Blog

“Failure to Prevent Fraud” – What AP / P2P Professionals Need to Know

Posted on October 22, 2025
Home > Blog > “Failure to Prevent Fraud” – What AP / P2P Professionals Need to Know
ap

APA

Posted on
Oct 22nd, 2025

On 1 September 2025, a new UK corporate criminal offence will come into force: Failure to Prevent Fraud (FtPF) under the Economic Crime and Corporate Transparency Act 2023 (ECCTA).

This represents a significant shift in how organisations will need to manage fraud risk—especially relevant for Accounts Payable (AP) / Procure-to-Pay (P2P) functions, which are often on the front line of interacting with vendors, agents, invoices, payment flows, third parties. Because fraud schemes often exploit weak controls in P2P/AP, this community has a key part to play.

What exactly is “Failure to Prevent Fraud”?

 

Some of the key features:

What is it: A corporate criminal offence under ECCTA. It holds large organisations liable when an associated person (e.g. employee, agent, subsidiary, third-party service provider) commits specified fraud for the benefit of the organisation (or in certain cases for the benefit of the organisation’s client), and the organisation did not have “reasonable fraud prevention procedures” in place.
Strict liability structure: The organisation may be liable even if senior management did not order, know of, or had direct involvement in the fraud. What matters is whether the company had appropriate procedures.
Who is in scope: Large organisations which includes incorporated bodies, relevant subsidiaries and partners. Charities, public bodies (if incorporated) also potentially. There are thresholds: to be large, must meet 2 of the 3 criteria:

• over 250 employees

• turnover > £36 million

• total assets > £18 million.

Extra-territorial reach: Even non-UK organisations can be caught if they have a UK nexus (e.g. business operations, associated persons etc.), or fraud affects UK persons.
The defence: To avoid liability, an organisation must show that at the time of the fraud it had “reasonable fraud prevention procedures” in place. What “reasonable” entails is set out in guidance, but it is not a safe harbour: following guidance does not guarantee safety, but diverging significantly will increase risk.

 

 

What the Guidance Says (Six Principles)

 

UK Government guidance (Home Office) describes six principle areas that should shape fraud prevention procedures:

 

  • Top-level commitment – Leadership and governance must visibly support fraud prevention, set the tone from the top.
  • Risk assessment – Understand where fraud risks lie in your organisation / operations, including P2P, supplier relationships, invoice handling etc.
  • Proportionate, risk-based prevention procedures – Controls, policies, processes that match the size & complexity of the business, and the level of risk.
  • Due diligence – For associated persons, suppliers, agents etc., both at onboarding and ongoing. Assess their fraud risk.
  • Communication (including training) – Ensuring staff (especially in AP / P2P) and other relevant parties are aware of fraud risks, know the procedures, see what behaviour is expected.
  • Monitoring & review – Regular oversight to check that procedures are working; continuous improvement; adapt in light of incidents or changing risk.

Why It Matters for Accounts Payable / P2P Teams

 

AP / P2P are critical control points which are exposed to many fraud vectors. Some examples:

  • Fake or fraudulent invoices (vendor impostors, over-billing, duplicates)
  • Unauthorised or fictitious suppliers or agents submitting invoices
  • Collusion between internal and external parties to misdirect payments
  • Incorrect PO/invoice matching, weak approvals, weak segregation of duties
  • Third-party agents or suppliers who themselves are “associated persons” under the law

If AP / P2P functions have weak controls, lapses become more than just internal risk, they could be evidence of non-compliance with the new “reasonable procedure” requirement.

What AP / P2P Professionals Should Do (Actions & Checklist)

 

Here is what organisations and AP / P2P teams should be doing now to prepare and to ensure they meet the new legal requirement:

Action

Description / Why Important

Understand whether your organisation is in scope

Does your org meet the “large” thresholds? Are you a subsidiary of a larger group? Do you serve UK clients or have operations that link you to the UK? If not, still good to take many actions for best practice.

Map fraud risks specific to AP / P2P

Conduct or update fraud risk assessment for P2P/AP processes: supplier onboarding, invoice receipt & verification, payment authorisation, reconciliation, etc. Identify where weak segments are.

Review existing policies / procedures

What controls are in place (4-eyes approval, supplier verification, PO matching etc.)? Are they documented? Are they being followed? Are there gaps?

Strengthen due diligence for suppliers / agents

Supplier identity verification; background checks; assessing financial stability; reputational checks; periodic re-assessment.

Segregation of duties & approval hierarchies

Ensure no one person has too much control over creation, approval, and payment of invoices. Clear authorisations, audit trails.

Training and awareness

AP / P2P teams need to understand fraud risks and be trained on fraud detection / red flags / ethical standards. Also, people in vendor management, procurement, finance more broadly should know their obligations.

Whistleblowing / speak-up channels

Encourage staff to report concerns; ensure safe, clear channels; ensure there is no retaliation; ensure reports are acted on.

Monitoring, auditing & continuous improvement

Regular reviews/audits of AP / P2P process; look for anomalies (duplicate invoices, round-sum invoices, unusual suppliers, unusual payment patterns); assess the effectiveness of controls. When something goes wrong, do a root cause analysis and adjust procedures.

Ensure clear governance and leadership oversight

Who is ultimately responsible? Does the board or senior execs have visibility into fraud risk and AP control effectiveness? Senior commitment is required under the guidance.

Document everything

Document risk assessments; decisions made; what procedures are in place and when; training records; due diligence and supplier onboarding documents; incidents and responses. If ever asked to show you had “reasonable procedures,” documentation is key.

Challenges & Considerations

 
  • Resource constraints: Implementing strong procedures, training, monitoring etc. requires time, budget, people. AP / P2P might need additional support.
  • Balancing speed vs. control: P2P functions are under pressure to process invoices/payments quickly. Too many controls or approvals can slow things; too few become risks. Need to find that balance, maybe via risk-based segmentation.
  • Third parties / suppliers: Some fraud risk may come from suppliers or agents outside direct control. Due diligence and oversight here are crucial.
  • Changing fraud landscape: Fraud techniques evolve (e.g. invoice fraud, cyber-enabled fraud, impersonation, supplier porting). Procedures need to adapt.
  • Cultural issues: Staff need to feel empowered to challenge things; there needs to be openness. If AP staff are incentivised purely on speed or cost, fraud detection might be neglected. Leadership must promote the right culture.

 

 What’s at Stake: Risks of Non-Compliance

 

  • Unlimited fines: Organisations convicted under FtPF can face unlimited financial penalties.
  • Legal exposure: Even if the fraud was committed without knowledge of senior management, the organisation may still be liable.
  • Reputational damage: Fraud cases attract scrutiny, negative press, loss of trust from clients / partners.
  • Operational disruption: Investigations, audits, possibly legal proceedings can be costly, time-consuming; can distract from business operations.
  • Possibility of follow-on regulatory actions or civil claims: Victims of fraud may bring claims; regulators may also impose sanctions.

Examples / Scenarios AP / P2P should think through

  • A supplier is onboarding; AP accepts minimal identity checks, minimal proof of address; later supply invoices are fake or manipulated.
  • PO matching is weak; payments made without cross-checking goods received; invoice amount mismatched; internal collusion involved.
  • Agents or intermediaries invoice for services they did not perform; internal staff do not check or verify deliverables.
  • Vendor changes (bank account details) based on email / impersonation fraud, and payments are diverted.

These are the kinds of “associated person” misconduct that could trigger liability unless procedures were in place.

How to Measure & Demonstrate “Reasonable Procedures”

 

To show compliance / defence under FtPF, organisations will need to demonstrate:

  1. They conducted a fraud risk assessment, understood their exposures.
  2. They implemented policies & controls aligned with those exposures.
  3. They monitored and reviewed those controls.
  4. They trained relevant personnel, communicated expectations.
  5. They have evidence (records, audits, incidents handled) to show that procedures were operational, not just documented but used.
  6. They had governance / oversight in place.

Timeline & Urgency

 

As of 1 September 2025, the law is in force.
Organisations have been given guidance already (from November 2024) to begin implementing.
Time is tight to evaluate gaps, update procedures, train staff, and embed monitoring before that date.

 

Conclusion

 

For the AP / P2P professional community, the “Failure to Prevent Fraud” offence is not just a legal change, it’s a signal that fraud prevention must be baked into how payables and procurement operate. Systems, process design, staff behaviour, controls, governance all need attention.

If well handled, this presents an opportunity: organisations that build strong AP / P2P fraud-resistant practices will benefit from lower risk, stronger internal control, better reputation, possibly improved supplier relationships. But the cost of neglecting this change could be high.

Related Articles

resources-img-1
Blog

Collaboration, Compliance & Innovation: Highlights from the APA and CICM Birmingham Update Course

Discover how credit and accounts payable professionals are uniting to tackle late payments, embrace digital transformation, and build agile finance functions. Get the key insights from the 2025 CICM / APA Conference in Birmingham – where AR meets AP to shape the future of finance. On 17th June 2025, professionals from across the credit management […]

Read more arrow-right
Blog

Understanding the Purchase-to-Pay (P2P) Structure: Roles and Responsibilities

The Purchase-to-Pay (P2P) process, also known as Procure-to-Pay, is an integral part of an organisation’s procurement and finance cycle. It encompasses all activities involved in acquiring goods and services from external suppliers and paying for them. This end-to-end process ensures efficient procurement, improved supplier relationships, and streamlined financial operations. In this blog, we’ll dive into […]

Read more arrow-right
resources-img-1
Blog

Raising the Profile of the AP/P2P Profession: A Critical Imperative

In the world of finance, the Accounts Payable (AP) and Procure-to-Pay (P2P) functions have often been seen as back-office operations, vital but undervalued. However, this perception is changing—and it must continue to evolve. Raising the profile of the AP/P2P profession is not only necessary for fostering a deeper understanding of its significance within organisations but […]

Read more arrow-right

  • 1 Day
  • $550
  • Belfast
  • 31st Oct 2023
How many delegates would you like to add?
1 + -
Delegate 1
Add to basket