------|---------------------|---------------| | 1 | | | | | | 2 | | | | | | 3 | | | | | (add rows as needed) SECTION 2 — CONTROLS AND PREVENTION PROCEDURES ----------------------------------------------- For each material scenario, record the prevention procedures relied on and the evidence supporting them. | Scenario # | Procedure relied on | Evidence reference | Owner | Status (current/gap/pending) | |------------|---------------------|-------------------|-------|------------------------------| | | | | | | (add rows as needed) SECTION 3 — GAP REGISTER ------------------------- Record unresolved gaps, including the scenario affected, what evidence is missing, and the planned remediation. | Gap # | Scenario # | Missing evidence | Planned action | Target date | Owner | |-------|------------|-----------------|----------------|-------------|-------| | | | | | | | (add rows as needed) SECTION 4 — REFRESH CADENCE AND VERSION HISTORY ------------------------------------------------- Record when this assessment was last reviewed and what triggered any changes. | Version | Review date | Reviewer (name, role) | What changed | Trigger | |---------|-----------|-----------------------|--------------|---------| | 1.0 | | | Initial | | (add rows as needed) --- REVIEWER SIGN-OFF ----------------- This assessment was reviewed on ____________ by ___________________ (name, role). The reviewer notes: Scope: [in scope / uncertain — legal review required / out of scope] Assessment completeness: [complete / incomplete — gaps listed in Section 3] The reviewer confirms this is an evidence-organisation workpaper. It does not constitute legal advice, certify reasonable procedures, or guarantee that a statutory defence under s.199 ECCTA 2023 will succeed. Signature: ___________________________ Date: _______________ --- NEXT STEPS AND BOARD-PACK BLOCKERS ------------------------------------ [ ] Gaps in Section 3 resolved before next board pack [ ] Controls in Section 2 tested for operation (monitoring and review) [ ] Assessment version updated following material change [ ] Board pack includes current version of this assessment --- DefenceFile organises evidence for legal and compliance review. It does not provide legal advice, create privilege, certify scope, certify reasonable procedures, or guarantee that a statutory defence will succeed. Template version: 2026-06-15. Source: govuk.gov.uk failure-to-prevent-fraud guidance v1.5 (Updated 2025-10-10).