Katy MacAskill

Discussions with industry and informal research conducted by the firm from February through to June 2025 showed companies, including those in Scotland, have been slow to take the necessary steps to get ready for FTP compliance.

As of June this year:

• 30 per cent of businesses spoken to had not appointed anyone to oversee FTP compliance;
• Of the 70 per cent that had taken measures, most had assigned FTP responsibilities to already stretched compliance teams in need of support; and
• 78 per cent had not completed – or even begun – a fraud risk assessment, a key component of the ‘reasonable procedures’ described in government guidance.

Even as of August, businesses across multiple sectors – including high-risk industries like financial services, real estate and construction – reported limited progress, citing competing demands on compliance functions as the main barrier.

In response, Dentons has launched a new FTP Toolkit to help organisations assess and address gaps in their fraud prevention measures.

FTP was introduced as part of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) and creates a strict liability criminal offence for in-scope companies that fail to prevent fraud by individuals associated with them, where the fraud benefits the organisation or its customers. The only defence is to demonstrate that reasonable and proportionate fraud controls were in place.

The Serious Fraud Office (SFO) has made clear it will prioritise enforcement of the new offence. SFO director Nick Ephgrave stated: “I’m very, very keen to prosecute someone for [this] offence. We can’t sit with the statute books gathering dust – someone needs to feel the bite.”

Dentons’ new FTP Toolkit is designed to simplify the compliance process, enabling businesses to:

• Rapidly evaluate their current level of FTP readiness
• Identify gaps in policies, procedures, and controls
• Take targeted, proportionate actions to meet legal requirements

Katy MacAskill, senior associate in Dentons’ regulatory and investigations team in Glasgow and co-developer of the toolkit, commented: “The introduction of FTP marks a significant shift in the corporate fraud landscape for Scottish businesses. It is a strict liability offence, meaning Scottish companies will not be able to rely on good intentions or retrospective justifications in place of robust, proportionate and bespoke fraud prevention measures.

“Our data shows that there is still a lack of preparation across industry, which is understandable given today’s competing compliance workload. However, with the offence in force as of 1 September, there is now an urgent need for Scotland’s in-scope firms to ensure that they are sufficiently protected.

“We are particularly mindful about the pressure on overburdened compliance teams. We have designed the FTP Toolkit to try and ease that burden, helping teams act identify gaps and effectively meet their obligations.”