Failure to Prevent Fraud
Definition FTPF
FTPF – Why it matters
The Failure to Prevent Fraud (FTPF) offence, under the UK Economic Crime and Corporate Transparency Act 2023, operative 1 Sept 2025 makes large organisations liable if an associated person commits fraud for the company’s benefit — unless they can prove they had reasonable prevention procedures in place.
This creates a significant need for financial institutions, insurers, and regulated enterprises to document and evidence their fraud prevention measures.
Applicable Organisations:
- A firm which meets two or more of the following criteria in its preceding financial year:
- Turnover of more than £36 million
- Balance sheet total of more than £18 million
- More than 250 employees. This is calculated on a standalone basis (i.e. without consolidating subsidiaries).
A parent company that does not meet the above criteria would be brought into scope if (when consolidated with its subsidiaries) it meets two or more of the following criteria in its preceding financial year:
- Aggregate turnover of more than £36 million net (or £43.2 million gross)
- Aggregate balance sheet total of more than £18 million net (or £21.6 million gross)
- More than 250 employees in aggregate
This Act requires companies to demonstrate:
- Transparent, traceable processes
- Strong internal controls and segregation of duties
- Audit-proof documentation and digital evidence
d.velop helps organisations achieve all three by automating document-driven processes and embedding compliance intelligence directly into systems such as: Microsoft 365, SAP, NetSuite, and Salesforce
FTPF White paper
Failure to Prevent Fraud: From Legal Exposure to Organisational Defence
The Failure to Prevent Fraud (FTPF) offence, introduced by the UK Economic Crime and Corporate Transparency Act 2023, makes large organisations criminally liable if an associated person commits fraud for their benefit. If the organisation cannot show it had reasonable procedures to prevent fraud, it risks unlimited fines and serious reputational damage.
The guide offers 10 pages of expert insights, including the following topics:
- 6 Principles of Reasonable Procedures
- The legal Context
- Illustrations of Failure
- Technology and Data Enablement
- Governance and Culture
- The Cost of Non-Compliance vs. Prevention ROI
- Building a Defensible Line
Executive Impact
The C-Suite Imperative
For executives, the risk is personal. The law now expects leaders to demonstrate transparent processes, defined oversight, and verifiable evidence of due diligence. Failing to prevent fraud can result in:
- Corporate prosecution and unlimited financial penalties
- Personal exposure for directors and senior managers
- Regulatory action and public scrutiny
- Reputational damage that outlives the event
Fraud risk is now governance risk. Boards, CFOs, and Compliance Officers must ensure that every transaction, approval, and record can withstand investigation. This is especially critical given that up to 40% of corporate fraud originates within procurement and finance workflows, according to the PwC Global Economic Crime & Fraud Survey. At the same time, organisations that embed automated approval and document control processes can reduce their fraud exposure by up to 70%, as highlighted in the EY Forensic Data Analytics Report 2024. These insights reinforce the strategic imperative for the C-suite to treat fraud prevention not merely as a compliance obligation, but as a core element of responsible leadership and sustainable governance.
Vulnerabilities
Why Traditional Controls Are
No Longer Enough
Fraud doesn’t always come from outside the business. It hides in manual approvals, isolated spreadsheets, and incomplete document trails. The invisible gaps between your finance, procurement, and HR systems.
- Common vulnerabilities:
- Disconnected invoice and purchase approval processes
- Contracts stored in local drives or unmanaged SharePoint sites
- Manual data entry without validation or accountability
- Lack of real-time visibility for internal auditors
Each unmonitored action represents an opportunity and possible liability.
Compliance & Protection
How d.velop Enables
Compliance and Prevention
d.velop unifies your content, workflows, and compliance controls into one secure, auditable ecosystem.
With native integrations across SAP, Microsoft 365, Salesforce, and NetSuite and many more, d.velop gives leadership a single version of the truth and a defensible compliance posture.
AI-Driven Process Intelligence
Automatically identify irregular transactions, duplicates, or suspicious patterns within your invoice and procurement workflows. Our AI continuously learns from your data to flag anomalies before they become risk events.
Audit-Proof Document Management
Centralised, version-controlled, and immutable certified document storage, ensures every document, approval, and change is traceable and retrievable instantly.
Digital Signatures & Legal Integrity
Compliant with eIDAS and UStG §14b, d.velop sign provides qualified electronic signatures and timestamps that meet EU legal standards, guaranteeing proof of authenticity and origin.
Transparency Across Systems
The d.velop cockpit offers real-time visibility into every invoice, contract, and approval chain.
Audit logs, risk dashboards, and exception reports give Compliance Officers full command of oversight.
Secure, Scalable, and Effective
Available in cloud, hybrid, or on-premises models. All hosted and supported under ISO/IEC 27001 and EU data protection frameworks for full jurisdictional control.
Executive Outcome
The Executive Outcome
- Defensible compliance under Failure to Prevent Fraud legislation
- Full audit readiness across all business systems
- Reduction of fraud exposure through automated prevention controls
- Preserved corporate integrity and stakeholder trust
d.velop transforms compliance from a cost of doing business into a framework of control, confidence, and credibility.
FTPF Resources
Assess your organisation’s fraud prevention readiness with our collection of practical guides and insights below.
White Paper: FTPF: From Legal Exposure to Organisational Defence
Discover how to move from policy to proof in your fraud prevention strategy. Learn how to implement proportionate procedures, strengthen governance, and use digital systems to demonstrate compliance under the UK’s Failure to Prevent Fraud offence.
White Paper: How Digital Process Transparency Protects Organisations from Failure to Prevent Fraud
Discover how leading organisations are making compliance provable. Explore practical steps to create digital, evidence-ready processes that meet FTPF requirements and build lasting trust with regulators and clients.
Why Your Business Needs Document Management to Meet the UK ‘Failure to Prevent Fraud’ Law
Discover the difference between having procedures and proving them. Learn how document management can bridge that gap, support your fraud-prevention framework, and help your business meet the UK’s FTPF requirements.
From Complexity to Control: How d.velop Drives Finance Transformation and Prevents Fraud
Discover why your finance function shouldn’t just manage costs but reduce risk. With the FTPF law looming, finance leaders must embed digital transparency—and this blog explains how d.velop’s solutions accomplish exactly that.
FAQ
Frequently asked questions about
Failure to prevent Fraud
The offence of Failure to Prevent Fraud (FTPF) was introduced by the Economic Crime and Corporate Transparency Act 2023 (ECCTA) and grants corporate criminal liability to organisations in the UK if a fraud offence is committed by an “associated person” (such as an employee, agent or subsidiary) for the organisation’s benefit and the organisation fails to have “reasonable procedures” in place to prevent that fraud. The key point: it is not necessary for senior management to have known of or directed the fraud — liability arises if prevention procedures are inadequate.
The FTPF offence applies to large incorporated bodies, their subsidiaries and partnerships, large not-for-profit organisations that are incorporated, and incorporated public bodies. It does not apply to police forces or government departments. The act formally comes into effect on 1 September 2025. In essence, any eligible organisation that benefits from the actions of an associated person and lacks adequate fraud-prevention procedures could be at risk.
FTPF is important because it signals a step-change in how fraud prevention is regulated: companies must not only take steps to prevent fraud but must be able to evidence those steps were “reasonable”. This shifts the burden onto organisations to demonstrate robust and auditable procedures, rather than simply having policies in place. The consequences of non-compliance are severe (corporate criminal liability, reputational damage, potentially unlimited fines). For boards, compliance, risk and governance teams, this law raises the stakes and elevates fraud prevention from a cost centre to a strategic imperative.
The offence under the ECCTA takes effect in the UK on 1 September 2025.
Organisations should conduct fraud-risk assessments, implement and document policies and controls, deliver training and communication, monitor and review controls, and ensure visible senior management commitment. Additionally, they should maintain auditable records of all relevant activities.
Contact & Consultation
We look forward to hearing from you!
Simply fill in the form and we’ll get back to you.