How Documenting your Internal Processes Can Save your Business from an Unlimited Fine

Team Workiro
August 15, 2024
2 min read

Knowing what’s actually happening inside their organisation is not something most business leaders need encouragement on. Any executive worth their salt will have a comprehensive view of what’s going on, and the construction of that view varies as the business scales - the journey from scrappy Google Sheets reconciliation to your very own over-complicated Salesforce integration is a corporate right of passage. You need to start thinking about a new audience looking at your reporting, though - new UK legislation empowers government agencies to inspect both your finances and your internal processes if they suspect fraud, and if you’re found wanting then you could face an unlimited fine.

The changes arrive care of the Economic Crime and Corporate Transparency Act, which was passed in 2023 but will come into effect gradually over the next few years. Company registration requirements have already been tightened up; later this year we’ll see changes to financial reporting requirements, and in 2025 comes the big one: Failure to Prevent Fraud legislation.

The name is self-explanatory; the burden is significant. All companies operating in the UK - regardless of where they are headquartered - need to enact rigorous and comprehensive processes to prevent fraudulent behaviour at every level of the organisation. The Act gives significant new powers to both Companies House and the Serious Fraud Office to interrogate financial reports and corporate structure, and if fraud is found then there’s no limit on the resulting fine - even if senior leadership were unaware of the fraud taking place.

The only defence for this is for affected businesses to enact rigorous, and consistently monitored, internal processes that they can demonstrate to the SFO in mitigation. By making it the responsibility of every business to actively prevent fraud - rather than simply expecting them to follow the rules - the ECCT is closer to the spirit of established US legislation, which has been wielded by the SEC to extract whopping fines from companies like Uber and SolarWinds.  

Smaller companies are spared this, as the “Failure to prevent Fraud” legislation will only apply to “large” companies, which are defined as meeting two of three criteria: turnover of over £36M, a balance sheet over £18M, and over 250 employees. (As a rule of thumb, if your business is big enough to require an audit, then it’s “large”). 

Such companies await detailed guidance from the UK government on the legislation and their defence against it - but the vision is clear, and the solution is to look at your business right now. Evaluate your internal processes and the points - and people - where there is potential for fraud, and start thinking about the changes you can make that would catch it before it happens - and would be easily understood and respected by the SFO when they come looking. Scrupulous documentation of both your operational activity and your internal processes will be key.

Get a head start on this preparation by signing up for our upcoming webinar “Trading in the UK? You need to comply with the ECCT Act”, which features Workiro’s CISO Luke Keily in conversation with Payhawk’s Director of Solutions Engineering, Robbie Hadfield. Both Workiro and Payhawk have robust software solutions for delivering and monitoring business operational processes, and Luke and Robbie have extensive experience and insights in how different organisations can ensure compliance with this type of legislation. 

Register for the webinar here.

Share this article

Team Workiro

Book a Discovery Call

Want to find out more about how Workiro works? Book a zoom-based discovery call with one of our experts who’ll be happy to answer any questions you may have, to ensure Workiro is the right fit for your business needs.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

How Documenting your Internal Processes Can Save your Business from an Unlimited Fine

Blog
The author image who wrote the blog article
By
Team Workiro

Knowing what’s actually happening inside their organisation is not something most business leaders need encouragement on. Any executive worth their salt will have a comprehensive view of what’s going on, and the construction of that view varies as the business scales - the journey from scrappy Google Sheets reconciliation to your very own over-complicated Salesforce integration is a corporate right of passage. You need to start thinking about a new audience looking at your reporting, though - new UK legislation empowers government agencies to inspect both your finances and your internal processes if they suspect fraud, and if you’re found wanting then you could face an unlimited fine.

The changes arrive care of the Economic Crime and Corporate Transparency Act, which was passed in 2023 but will come into effect gradually over the next few years. Company registration requirements have already been tightened up; later this year we’ll see changes to financial reporting requirements, and in 2025 comes the big one: Failure to Prevent Fraud legislation.

The name is self-explanatory; the burden is significant. All companies operating in the UK - regardless of where they are headquartered - need to enact rigorous and comprehensive processes to prevent fraudulent behaviour at every level of the organisation. The Act gives significant new powers to both Companies House and the Serious Fraud Office to interrogate financial reports and corporate structure, and if fraud is found then there’s no limit on the resulting fine - even if senior leadership were unaware of the fraud taking place.

The only defence for this is for affected businesses to enact rigorous, and consistently monitored, internal processes that they can demonstrate to the SFO in mitigation. By making it the responsibility of every business to actively prevent fraud - rather than simply expecting them to follow the rules - the ECCT is closer to the spirit of established US legislation, which has been wielded by the SEC to extract whopping fines from companies like Uber and SolarWinds.  

Smaller companies are spared this, as the “Failure to prevent Fraud” legislation will only apply to “large” companies, which are defined as meeting two of three criteria: turnover of over £36M, a balance sheet over £18M, and over 250 employees. (As a rule of thumb, if your business is big enough to require an audit, then it’s “large”). 

Such companies await detailed guidance from the UK government on the legislation and their defence against it - but the vision is clear, and the solution is to look at your business right now. Evaluate your internal processes and the points - and people - where there is potential for fraud, and start thinking about the changes you can make that would catch it before it happens - and would be easily understood and respected by the SFO when they come looking. Scrupulous documentation of both your operational activity and your internal processes will be key.

Get a head start on this preparation by signing up for our upcoming webinar “Trading in the UK? You need to comply with the ECCT Act”, which features Workiro’s CISO Luke Keily in conversation with Payhawk’s Director of Solutions Engineering, Robbie Hadfield. Both Workiro and Payhawk have robust software solutions for delivering and monitoring business operational processes, and Luke and Robbie have extensive experience and insights in how different organisations can ensure compliance with this type of legislation. 

Register for the webinar here.

Author:
Team Workiro
Follow team Workiro for actionable work tips, how they apply to real-life scenarios, and take a deeper dive into our supercharged enterprise content management system, which seamlessly integrates with NetSuite.