Can you defend against the claim you failed to prevent fraud in your supply chain?Are You Ready for a New Era of Accountability in UK Infrastructure?

If you work in the UK infrastructure sector, on 1st September 2025 your world is changing. Two new

pieces of legislation—the Economic Crime and Corporate Transparency Act 2023 (ECCTA) and the Procurement Act 2023—are not just separate sets of rules. Think of them as a pincer movement, fundamentally altering the risks for everyone, from public sector clients to the smallest firm in a supply chain.

So, what does this actually mean for you?

First, ECCTA introduces on the 1st September 2025 a tough new corporate crime: 'failure to prevent fraud'. This is a strict liability offence, which is a legal way of saying your company can get hit with an unlimited fine for fraud committed by a supplier, even if senior management knew nothing about it. Your only defence? Proving you had 'reasonable procedures' in place to stop it. Suddenly, those internal controls aren't just best practice; they're your only legal shield.

At the same time, the Procurement Act is tearing down the old system and replacing it with one built on radical transparency. For contracts over £5 million, you'll now have to publish Key Performance Indicators (KPIs) and your performance against them will be public knowledge. A single act of fraud on a project could expose a client to criminal charges under ECCTA while simultaneously getting the supplier blacklisted from all public work under the Procurement Act.

The old ways of doing business—the opaque, sometimes adversarial relationships—just won't cut it anymore. In this new world, you need a way to prove you’re doing the right thing. This is where something called Digital Cost Assurance comes in. It’s not just about tracking costs; it’s about creating a digital, auditable trail that proves you have those 'reasonable procedures' ECCTA demands and automates the transparency the Procurement Act requires. It’s time to see digital tools not as a nice-to-have, but as the central nervous system for surviving this new reality.

Part 1: The Game-Changer: ECCTA's 'Failure to Prevent Fraud' Offence

Let’s be honest, the name alone—The Economic Crime and Corporate Transparency Act 2023—is a mouthful. But everyone in the infrastructure world needs to get familiar with one part of it: the new 'Failure to Prevent Fraud' (FTPF) offence. This isn't just another regulation; it fundamentally rewrites the rules of corporate responsibility.

What Does "Strict Liability" Actually Mean?

This is the most important part to understand. Your company commits the FTPF offence if someone 'associated' with it commits fraud to benefit your organisation. Crucially, prosecutors don't need to prove that your directors knew about it, suspected it, or ordered it. The lack of knowledge at the top is no longer a defence.

Think about that for a second. The liability is almost automatic once the fraud happens. Your only way out is to prove you had 'reasonable procedures' to prevent it.

Who Is an 'Associated Person'? (Hint: Almost Everyone)

This is where ECCTA gets its incredible reach. An 'associated person' isn't just your direct employee. It's also your agents, your subsidiaries, and anyone who "performs services for or on behalf of the organisation".

For a client on a major project, this net captures the entire delivery ecosystem: your project managers, quantity surveyors, contractors, and even their large subcontractors. It creates a huge web of liability. A fraud committed by a sub-consultant you've never even met could, in theory, land your own company and you in court.

The fraud just has to be intended to benefit your company—it doesn't even have to succeed. The benefit could be as simple as avoiding project delays, which is a powerful incentive in our industry. This flips the old risk model on its head. It's no longer just about protecting yourself from being the victim of a supplier's fraud; you now risk being held criminally liable as the unwitting beneficiary of it.

Part 2: Nowhere to Hide: The Procurement Act's New Rules

Just as ECCTA reshapes internal responsibility, the Procurement Act 2023 changes everything about how you operate in public. Its goal is simple: create a system so transparent that everyone can see what’s being bought, how much is being spent, and who is performing well (or badly).

Your Performance Is Now Public Record

For any public contract worth over £5 million, contracting authorities now must set and publish at least three Key Performance Indicators (KPIs). But they don’t just sit in a file. Your performance against those KPIs must be assessed at least once a year and at the end of the contract, and the results will be published for all to see.

This effectively creates a permanent, public "credit score" for competence and integrity. A poor performance notice on one project can be used by any other public body as a legal reason to be excluded from future work. Every single KPI assessment now contributes to a public reputation that has direct, and potentially severe, commercial consequences. That means the data used to score performance must be right EVERY time.

The Debarment List: The Ultimate Penalty

This is the Act's most powerful new tool. It's a centrally managed, public list of suppliers who are barred from public procurement. A minister can place a supplier on this list for serious offences like fraud (mandatory exclusion) or for issues like professional misconduct and poor performance (discretionary exclusion).

And just like with ECCTA, the risk extends to your supply chain. A supplier can be debarred based on the conduct of 'connected persons', which includes directors and key subcontractors.

There is a way back, however. It's called 'self-cleaning'. A supplier can avoid or get removed from the list if it can prove it has taken real steps to fix the problem—like paying compensation to the disbenefited party (s) and implementing new, concrete procedures to prevent it from happening again. This provides a strong incentive for genuine corporate reform.

Part 3: The Pincer Movement in Action

So, how do these two laws work together to create such a massive headache? Let’s walk through a quick, and sadly plausible, story.

Imagine a big public project is under pressure. A key contractor is struggling with cash flow, putting a major milestone at risk. To keep things moving, a quantity surveyor from the client's main consultancy colludes with the contractor to make a recommendation to the Project Manager to certify a payment for work that hasn't actually been done yet. The main goal is to keep the contractor afloat and avoid delays—a clear benefit to both the consultancy and the client.

One dodgy payment application. What happens next?

1. ECCTA kicks in. The contractor committed fraud. The QS (an 'associated person' of the consultancy) aided that fraud. And the consultancy (an 'associated person' of the client) performed the service. Both the consultancy and the client are now criminally liable for failing to prevent the fraud. Their only hope is to prove their 'reasonable procedures' were up to scratch.

2. The Procurement Act kicks in. Any fraud is a mandatory ground for exclusion. The consultancy’s role is 'grave professional misconduct'—a discretionary ground for exclusion. The client is now legally obligated to report both firms, which will likely trigger an investigation that could land them on the public debarment list, banned from public work for years.

This is the pincer movement. The same Act creates an internal criminal liability for the client while imposing a public duty on that same client to sanction the partners whose actions caused the liability. You can't just turn a blind eye, because doing so would destroy your 'reasonable procedures' defence.

Part 4: So, How Do You Actually Protect Yourself?

This all sounds pretty daunting, I know. But there is a clear path forward. Traditional, fragmented systems built on spreadsheets and email chains simply can't provide the proof you need in this new world. The solution is to build your defence and compliance framework digitally.

Building Your Defence for ECCTA

A Digital Cost Assurance system is your best friend when it comes to proving you have 'reasonable procedures'. Why? Because it creates a powerful, unchangeable record that your controls are being used every single day to assure every single line of cost data.

• Catch fraud before it happens. Instead of finding a fake invoice months later, digital systems like Coria’s Digital Cost Engineer can spot it instantly. AI-powered tools can analyze 100% of transactions, flagging duplicate invoices, documents created by generative AI, and suspicious payment patterns that a human would never see.

• Create an unbreakable audit trail. Every single action—from an invoice submission to its approval—is time-stamped and logged securely. If you’re ever investigated, you don’t just have a policy document to show; you have a complete, verifiable digital history of your controls in action. That's a defence that's hard to argue with.

Automating Your Procurement Act Duties

The reporting burdens of the new Procurement Act are huge. Trying to manage them manually is a recipe for disaster. Again, digital systems like Coria and Saible’s are the answer.

• Track KPIs automatically. Digital platforms can be set up to monitor your contractual KPIs in real-time, creating dashboards and automatically generating the public reports the law requires.

• Guarantee prompt payment. Specialised construction payment platforms; such as Saible, can automate the entire payment cycle all the way down the supply chain, tracking deadlines, sending reminders, and ensuring your ecosystem meets the 30-day payment rule. They can also automatically generate the six-monthly Payment Compliance Notices the Act demands.

Part 5: Your To-Do List: A Practical Game Plan

A 'wait and see' approach is just too risky. Here’s a straightforward plan for both clients and suppliers.

For Clients (Contracting Authorities)

1. Update Your Risk Register. Yesterday. The 'failure to prevent fraud' offence needs to be a primary corporate risk on your books, right now.

2. Give Someone Ownership. Assign clear responsibility for the anti-fraud program to someone at the board level. This is step one of the 'top-level commitment' defence.

3. Mandate Digital Collaboration. For major projects, make the use of a shared Digital Cost Assurance platform; such as Coria’s Digital Cost Engineer, a mandatory requirement in your tenders. It’s the only way to guarantee 100% transparency and process control from day one.

4. Train Your People. Your contract managers and commercial teams need to understand the new rules inside and out—especially the grounds for termination and the importance of a perfect 100% transaction audit trail.

For Contractors and Consultants

1. Build Your 'Reasonable Procedures'. If you're an organisation that meets the criteria for applicability, you need your own ECCTA-compliant anti-fraud program. This isn't just for your own protection; it's what will make you a credible, low-risk partner for clients.

2. Cascade the Rules Down. You must push these new standards down to your own subcontractors and large suppliers. Update your sub-contracts to mirror the obligations clients and the Acts are placing on you.

3. Get Ready for Transparency. You have to accept that your performance is now public. Treat every KPI assessment as a permanent entry on your company's public resume, because that's exactly what it is.

Ultimately, these new laws are pushing the entire industry toward a more collaborative and transparent model. The organisations that thrive won't be the ones that see this as a burden, but the ones that embrace a digitally-enabled, transparent approach to build trust and become the partners of choice for the future of UK infrastructure.