The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

Similar in structure to the UK Bribery Act, the FTPF offence places a new responsibility on organisations to demonstrate they have taken "reasonable procedures" to deter fraud. For compliance professionals, this is both a challenge and an opportunity to embed stronger, more resilient anti-fraud frameworks.

Who’s in scope – and what’s at stake?

The FTPF offence targets large organisations, defined as those meeting at least two of the following three thresholds:

1. over 250 employees
2. £36 million in turnover
3. or £18 million in assets

If a fraud is committed by an "associated person" (i.e. an employee, agent, subsidiary, or third-party representative) and the fraud benefits the firm, then the firm can be held liable for the offence. There is also a UK nexus applicable to businesses outside the UK, with liability still applying if an aspect of the fraudulent activity either takes place in the UK or has ramifications within the UK. Ultimately, any firm meeting these thresholds face risk of liability unless it can prove it had adequate preventative procedures in place to prevent fraud.

To meet the demands of the FTPF offence, compliance teams should consider going beyond a checklist approach and instead think about taking a holistic view of where fraud risks might lie and how they can be mitigated. One place to start is rethinking the organisation's risk assessment framework. 

Historically, know your customer related risk assessments may have been geared more toward anti-money laundering or anti-bribery compliance requirements. FTPF, however, requires a sharper lens on fraud-specific exposures. This includes, for example, identifying where fraud could occur within internal operations or through third-party relationships. Teams can take reasonable procedures to examine risk across high-volume business lines, procurement chains, incentive structures, and areas where they have limited oversight, in order to build a more holistic picture of risk.

Once oversight of a business network is established, connected risks may be better understood, and then control environments can be adjusted accordingly. Safeguards against external fraud can also be made proportionate and more targeted. This could involve improving entity verification, refining monitoring workflows or leveraging data analytics to detect unusual behaviours across a counterparty network. 

Importantly, firms might consider evolving due diligence on third parties in a way that covers a greater scope and depth. 

Culture, governance, and the path to resilience

Equally important in fraud risk management is the human dimension. Controls work best when employees understand them and the rationale behind them. Consider refreshing training programmes to reflect emerging fraud tactics, and tailored to different roles within the organisation. 

Beyond training, fostering a culture of accountability, supported by mechanisms like anonymous whistleblowing, could also help surface risk-related issues before they escalate.

All this activity should be underpinned by strong governance. Board-level engagement is a key component of fraud risk management. Senior leadership should actively support implementation of any reasonable procedures; request regular updates on fraud trends; and take ownership of ongoing prevention efforts.

The introduction of the FTPF offence marks a pivotal moment for compliance in the UK. Organisations who take proactive steps may be able to use this as a catalyst to strengthen fraud-related defences and build greater trust with stakeholders.

Fraud is more pervasive and sophisticated than ever. Readiness for this change in the UK law is not just about checking a new regulatory box; it’s about preparing organisations for changing and escalating risk - and now is the time to prepare for this transformation.