The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members. 

On 24 September, a wide audience of Chief Compliance Officers (CCOs) and Money Laundering Reporting Officers (MLRO’s) from across the financial sector attended the UK Finance CCO Forum, sponsored by Protiviti, to share practical strategies, benchmark readiness, and identify common hurdles.

Key signals from the Forum 

Industry participants indicated that firms were at various stages of mapping their fraud risks against Economic Crime and Corporate Transparency Act (ECCTA or Act) requirements, only a small number has fully embedded controls, despite ECCTA having come into effect in September 2025. Many organisations are actively working to embed procedures, and the sector’s focus is shifting from planning to demonstrating action and evidence. Notably, some firms outside the scope of ECCTA’s failure to prevent fraud offence are also mapping fraud risks as good practice. This trend illustrates that even firms to whom the offence does not apply are proactively aligning their practices with emerging regulatory expectations.

Overall, as firms move toward finalising their risk and control mappings, the next priority is to embed identified controls effectively and strengthen the ability to evidence compliance.

Challenges firms have faced 

The discussion highlighted several practical hurdles in implementing ECCTA requirements as firms work to move from updates to policy to operational effectiveness. These include the time and capacity to embed new procedures, the depth and scope of fraud risk assessments, and challenges related to the identification of who is an Associated Party for an organisation.

Firms shared approaches to operationalising reasonable procedures, reflecting on their fraud defences, and addressing gaps. Many have engaged in senior leadership, some providing targeted ECCTA compliance training, while others emphasised the importance of board-level messaging. Updates to ongoing training programmes and whistleblowing exercises were noted as key elements in strengthening fraud prevention. The emphasis was on embedding proportionate, practical, and effective controls across governance, operations, and culture.

Priorities for the next 12 months 

The session concluded with a discussion regarding the priorities for firms in the coming year and three major themes stood out: planning and preparing for second or third line reviews of fraud controls in 2026, ensuring programmes are not only documented but demonstrably effective; maintaining clear accountability and evidence trails, so organisations can show proportionate and practical controls are embedded across governance and operations; and continuing to engage senior leadership and boards, with targeted training and top-down messaging to reinforce the importance of fraud prevention.

From Protiviti’s perspective, firms should focus on reinforcing communication across all levels to ensure clear ownership of fraud risk, while proactively monitoring government and regulatory developments to stay ahead of evolving expectations. Strengthening management information and governance frameworks will be key to ensuring fraud risk indicators are captured and acted upon. Firms should also look to leverage data analytics to detect emerging risks, align fraud prevention within broader financial crime and ethics programmes, and assess culture and behaviours to ensure accountability and control effectiveness are sustained over time.

If you attended this session and would like to discuss your plans for 2026 in more depth, or if you have seen this blog post and are keen to explore how Protiviti could assist you in achieving your objectives, please reach out to: Bernadine.Reese@protiviti.co.uk, Christine.Reisman@protiviti.co.uk, or Fionnuala.Moran@protiviti.co.uk.