Whether through enforcement actions taken by HM Revenue & Customs, Companies House, the Insolvency Service, or the Serious Fraud Office—or increasingly through coordinated action between them—compliance teams within UK banks and other large financial institutions should be paying close attention.
These agencies are no longer signalling intent; they are actively applying the UK Economic Crime and Corporate Transparency Act 2023 (ECCTA) in practice, claims Workfusion.
While early activity began in mid-2025, enforcement momentum has clearly accelerated into 2026, reshaping expectations for governance, accountability and technology across the financial services sector.
A central pillar of this shift is the Failure to Prevent Fraud (FtPF) offence, which came into force on 1 September 2025. Under this provision, organisations face strict criminal liability when a representative—such as an employee, subsidiary or agent—commits fraud for the organisation’s benefit. Crucially, ECCTA removes the comfort firms once took from relying on “reasonable procedures” alone. Instead, the Act introduces a new senior manager attribution rule, meaning banks and corporates can be held liable even where anti-fraud controls exist, if wrongdoing can be linked to senior management conduct.
The scope of who qualifies as a “senior manager” has also broadened significantly. Responsibility is no longer confined to board members or C-suite executives. Individuals who play a meaningful role in decision-making, including senior compliance leaders, now fall within scope. If such a senior manager is implicated in fraud, the organisation itself is criminally liable. Importantly, the same attribution logic applies beyond fraud to offences such as money laundering and sanctions evasion, materially raising personal and institutional risk.
Alongside this, Companies House has emerged as a far more proactive gatekeeper of the UK corporate register. ECCTA grants it enhanced investigative powers to determine whether registered entities are legitimate or potentially fraudulent. In practice, this has translated into systematic identity verification of directors, closer scrutiny of suspicious filings, and the removal of entities deemed fraudulent. These efforts are not happening in isolation. Other agencies are actively collaborating, with referral mechanisms feeding intelligence back into Companies House reviews.
This multi-agency approach was most visible in a recent sweep led by the National Economic Crime Centre, which brought together Companies House, HMRC and the Insolvency Service. That coordinated action resulted in around 11,000 companies being struck from the register, underscoring how aggressively authorities are now “cleaning up” the corporate landscape and signalling little tolerance for abuse of the UK’s registration framework.
Sanctions compliance has also become structurally simpler—but operationally more demanding. From 28 January 2026, the UK government moved to a single, unified sanctions list. The UK Sanctions List now serves as the sole official source detailing all UK designations made under the Sanctions and Anti-Money Laundering Act 2018. While the previous OFSI consolidated list and search tool remain accessible, they are no longer updated. For firms, this consolidation removes ambiguity about authoritative sources but increases expectations that screening and monitoring processes are precise, current and comprehensive.
Enforcement capability is also being strengthened through technology. Under the UK Anti-Corruption Strategy 2025–2030, the National Crime Agency is leading efforts to pursue illicit finance, supported by bodies including the SFO, the Financial Conduct Authority and the City of London Police’s Domestic Corruption Unit.
Notably, the Unit is piloting AI-enabled investigation assistants designed to analyse years of suspicious activity reports and related datasets in minutes rather than months. This ability to retrospectively interrogate historic activity materially increases the likelihood that past compliance failures will be uncovered.
For financial institutions, these developments expose two clear areas of vulnerability. First is governance under the expanded senior manager definition. Firms should urgently clarify which roles fall within scope under Section 196 of the ECCTA, refresh enterprise-wide risk assessments accordingly, and ensure compliance systems reflect the newly identified risks. Second is sanctions compliance.
The government’s heightened focus means firms must be confident they are not enabling transactions involving sanctioned jurisdictions or entities. Modern, AI-driven third-party due diligence tools are increasingly critical here. Solutions such as WorkFusion’s AI Agent Edward are already being positioned to automate enhanced due diligence and high-risk reviews, reducing manual effort by around 40–60% while increasing investigation throughput by three to five times—capabilities that are becoming essential rather than optional in the 2026 enforcement environment.
Find more on RegTech Analyst.
Copyright © 2026 FinTech Global
