On 1 September 2025, a new UK corporate criminal offence will come into force: Failure to Prevent Fraud (FtPF) under the Economic Crime and Corporate Transparency Act 2023 (ECCTA).

This represents a significant shift in how organisations will need to manage fraud risk—especially relevant for Accounts Payable (AP) / Procure-to-Pay (P2P) functions, which are often on the front line of interacting with vendors, agents, invoices, payment flows, third parties. Because fraud schemes often exploit weak controls in P2P/AP, this community has a key part to play.

What exactly is “Failure to Prevent Fraud”?

Some of the key features:

What is it: A corporate criminal offence under ECCTA. It holds large organisations liable when an associated person (e.g. employee, agent, subsidiary, third-party service provider) commits specified fraud for the benefit of the organisation (or in certain cases for the benefit of the organisation’s client), and the organisation did not have “reasonable fraud prevention procedures” in place.
Strict liability structure: The organisation may be liable even if senior management did not order, know of, or had direct involvement in the fraud. What matters is whether the company had appropriate procedures.
Who is in scope: Large organisations which includes incorporated bodies, relevant subsidiaries and partners. Charities, public bodies (if incorporated) also potentially. There are thresholds: to be large, must meet 2 of the 3 criteria:

• over 250 employees

• turnover > £36 million

• total assets > £18 million.

Extra-territorial reach: Even non-UK organisations can be caught if they have a UK nexus (e.g. business operations, associated persons etc.), or fraud affects UK persons.
The defence: To avoid liability, an organisation must show that at the time of the fraud it had “reasonable fraud prevention procedures” in place. What “reasonable” entails is set out in guidance, but it is not a safe harbour: following guidance does not guarantee safety, but diverging significantly will increase risk.

What the Guidance Says (Six Principles)

UK Government guidance (Home Office) describes six principle areas that should shape fraud prevention procedures:

Top-level commitment – Leadership and governance must visibly support fraud prevention, set the tone from the top.
Risk assessment – Understand where fraud risks lie in your organisation / operations, including P2P, supplier relationships, invoice handling etc.
Proportionate, risk-based prevention procedures – Controls, policies, processes that match the size & complexity of the business, and the level of risk.
Due diligence – For associated persons, suppliers, agents etc., both at onboarding and ongoing. Assess their fraud risk.
Communication (including training) – Ensuring staff (especially in AP / P2P) and other relevant parties are aware of fraud risks, know the procedures, see what behaviour is expected.
Monitoring & review – Regular oversight to check that procedures are working; continuous improvement; adapt in light of incidents or changing risk.

Why It Matters for Accounts Payable / P2P Teams

AP / P2P are critical control points which are exposed to many fraud vectors. Some examples:

Fake or fraudulent invoices (vendor impostors, over-billing, duplicates)
Unauthorised or fictitious suppliers or agents submitting invoices
Collusion between internal and external parties to misdirect payments
Incorrect PO/invoice matching, weak approvals, weak segregation of duties
Third-party agents or suppliers who themselves are “associated persons” under the law

If AP / P2P functions have weak controls, lapses become more than just internal risk, they could be evidence of non-compliance with the new “reasonable procedure” requirement.

What AP / P2P Professionals Should Do (Actions & Checklist)

Here is what organisations and AP / P2P teams should be doing now to prepare and to ensure they meet the new legal requirement:

Action

Description / Why Important

Understand whether your organisation is in scope

Does your org meet the “large” thresholds? Are you a subsidiary of a larger group? Do you serve UK clients or have operations that link you to the UK? If not, still good to take many actions for best practice.

Map fraud risks specific to AP / P2P

Conduct or update fraud risk assessment for P2P/AP processes: supplier onboarding, invoice receipt & verification, payment authorisation, reconciliation, etc. Identify where weak segments are.

Review existing policies / procedures

What controls are in place (4-eyes approval, supplier verification, PO matching etc.)? Are they documented? Are they being followed? Are there gaps?

Strengthen due diligence for suppliers / agents

Supplier identity verification; background checks; assessing financial stability; reputational checks; periodic re-assessment.

Segregation of duties & approval hierarchies

Ensure no one person has too much control over creation, approval, and payment of invoices. Clear authorisations, audit trails.

Training and awareness

AP / P2P teams need to understand fraud risks and be trained on fraud detection / red flags / ethical standards. Also, people in vendor management, procurement, finance more broadly should know their obligations.

Whistleblowing / speak-up channels

Encourage staff to report concerns; ensure safe, clear channels; ensure there is no retaliation; ensure reports are acted on.

Monitoring, auditing & continuous improvement

Regular reviews/audits of AP / P2P process; look for anomalies (duplicate invoices, round-sum invoices, unusual suppliers, unusual payment patterns); assess the effectiveness of controls. When something goes wrong, do a root cause analysis and adjust procedures.

Ensure clear governance and leadership oversight

Who is ultimately responsible? Does the board or senior execs have visibility into fraud risk and AP control effectiveness? Senior commitment is required under the guidance.

Document everything

Document risk assessments; decisions made; what procedures are in place and when; training records; due diligence and supplier onboarding documents; incidents and responses. If ever asked to show you had “reasonable procedures,” documentation is key.

Challenges & Considerations

Resource constraints: Implementing strong procedures, training, monitoring etc. requires time, budget, people. AP / P2P might need additional support.
Balancing speed vs. control: P2P functions are under pressure to process invoices/payments quickly. Too many controls or approvals can slow things; too few become risks. Need to find that balance, maybe via risk-based segmentation.
Third parties / suppliers: Some fraud risk may come from suppliers or agents outside direct control. Due diligence and oversight here are crucial.
Changing fraud landscape: Fraud techniques evolve (e.g. invoice fraud, cyber-enabled fraud, impersonation, supplier porting). Procedures need to adapt.
Cultural issues: Staff need to feel empowered to challenge things; there needs to be openness. If AP staff are incentivised purely on speed or cost, fraud detection might be neglected. Leadership must promote the right culture.

What’s at Stake: Risks of Non-Compliance

Unlimited fines: Organisations convicted under FtPF can face unlimited financial penalties.
Legal exposure: Even if the fraud was committed without knowledge of senior management, the organisation may still be liable.
Reputational damage: Fraud cases attract scrutiny, negative press, loss of trust from clients / partners.
Operational disruption: Investigations, audits, possibly legal proceedings can be costly, time-consuming; can distract from business operations.
Possibility of follow-on regulatory actions or civil claims: Victims of fraud may bring claims; regulators may also impose sanctions.

Examples / Scenarios AP / P2P should think through

A supplier is onboarding; AP accepts minimal identity checks, minimal proof of address; later supply invoices are fake or manipulated.
PO matching is weak; payments made without cross-checking goods received; invoice amount mismatched; internal collusion involved.
Agents or intermediaries invoice for services they did not perform; internal staff do not check or verify deliverables.
Vendor changes (bank account details) based on email / impersonation fraud, and payments are diverted.

These are the kinds of “associated person” misconduct that could trigger liability unless procedures were in place.

How to Measure & Demonstrate “Reasonable Procedures”

To show compliance / defence under FtPF, organisations will need to demonstrate:

They conducted a fraud risk assessment, understood their exposures.
They implemented policies & controls aligned with those exposures.
They monitored and reviewed those controls.
They trained relevant personnel, communicated expectations.
They have evidence (records, audits, incidents handled) to show that procedures were operational, not just documented but used.
They had governance / oversight in place.

Timeline & Urgency

As of 1 September 2025, the law is in force.
Organisations have been given guidance already (from November 2024) to begin implementing.
Time is tight to evaluate gaps, update procedures, train staff, and embed monitoring before that date.

Conclusion

For the AP / P2P professional community, the “Failure to Prevent Fraud” offence is not just a legal change, it’s a signal that fraud prevention must be baked into how payables and procurement operate. Systems, process design, staff behaviour, controls, governance all need attention.

If well handled, this presents an opportunity: organisations that build strong AP / P2P fraud-resistant practices will benefit from lower risk, stronger internal control, better reputation, possibly improved supplier relationships. But the cost of neglecting this change could be high.

Fraud is an ever-present risk in transactional finance roles, especially within Accounts Payable (AP), where the sheer volume of transactions and the involvement of external vendors can create vulnerabilities. While technological advancements have provided tools to mitigate fraud, building a strong anti-fraud culture is equally critical. This culture starts with awareness and extends through behaviour, processes, and values embraced by the entire organisation.

Here’s some suggestions on how to create an anti-fraud culture that safeguards your AP function:

1. Leadership Commitment and Tone at the Top

The foundation of an anti-fraud culture begins with leadership. When senior leaders demonstrate a zero-tolerance approach to fraud, employees are more likely to follow suit. It’s essential that management consistently communicates the importance of fraud prevention through training, policies, and setting ethical standards. This also means actively participating in initiatives that promote transparency and integrity.

Key actions include:

Regularly speaking about fraud prevention in team meetings.
Leading by example in following AP protocols.
Encouraging open communication on fraud-related concerns without fear of retaliation.

2. Comprehensive Employee Training

Employees in AP and transactional finance roles are the first line of defence against fraud. A well-informed team is better equipped to spot irregularities and suspicious activities. Comprehensive training programs that are regularly updated can help foster vigilance.

Training should cover:

Common types of AP fraud, including vendor fraud, invoice fraud, and expense reimbursement schemes.
Red flags to watch for, such as duplicate payments, sudden changes in vendor details, or unusually large invoice amounts.
Reporting protocols for suspected fraudulent activities.

Equally important is embedding an understanding of the repercussions of fraud, not just for the business but for the individual, including legal consequences and career impacts.

3. Segregation of Duties

One of the most effective internal controls in preventing fraud is the segregation of duties. No single person should have end-to-end control over any financial process, such as vendor onboarding, invoice approval, and payment processing. Splitting these responsibilities between multiple employees reduces the likelihood of fraud being carried out by an individual or going unnoticed.

In practice:

One team member handles vendor setup, while another manages invoice approvals.
Implement system-level restrictions so that no single person can complete an entire process alone.
Ensure a regular review of these duties to avoid collusion between employees.

4. Automated Fraud Detection Tools

Technology plays a crucial role in identifying potential fraudulent activity early. AP automation tools equipped with artificial intelligence (AI) and machine learning can monitor transactions in real-time, flagging anomalies based on pre-set patterns. For example, they can detect duplicate invoices, payments to unregistered vendors, or invoices that deviate from usual spending trends.

These tools should be paired with:

Routine audits of vendor lists and transaction histories.
Alerts for specific fraud risk factors like rapid changes in bank account details or suspicious vendor activity.
The ability to halt payments until anomalies are investigated.

5. Vendor Management and Onboarding Controls

AP fraud often occurs through external vendors, making it crucial to establish strong vendor onboarding controls. A thorough onboarding process that includes validating vendor credentials and conducting regular vendor audits is essential.

Best practices include:

Verifying the legitimacy of new vendors before they are added to the system.
Maintaining an updated and accurate vendor master file.
Regularly reviewing vendor activity and relationships to ensure there are no conflicts of interest or unusual patterns.

6. Whistleblower and Reporting Mechanisms

An effective anti-fraud culture encourages employees to report suspicious behaviour. Implementing a whistleblower program that ensures confidentiality and protection for those reporting potential fraud can greatly enhance internal fraud detection.

Encourage open communication by:

Offering multiple channels for employees to report suspicious activity (hotlines, online portals, etc.).
Clearly outlining the process for reviewing and acting on reports.
Providing assurance that there will be no retaliation for reporting in good faith.

7. Regular Audits and Continuous Monitoring

Audits play a crucial role in identifying gaps in your anti-fraud processes. Regular internal audits of AP systems, processes, and transactions ensure that controls are functioning effectively and provide an opportunity to spot any unusual patterns or weaknesses.

Continuous monitoring efforts include:

Conducting surprise audits or random checks.
Reviewing high-risk transactions, such as large or international payments, with extra scrutiny.
Analysing expense reports and reimbursement claims for potential abuse.

8. Cultivating an Ethical Work Environment

Lastly, fostering an ethical work environment where integrity is prioritised over shortcuts helps prevent fraud from becoming ingrained in company culture. When employees understand the value of honesty and accountability, they are less likely to engage in fraudulent behaviour and more likely to report it when they see it.

This can be achieved by:

Embedding ethics and values into the company’s code of conduct.
Recognising and rewarding employees who uphold these values.
Creating a sense of shared responsibility for fraud prevention across all departments.

Conclusion

Creating an anti-fraud culture in AP and transactional finance roles is not a one-time initiative but an ongoing process. It requires a commitment from leadership, regular training, effective internal controls, and leveraging technology to build a proactive defence against fraud. When every team member is aware, vigilant, and supported by strong processes and tools, the likelihood of fraud can be dramatically reduced, safeguarding both the department and the wider organisation.

By nurturing this culture, AP teams can move beyond just preventing fraud and position themselves as trusted, strategic assets to the business.