A wave of payment regulations is set to reshape the financial landscape in 2025, but none will hit UK businesses as directly as the new corporate criminal offence: ‘Failure to Prevent Fraud’. Introduced under the Economic Crime and Corporate Transparency Act (ECCTA), this law takes effect on 1st September 2025, placing direct responsibility on businesses to prevent fraudulent activity within their organisations.

Following similar logic to the UK Bribery Act 2010, the new regulation means that if an employee or agent commits fraud for the company’s benefit, the company itself will be held criminally liable - unless it can prove it had ‘reasonable fraud prevention procedures’ in place.

With APP (Authorised Push Payment) fraud now the UK’s biggest financial scam - costing the economy over half a billion pounds in the first half of 2024 - financial fraud is an increasingly pressing issue for government, regulators and businesses combined.

"Fraud prevention requires a broader, more strategic approach"

Laurent Sarrat, co-founder and CEO of financial fraud detection and prevention company, Sis ID, warns: “Businesses with strong governance, compliance and fraud prevention processes will be best positioned for the regulatory changes ahead. But ‘reasonable procedures’ under Failure to Prevent Fraud requires more than internal controls - businesses must also be extending due diligence and responsibility to their entire ecosystem and supply chain to ensure no gaps exist. As, ultimately, the only effective way to tackle fraud is through collaboration.”

Laurent Sarrat shares the minimum steps that businesses must take now:

1. Strengthen internal controls and policies
   Conduct a comprehensive fraud risk assessment, covering both internal operations and supply chain vulnerabilities. Implement clear anti-fraud policies and ensure staff are trained to detect and report suspicious activity. Invest in dedicated anti-fraud tools that enhance real-time fraud detection and prevention.

2. See compliance as a strategic opportunity

Businesses can treat these regulations as a box-ticking exercise - or they can use them as an opportunity to make impactful operational improvements. A holistic approach that includes risk audits, staff training and enhanced controls can deliver benefits that extend far beyond compliance, reducing financial and reputational risk - and contributing to wider collaborative efforts to fight fraud.

3. Outsource tools but not responsibility

While banks are responsible for executing payments, ultimately it is businesses that will bear responsibility for any verification errors - and with these errors will soon come the very real threat of significant fines and penalties. Automated fraud detection solutions are essential, but having the right tools isn’t enough - companies must embed fraud prevention into their culture and ensure that these tools are properly utilised.

Raft of payment regulations set to impact cross-border businesses in 2025

Failure to Prevent Fraud comes alongside multiple global and EU-level payment regulations which will indirectly impact UK businesses. Despite the UK no longer being in the European Union, any UK businesses with financial entities in the EU, or those transacting with EU partners, will be impacted by other regulations, including: IPR (Instant Payment Regulation) DORA (Digital Operational Resilience Act) and PSD3.

The importance of fraud prevention has never been higher. Businesses that take a proactive and strategic approach to fraud prevention now will not only ensure compliance, but will also strengthen their resilience against financial crime in an increasingly fast-moving payment ecosystem.