New ECCTA Guidance: What does this mean for your compliance program?

Every compliance practitioner is familiar with the US Department of Justice Fraud Section’s Evaluation of Corporate Compliance Programs (ECCP)—a crucial framework for assessing whether a compliance program functioned effectively when misconduct occurred. However, the recent release of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) Guidance from the UK Home Office marks a significant shift in focus regarding fraud, providing essential resources for large organizations in the UK—and which has implications for organizations of any size located elsewhere.

Key Differences and Relevance

Audience: The primary distinction between the ECCP and the ECCTA Guidance lies in its intended audience. The ECCP is intended for investigating prosecutors, whereas the ECCTA Guidance is designed specifically for compliance practitioners in large organizations, offering actionable advice on establishing effective fraud prevention measures.

Focus: While the ECCP covers all types of misconduct, the ECCTA Guidance focuses on fraud, specifically fraud intended to benefit an organization. It’s meant to give practitioners guidance in advance of a new criminal offense that will be coming into force in September 2025 in the UK: an organization’s failure to prevent fraud.

Timeline: While the ECCP considers a corporate compliance program at three distinct points in time, both documents emphasize the necessity for organizations to demonstrate elements of an effective fraud prevention program at the time of misconduct.

Relevance: The ECCTA Guidance serves as an accessible reference for understanding the Act, detailing the scope of organizations covered, types of fraud addressed, motivations behind fraud, applicable territories, and enforcement mechanisms.

Six Guiding Principles

For compliance professionals, the six guiding principles outlined in Chapter 3: Reasonable fraud prevention procedures of the ECCTA Guidance will be familiar: top-level commitment, risk assessment, proportionate risk-based prevention procedures, due diligence, communication and training, and monitoring and reviewing. Importantly, rather than being prescriptive, these ECCTA principles provide a flexible, outcome-focused framework that allows organizations to tailor their compliance measures to their specific contexts.

Broad, Non-Prescriptive Guidance

One of the standout features of the ECCTA Guidance is its recognition that a one-size-fits-all approach is inadequate for combating fraud effectively. The guidance is crafted in broad terms, allowing organizations the latitude to design procedures and controls that suit their unique environments and fraud prevention goals.

Clarity and Usability

The ECCTA Guidance is notably user-friendly. It is well-structured and straightforward, making it easier for compliance professionals to navigate and implement its recommendations.

Practical Examples

To bridge the gap between theory and practice, the ECCTA Guidance includes examples of various fraud scenarios, such as fraud by abuse of position, indirect benefits, UK nexus in foreign fraud cases, and aiding and abetting fraud. These examples provide vital context, making it easier for organizations to understand how to apply the guidance in real-world situations.

Communication and Training Considerations

As mentioned earlier, one of the six key principles in the ECCTA Guidance is Communication and Training. The guidance emphasizes that training should align with the risk faced by employees, particularly those in high-risk positions. Training should encompass the nature of potential offenses as well as procedures to address them.

Organizations are encouraged to incorporate this training into their existing financial crime prevention programs or create bespoke training tailored to specific fraud risks. Additionally, it’s essential to ensure that all employees and third parties are familiar with whistleblowing policies. Regular reminders and updates about these procedures should be integrated into internal communications to maintain awareness.

Moreover, monitoring the ongoing effectiveness of training programs is essential, ensuring they remain current and relevant, especially with regular turnover and staffing changes.

Preparing for Implementation

The Home Office is granting organizations a 10-month head start to develop, review, and implement their fraud prevention procedures as needed in advance of the September 1, 2025, coming into force of the new fraud offense. This timeline provides an invaluable opportunity for compliance professionals to integrate the insights from the ECCTA Guidance into their existing frameworks, setting the stage for enhanced compliance and a stronger organizational culture of integrity.

Preview one of our adaptive compliance courses on preventing fraud and related financial crimes here.

Closing Thoughts

The ECCTA Guidance represents a pivotal resource for compliance practitioners, shifting the paradigm from mere regulatory adherence to proactive fraud prevention. By embracing this guidance, organizations can enhance their compliance training programs, foster a culture of integrity, and better equip their employees to navigate the complex landscape of economic crime.