From “UK SOX” to ARGA: Designing Controls that Prevent – and Prove – Fraud

Britain’s legislative push began with the Economic Crime & Corporate Transparency Act 2023, which introduces a new failure-to-prevent-fraud offence and tougher director liability. gov.uk In parallel: 

• 2024 UK Corporate Governance Code (effective Jan 2026) – Boards must declare the effectiveness of material internal controls under updated Provision 29. icaew.compwc.co.uk 

• Launch of ARGA – the Audit, Reporting & Governance Authority will supersede the FRC and wield stronger sanction powers once legislation passes, expected in the 2025/26 parliamentary session. financialaccountant.co.ukthetimes.co.uk 

• Internal Audit Code of Practice 2024 refresh – explicitly expands IA’s remit to culture, AI and climate-risk auditing. reuters.com 

Five Design Principles for UK Organisations 

1. “Single-View-of-Control” Model 
   Consolidate controls over financial, non-financial and fraud-prevention risks into one register. This positions boards to sign the Provision 29 declaration with confidence and avoids the siloed approach that failed at Carillion. 

1. Prevent-Detect-Respond Framework for Fraud 
   Prevent – real-time supplier onboarding checks against Companies House and HMRC APIs. 
   Detect – AI text-mining of invoices and emails to spot split-payments or collusion. 
   Respond – pre-approved claw-back and self-reporting protocol to the Serious Fraud Office (SFO).