By Scott Morris, advisory board member at Skillcast.
The financial services industry is entering a new era of regulatory accountability. Under the Economic Crime and Corporate Transparency Act 2023 (ECCTA), failing to prevent fraud isn’t just a compliance risk – it’s a potential criminal offence.
From September 2025, enforcement of the Act will escalate, requiring firms across the financial services sector to meet significantly enhanced compliance, governance and transparency standards. Those who fall short could face substantial penalties, criminal charges and lasting reputational damage.
Now is the time for financial services firms to re-evaluate and reinforce their fraud prevention frameworks or risk serious consequences.
A new chapter in corporate accountability
Building on the momentum of the 2022 Economic Crime (Transparency and Enforcement) Act, which focused on curbing illicit wealth flows – particularly through opaque corporate structures – the ECCTA goes even further.
At the core of this legislation is the new ‘failure to prevent fraud’ offence. This transformative measure shifts responsibility onto the business itself, requiring firms to proactively prevent fraud and demonstrate they have taken reasonable steps to do so.
For financial services firms, this means moving from reactive compliance to active defence. It’s not enough to detect and respond to fraud after it happens; under the ECCTA, you must show that your systems were designed to stop it from occurring in the first place.
The implications are sweeping. If your firm can’t prove defences were adequate, criminal liability could follow for the company, and potentially for senior executives. This marks a major shift in how financial services firms must approach risk, oversight and corporate responsibility.
Financial services in the firing line
The case for urgent action couldn’t be clearer. According to the Crime Survey for England and Wales, fraud accounted for 41% of all crimes in the 12 months to September 2024. It is now the most prevalent crime in the UK, and the financial sector is front and centre.
Whether it’s authorised push payment (APP) fraud, investment scams, synthetic identity fraud, or the misuse of accounts for money laundering, financial services firms are frequent targets of economic crime – and, sometimes, unwitting facilitators, as gaps in controls and oversight allow criminals to exploit systems without the firm ever being aware.
Under the ECCTA, the risks of failing to prevent this activity are no longer reputational alone; they are criminal.
As such, financial services organisations must move beyond viewing compliance as a one-size-fits-all, tick-box exercise. What’s required is a deep, enterprise-wide commitment to transparency, integrity and fraud risk management.
And, by embedding these principles into business operations organisations will not only ensure they meet regulatory expectations, but also retain the trust of clients, partners, stakeholders and investors.
Lagging behind other industries
Skillcast’s recent ECCTA Readiness Index – based on data from 2,000 UK companies – found that financial services ranked lowest in ECCTA readiness, highlighting significant governance risks and vulnerabilities, which may impact compliance.
The financial services sector scored just 453 out of 1,200, reflecting high levels of overdue filings, frequent director changes and compulsory strike-off actions. It also led all industries in company name changes, a potential red flag for efforts to obscure past activities or avoid scrutiny.
The sector recorded the highest number of outstanding charges (122) – nearly double that of hospitality (78) – raising concerns about financial risk and unresolved liabilities.
Compliance with confirmation statements was weak, with 16% of firms overdue on this key requirement, which ensures Companies House has accurate ownership data. An additional 6% had overdue accounts, further elevating risk.
Ownership transparency was also inconsistent, with notable gaps in PSC disclosures for both individuals and corporate controllers.
Given the sector’s role in handling sensitive financial systems, these weaknesses present a serious compliance vulnerability, and clearly demonstrate that firms must prioritise governance improvements to avoid enforcement action and reputational damage.
The importance of training
In the fight against financial crime, well-informed staff are one of the most effective defences a firm can have. Targeted compliance training, especially around fraud prevention and reporting obligations, is essential.
Training is one of the most powerful tools firms have to prevent fraud. But under the ECCTA, awareness alone isn’t enough. Programmes must be tailored, covering fraud typologies relevant to your business model, how to validate PSC data, responsibilities under the new corporate offence and clear escalation pathways for concerns.
A well-documented training framework not only builds internal resilience but also demonstrates to regulators that your firm has taken reasonable steps to prevent fraud – now a critical defence under the law.
In today’s environment, this type of training isn’t a box to tick. It’s a strategic investment in your firm’s legal defence and reputational resilience.
The consequences of non-compliance
Firms that fall short of ECCTA requirements could face unlimited fines, criminal prosecution and even personal liability for directors or senior managers. Companies may also be struck off the register entirely.
But perhaps more damaging than legal sanctions is the loss of trust. The financial services sector is built on credibility. If clients or investors perceive your firm as lax on fraud, the commercial impact could be devastating.
ECCTA compliance should therefore be treated not just as a legal duty, but as a strategic priority. It is an opportunity to strengthen internal governance, demonstrate ethical leadership and build a culture of long-term resilience and transparency.
It isn’t just about updating your policies – it’s about transforming your culture. Financial services firms must ensure that fraud prevention becomes a shared responsibility, not just the remit of compliance teams.
By embedding ethical standards into everyday decision-making and equipping your teams with the right tools and knowledge, your firm can meet the ECCTA challenge head-on and come out stronger.
In a world where failing to prevent fraud is a crime, doing nothing is no longer an option.