Whether it is enforcement actions taken by HMRC, Companies House, the Insolvency Service, or the SFO—or all of them combined—compliance teams within UK banks and other large financial institutions (FIs) should take heed. These agencies are taking concrete actions to apply pragmatic enforcement of the UK Economic Crime and Corporate Transparency Act of 2023 (ECCTA). Such actions have mostly been underway since mid-2025 and momentum is gaining into 2026.
Following are four major areas of improved enforcement regarding ECCTA in 2026.
#1: The FtPF offense
The Failure to Prevent Fraud (FtPF) offense is a cornerstone of the ECCTA and came into effect as of September 1, 2025. Under FtPF, organizations face strict liability when one or more of their representatives (e.g., an employee, subsidiary, agent, etc.) commits fraud to benefit the company. Furthermore, organizations can no longer hide behind the traditional “reasonable procedures” defense which states that organizations cannot be held liable if they had reasonable procedures in place to prevent the fraud. Instead, the ECCTA includes a new “senior manager” attribution rule. Under this rule, banks and other companies are directly liable—even if they have anti-fraud procedures in place.
In addition, the definition of who can be called a “senior manager” has evolved. Where the definition used to be limited to executive management and board members, it now extends to anyone who plays a significant role in decision-making, such as people in compliance roles. So, if a senior manager is involved in fraud, the bank is criminally liable. It’s also worth noting that the same rules apply for such activities as money laundering and sanctions evasion.
#2: Companies House as a proactive gatekeeper
The ECCTA grants Companies House the power to investigate entities to determine if they are legitimate or fraudulent—and to strike them from the registration roles. Companies House is proactively doing the following:
- Verifying the identities of entities’ directors
- Reviewing suspicious filings
- Striking seemingly fraudulent entities from the roles.
Other agencies are collaborating with Companies House to “clean up” the registration roles. In one case, the Insolvency Service is developing a referral list for Companies House to review. On a broader scale, the National Economic Crime Centre (NECC)—a multi-agency center established in 2018 to deliver a step change in the UK’s response to economic crime—recently led a sweep of entity reviews by several agencies (Companies House, HMRC, and the Insolvency Service) that resulted in 11,000 companies being struck from the registration roles.
#3: Sanctions Lists Consolidation
As of January 28, 2026, the UK government has moved to a single sanctions list. The UK Sanctions List details which people, entities and ships are designated or specified under regulations made under the Sanctions and Anti-Money Laundering Act 2018, and why. The new list is really a consolidation of two sanctions lists which had been maintained separately for years. By having a single list, the UK government is making it easier for organizations to comply.
The UK Sanctions List is now the only official list containing all UK sanctions designations. The OFSI Consolidated List and search function will remain available, but the government will not continue to update them.
#4: The use of AI to look back for crimes
Under the UK Anti-Corruption Strategy (2025-2030), the National Crime Agency (NCA) is the primary UK agency focused on pursuing illicit finance. Aiding the NCA with critical enforcement and supervision are the Serious Fraud Office (SFO), the Financial Conduct Authority (FCA), and the City of London Police’s Domestic Corruption Unit. The Unit is piloting the use of AI-enabled ‘corruption investigation assistants’ that will help local and regional police force investigators review and interrogate years of suspicious activity reports and other datasets. They expect each effort to occur in only minutes; versus the months they would take without the use of AI.
How FIs can prepare for the more vigorous enforcement measures
We see two major potential areas of vulnerability for financial institutions. They relate to the “senior manager” rule and the UK Government’s focus on sanctions compliance.
Regarding the “senior manager” rule, your compliance organization should take the following steps as soon as possible:
- Clarify who has senior manager responsibilities under the newly expanded definition set forth in Section 196 of the ECCTA.
- Update your risk assessments.
- Incorporate changes into your compliance systems that reflect new risks discovered from your updated risk assessments.
Regarding the UK Government’s elevated focus on sanctions compliance, implement a modern, AI-based solution to improve your third-party due diligence capabilities. The government’s 2025-2030 strategy requires your compliance organization to ensure that you are not enabling the sale or transfer of goods to, from or for the benefit of sanctioned countries and entities. Enhanced due diligence is made easy today by AI Agents designed specifically for the task. In fact, WorkFusion’s AI Agent solution named Edward performs automate enhanced due diligence and high-risk reviews in a way that reduces manual effort by approximately 40-60 percent and speeds investigation throughput by 3-5X.
To learn more about how WorkFusion AI Agents can improve your compliance operations, visit the AI Agents homepage.