2025 represents an important year for international anti-fraud legislation.
At the level of Soft Law, in May 2025, the first edition of the new ISO 37003:2025 standard was published, which acts as a guide for all organizations regarding the development, implementation and maintenance of an effective management system for fraud control. At national level, on the other hand, starting from September 1, 2025, the crime came into force in the United Kingdom Failure to Prevent Fraud Offence (FTPF), introduced within the Economic Crime and Corporate Transparency Act of 2023 (ECCTA).
The new ISO 37003:2025 standard: an international guide for Fraud Risk Management
THE ISO 37003:2025 represents the new international reference for Fraud Risk Management in organizations of every size and sector.
This standard provides structured and methodological guidelines to help businesses and public and private bodies to prevent, detect and combat fraudulent behavior, with the aim of reducing the economic and reputational impact that these events may generate.
Le corporate fraud, internal or external, are today among the most serious threats to sustainability and trust of an organization. Financial losses, reputational impairment and reduced stakeholder trust are just some of the consequences of inadequate fraud risk management.
In this context, the ISO 37003:2025 Introduce a systematic and governance-based approach, which allows us to develop a corporate culture based on integrity, transparency and constant oversight.
The standard offers an operating framework capable not only of react effectively to fraudulent events, but above all of Prevent them, through the creation of solid internal processes, verification procedures and a proactive risk assessment.
The importance of 'Tone at the Top' in fraud prevention
As also emphasized by other international organizations, the first and essential element of an effective fraud risk management system is the so-called “Tone at the Top”. This concept identifies the Tone and ethical direction that the Board of Directors and Managers transmit daily within the organization, influencing the perceptions and behaviors of employees, collaborators and stakeholders.
When fraud occurs, or a suspected wrongdoing is reported, it is often an indication of a gap in corporate governance. For this reason, it is essential to intervene in advance, building a healthy organizational context, in which the Compliance is not a simple formal obligation, but a starting point to guide behaviors consistent with company values.
An effective system of Fraud Risk Management requires more than procedures and regulations, it is necessary to consolidate a ethical corporate culture through:
- Transparent and clear processes, that make responsibilities and procedures understandable.
- Consistent messages on ethics and integrity, shared by top management and formalized in company policies.
- Policies of”Zero Risk Tolerance” towards fraud.
- Effective whistleblowing channels, able to guarantee secure and confidential reports.
- Targeted preventive checks, not only formal, but functional to identify risks and anomalies early.
Creating an ethical company culture not only reduces economic losses deriving from internal fraud, but it also optimizes monitoring and risk management costs. At the same time, integrity-oriented governance generates significant reputational benefits, increasing the trust of customers and investors in the organization.
The Failure to Prevent Fraud Offence (FTPF) in English
Before 2023, in the UK, there was no criminal liability for entities when it was not possible to prove that the top management had ordered or were aware of the fraud.
The 2023 ECCTA filled the gap, sanctioning criminal liability for organizations that do not implement reasonable procedures to prevent the commission of fraud. Section 199 of the ECCTA, which provides for the crime of”Failure to prevent fraud” (FTPF), applies only to so-called”large organizations”, or those companies that meet at least two of the following criteria:
· more than 250 employees;
· revenues exceeding £36 million;
· assets exceeding £18 million.
Under current legislation, these organizations may be held criminally responsible when, during a financial year, a Associate person (i.e. an employee, agent or anyone who works on behalf of the institution) commits fraud aimed, even indirectly, at providing it with an advantage, regardless of the involvement or awareness of the top management.
It is important to remember that The ECCTA is not exclusively about English companies, but can they be held responsible of the crime of FTPF also:
· The Large organizations not registered in the UK but That they have a UKNexus, or a connection with the United Kingdom (for example when part of the fraudulent act was committed in the United Kingdom, or if the gain or loss deriving from the fraud occurred in the United Kingdom);
· in the case of a holding company, When a UK subsidiary (from a non-UK parent company) commits fraud, or when the fraudulent act takes effect in the United Kingdom (in this case even the non-UK parent company could be held liable under the ECCTA).
Like the Italian system, Even British law shifts the burden of proof to the body: through a strict liability,or objective liability, so it is no longer necessary to prove the institution's intent or guilt, but it is sufficient that theAssociate has committed the crime and that the institution has not adopted reasonable prevention procedures, or appropriate preventive procedures.
The consequences of the crime Failure to Prevent Fraud Offence (FTPF)
As specified above, even non-British entities may be involved in FTPF processes if they operate in the United Kingdom or if they have a UK nexus, for example in the case of branches in the United Kingdom, fraud is committed against English markets, banks, business partners, customers, users, consumers or platforms.
Therefore, considering the enormous impact that such legislation can have on Italian companies, it is desirable that all organizations in any way touched by the ECCTA begin to equip themselves with preventive procedures appropriate to the management of fraud risk.
In the case of established responsibility for the crime in question, in addition to the possible reputational consequences, a company may be ordered to pay a Fine Without Editorial Limits (c.d.unlimited purposes), and The amount of the sanction is left to the discretion of the judge, which will evaluate the specific circumstances of the specific case, the seriousness of the crime and the financial benefits obtained.
The services offered by Argo in the field of Fraud Risk Management
In light of this new regulatory framework, it is essential that all companies, especially those that operate in the United Kingdom or that in any case have a UK nexus, have a structured Fraud Risk Management system, based on concrete and verifiable preventive measures.
In this scenario, Argo Spa represents an excellent partner in the definition and implementation of effective anti-fraud programs that comply with international compliance.
We support organizations in defining global policies and procedures, in mapping of Associate Persons And in the assessment of the relative risk of fraud.
The activity includes Due Diligence on international customers, suppliers and M&A transactions, Targeted Fraud Risk Assessments for the most sensitive areas and staff training (also on the new FTPF obligations).
Our Fraud Risk Management system also includes:
· The secure management of whistleblowing channels, in accordance with Directive (EU) 2019/1937, ISO 37002:2021, Legislative Decree 24/2023 and ANAC Resolution no. 311/2023;
· the management of periodic audits aimed at monitoring the effectiveness of the implemented anti-fraud procedures
· support for the process of internal investigations, or the collection and analysis of information, conducted within an organization, aimed at ascertaining facts or behavior that are potentially illegal, fraudulent or not in compliance with internal or external regulations, in order to determine liability, prevent reputational and legal damage, and take any corrective or disciplinary measures.
Operating according to government guidelines and international best practices, we offer a complete, transparent, compliant and updated Fraud Risk Management model, capable of concretely reducing the risk of fraud and of protecting corporate integrity and reputation over time.
