Effective fraud prevention and compliance frameworks rely on a clear understanding of the key personnel acting on behalf of the firm. It is therefore important for firms to go through the process of identifying and documenting associated persons who may present a risk of misconduct either through internal actions or third-party relationships. With the introduction of the Failure to Prevent Fraud Offence under the Economic Crime and Corporate Transparency Act (ECCTA), financial institutions will be expected to take proactive steps to strengthen their internal control frameworks. ECCTA is expected to come into force on the 1st of September, 2025, and will enact a zero-tolerance approach to failure to prevent fraud.
What is the Definition of an Associated Person?
Under the ECCTA, an associated person is broadly defined as any individual or legal entity that performs services for or on behalf of a company. This includes employees, agents, third-party contractors, service providers and intermediaries. Classification as an associated person is assessed based on all relevant circumstances including the nature of the relationship and the functions performed on behalf of the organisation. It is important to remember the scope of associated persons does not include any persons acting on behalf of the customers of the company, or those providing services to the company. The definition of an associated person can also extend across corporate group structures, meaning a parent company may be held liable for associated persons working within or with one of its subsidiaries. This is a very wide scope which increases the exposure of financial firms to potential liability. Firms must identify and understand where associated persons exist across their operations, and this is done through a comprehensive mapping process.
How to Map Associated Persons to Your Business
Mapping associated persons is a critical step toward ensuring compliance with the Failure to Prevent Fraud Offence guidelines. Organisations are required to take a comprehensive view of who is acting on behalf of the business both internally and externally to accurately assess fraud risk and demonstrate reasonable procedures. This process should begin by identifying individuals and entities across the organisation who perform services for or on behalf of the firm. This can include:
- Permanent and temporary employees
- Contractors and consultants
- Agents, introducers and intermediaries
- Subsidiaries and their employees
- Partners or third parties involved in joint ventures
Entities considered to be out of scope include those that provide services to the organisation instead of on behalf of the organisation. This includes lawyers, accountants and engineers but can be different for each business based on their operations and use of professional services. The mapping exercise should extend across all business units, functions and jurisdictions and provide a holistic view of the operations of the firm. Associated persons are not always obvious or centrally documented, so this process will require active input from across the firm.
How to Engaging Senior Stakeholders in Typology Mapping?
Senior stakeholder engagement is essential for a successful typology mapping exercise. Departments such as Legal, Compliance, HR and Operations will provide different insights and cooperation will ensure that no group or function is overlooked. Senior stakeholder engagement will help to make sure the mapping is accurate, complete and embedded into the firm’s wider risk management framework. Stakeholder engagement should begin with clarity on purpose - mapping is not simply about listing job titles. The goal of the mapping exercise is to understand the real-world relationships, service functions and points of potential exposure to fraud. This requires contributions from several departments, each with its own divisional leadership and operational function. Boards and senior executives play an important role in setting the tone and supporting this process. They can help ensure:
- Mapping is treated as a live, strategic activity, not as a one-off exercise
- All business functions are engaged, including those with non-obvious or decentralised relationships
- Mapping findings feed directly into risk assessments and prevention procedures
Senior leaders should endorse the mapping process and agree to the development of a stakeholder-informed action plan. This should be regularly reviewed as part of the firm’s fraud governance responsibilities and will support compliance in an evolving regulatory landscape. These processes will equip the firm to make better informed and more risk-aware decisions which will build a more resilient fraud prevention framework. Financial firms can lay the groundwork for a more resilient, transparent and compliant fraud prevention framework by taking a proactive approach to mapping associated persons. With the ECCTA enforcement deadline approaching, firms should be preparing in advance and ensuring resilience and compliance throughout their organisation.
Contact us today to learn more about Novatus Global’s ECCTA Offering and how it can support your organisation in developing and applying fraud typology mapping as part of the reasonable procedures required to prevent fraud.
