UK financial institutions are entering a new phase of regulatory scrutiny as multiple government bodies intensify enforcement of the Economic Crime and Corporate Transparency Act (ECCTA).
According to Workfusion, whether action is taken by HM Revenue & Customs, Companies House, Insolvency Service or the Serious Fraud Office, compliance teams across UK banks and other large financial institutions are being warned to prepare for a more interventionist and coordinated regulatory environment.
Although many of these measures began rolling out in mid-2025, 2026 is shaping up to be the year when ECCTA enforcement becomes both broader and more visible across the financial system.
One of the most significant pillars of the Act is the Failure to Prevent Fraud (FtPF) offence, which came into force on 1 September 2025. Under this regime, organisations are subject to strict liability if fraud is committed by any representative for the company’s benefit. This includes employees, agents and subsidiaries.
Crucially, the traditional “reasonable procedures” defence has been replaced by a new “senior manager” attribution rule. As a result, banks and corporates can now be held criminally liable even if anti-fraud frameworks are already in place.
The scope of who qualifies as a senior manager has also expanded beyond board members and executives to include individuals with significant decision-making power, including those in compliance and risk functions. The same principles also apply to related offences such as money laundering and sanctions evasion, increasing personal and institutional exposure across the organisation.
At the same time, Companies House has been repositioned as a more proactive gatekeeper of the UK corporate ecosystem. Under the ECCTA, it now has enhanced authority to investigate companies, verify director identities, scrutinise suspicious filings and remove fraudulent entities from the corporate register.
These powers are no longer theoretical. The Insolvency Service is already feeding referral lists into Companies House for review, while the National Economic Crime Centre recently coordinated a multi-agency sweep involving Companies House, HMRC and the Insolvency Service. That exercise resulted in 11,000 companies being struck off, underlining the scale of the clean-up operation now underway.
Sanctions compliance has also been simplified—but not relaxed. As of 28 January 2026, the UK government has consolidated its sanctions regime into a single official UK Sanctions List. This replaces the two previously separate lists that had been maintained for years. The new list provides a unified view of all individuals, entities and vessels subject to UK sanctions under the Sanctions and Anti-Money Laundering Act 2018.
While the OFSI Consolidated List and its search tools will remain accessible, they will no longer be updated. For compliance teams, this creates a single authoritative source of truth, making screening processes more consistent but also removing any ambiguity around which datasets must be used.
Another major development is the growing use of artificial intelligence in retrospective investigations. Under the UK Anti-Corruption Strategy (2025–2030), the National Crime Agency is leading efforts to tackle illicit finance, supported by the SFO, the Financial Conduct Authority and the City of London Police’s Domestic Corruption Unit.
The Unit is currently piloting AI-enabled “corruption investigation assistants” that allow investigators to analyse years of suspicious activity reports and other datasets in minutes rather than months. This capability dramatically expands the state’s ability to reopen historical cases and identify patterns that were previously too complex or time-consuming to detect manually.
For financial institutions, this enforcement landscape creates two particularly acute areas of vulnerability: senior manager liability and sanctions compliance. Under the expanded definition in Section 196 of the ECCTA, firms must urgently clarify which individuals fall under senior manager responsibilities.
This should be followed by updated enterprise-wide risk assessments and corresponding changes to compliance systems to reflect the heightened exposure. Failure to map accountability accurately could leave firms exposed not just to regulatory penalties, but also to criminal prosecution.
On sanctions, the government’s 2025–2030 strategy places renewed emphasis on third-party due diligence and supply chain transparency. Compliance teams are now expected to ensure they are not facilitating transactions involving sanctioned jurisdictions, individuals or entities. Many firms are responding by adopting AI-based solutions that automate enhanced due diligence and high-risk reviews.
Tools such as WorkFusion’s AI Agent Edward, for example, are designed to automate enhanced due diligence and reduce manual workloads by approximately 40–60 percent, while increasing investigation throughput by up to five times. In an environment where regulators are increasingly data-driven and retrospective in their investigations, these technologies are fast becoming essential rather than optional.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
