• Nearly one in four financial firms is breaching ECCTA regulations
• A third failing in basic due diligence with clients and partners
• Over 20% of companies name no individual PSC
• Some firms registered to PO boxes despite transparency laws
• Many still rely on trust, not verification, in business dealings
• 30% admit to accepting risk from unverified partners
• 63% still email sensitive information without safeguards
• ECCTA’s new corporate offence takes effect on 1 September
• Firms risk criminal liability, financial damage, and reputational harm
• Industry experts warn that fraud prevention must become cultural, not just procedural

Thousands of financial services firms across the UK are facing mounting regulatory exposure, with new research revealing widespread breaches of the Economic Crime and Corporate Transparency Act (ECCTA) just weeks before a landmark corporate offence comes into force.

According to the latest ECCTA Regulations Report from compliance training provider Skillcast, almost one in four financial services firms are already in violation of core ECCTA requirements.

Among the most alarming findings: over a quarter of firms fail to name an individual as their Person with Significant Control (PSC), and nearly four per cent report no PSC at all.

Two firms were found to be registered to PO boxes – a practice discouraged under the law for weakening corporate accountability.

In total, the analysis covered over 37,000 data points from 2,000 private UK companies across ten sectors.

It found that 16 per cent of financial services firms had overdue confirmation statements and another six per cent had failed to file accounts on time — both direct violations of basic governance obligations under ECCTA.

The timing could not be more critical. On 1 September, the Act’s new corporate offence – ‘failure to prevent fraud’ – takes effect, introducing sweeping liability for organisations that fail to implement adequate anti-fraud measures across their operations.

Speaking on the report’s findings, Skillcast CEO Vivek Dodd issued a stark warning, saying: “This should serve as a wake-up call for the financial services sector.

“With less than two months to go, many companies are operating in high-risk conditions that leave them exposed to serious criminal liability. Without urgent action, these firms risk severe reputational damage and financial fallout.”

A separate report from digital verification platform Umazi reveals further cause for concern.

According to its findings, almost 30 per cent of UK businesses admit to skipping documentation checks when dealing with well-known companies, and nearly as many knowingly accept the risk of working with completely unverified partners.

More than 20 per cent of companies say they perform no due diligence at all, citing a lack of tools or understanding.

Meanwhile, 63 per cent of businesses still feel comfortable emailing sensitive data to third parties, with 73 per cent trusting recipients to store that information securely, despite repeated warnings about data breaches and fraud.

Umazi founder and CEO Cindy van Niekerk didn’t mince words. “When companies engage with unverified partners, the fallout isn’t just a bad deal – it can lead to collapse, legal exposure, even liquidation.

“We’ve seen it time and again. The tools to stop this exist. Digital verification is not optional – it’s essential.”

Both reports point to the same uncomfortable truth: many UK financial services firms remain locked in outdated habits, relying on reputation, trust, and outdated methods in an environment that increasingly punishes such complacency.

With criminal liability for organisational fraud failures just weeks away, experts argue that compliance can no longer be treated as a check-box exercise. Structural reforms, cultural change, and digital transformation are now business-critical.