Guardrails & green lights: Finance AI, ECCTA & the White House AI Plan

Two government initiatives are captivating the attention of legal counsel (and others) around the globe: the White House’s AI Action Plan and the UK’s recently enacted Economic Crime and Corporate Transparency Act (ECCTA). On first glance, these two don’t belong in the same conversation. One is about unleashing innovation while the other is about clamping down on corporate misconduct. Yet, as AppZen’s legal counsel, I see both as signals and opportunities for AppZen and its customers.

A shield and a starting gun for AI automation

The ECCTA is the UK’s response to mounting pressure to tackle corporate crime following a decade marked by scandals (more on that below). The Act strengthens corporate liability for economic crimes, including fraud, money laundering and bribery, and introduces direct criminal responsibility for companies where senior managers and directors turn a blind eye. For global companies, this sharpening of corporate responsibility and governance culture in the UK carries lessons that are likely to echo beyond its borders.

In contrast, the White House AI Action Plan has an entirely different energy, one the Action Plan summarizes as, “Build, Baby, Build!” Its three pillars, promoting AI innovation, accelerating adoption, and setting global standards for safety and security, frame AI not as a risk to be feared but as a competitive race that America intends to win. If the Biden Administration’s 2023 AI Executive Order was a cautious false start, as discussed in my last blog post, then the Action Plan feels more like the starting gun. How times have changed.

And while it’s hardly controversial to note that both reflect very different styles of leadership in their respective jurisdictions, at AppZen, we’re leaning into both, innovating responsible AI while simultaneously building the controls and transparency that let our customers flourish under their evolving legal regimes.

ECCTA: Finance AI guardrails

In the 2010s, two high-profile corporate scandals in the UK exposed glaring weaknesses in internal financial oversight and accountability. In the Serco & G4S electronic tagging overbilling case, companies charged the UK government for monitoring offenders who were dead, back in prison, or never electronically tagged at all. In the Tesco accounting scandal, the company overstated its profits by more than £250 million through the mishandling of supplier rebates and the delayed recognition of costs. In both instances, criminal prosecutions were avoided because of the difficulties in finding corporate criminal liability, but these incidents fueled public anger, reinforcing the perception that large UK corporations could hide behind complex structures, while critical failings around accounting and financial controls went unnoticed.

The ECCTA aims to close those gaps by introducing a new “failure to prevent fraud” offense for large organizations. It applies to companies meeting at least two of the following criteria: more than 250 employees; more than £36 million in turnover; or more than £18 million in total assets. It also expands corporate criminal liability by making the actions of employees attributable to their organizations. As of September 1, 2025, large organizations are now criminally liable if they fail to take reasonable steps to prevent associated persons, including employees, agents, subsidiaries, and contractors, from committing fraud. A conviction under this provision could result in criminal proceedings and penalties for a company. The fines potentially imposed under a conviction are unlimited. In short, the UK government is making it clear that the days of sweeping such misconduct under the rug are over.

Senior managers don’t have to know about the fraud nor have approved it for the company to get caught out and, importantly, the offense has extra-territorial reach, extending to foreign companies that have a UK business presence. The company simply has to have benefited from the fraud committed by an employee, without having had reasonable fraud prevention procedures in place. That being said, if the company does indeed implement reasonable procedures to prevent fraud, that’s a valid defense, and it will not be liable. But the UK government guidance on the new offense makes plain that this cannot be a box-ticking exercise: effective fraud prevention will require a whole-company effort, from the boardroom through to frontline staff.

Of course, the challenge is keeping pace with that level of scrutiny. The good news is that tools now exist, with technologies that automatically audit invoices, expenses, and supplier transactions, making it easier to catch issues early and demonstrate robust compliance. AppZen’s AI already flags fraud, enforces compliance, and creates audit trails. We’ve been servicing some of the world’s largest corporations for years, so we’re used to implementing these preventative systems in complex financial structures.

Across the pond, the White House AI Action Plan sets the stage for further AI innovation in the US, potentially providing solutions to the new regulatory challenges abroad.

White House AI Action Plan: Finance AI green light

In July of this year, the White House released its AI Action Plan, setting out three pillars for America’s AI future: accelerating innovation, building infrastructure, and promoting US leadership abroad in diplomacy and security. The first pillar focuses on removing any obstacles to AI innovation, enabling and encouraging AI adoption. The plan proposes to meet these goals through initiatives such as establishing AI Centers of Excellence where organizations can deploy and test AI tools, reviewing regulatory ‘blockers’ to adoption, and expanding the federal government’s own use of AI. The second pillar focuses on building the compute and infrastructure needed to sustain AI adoption, with investment in data centers, chips, and energy capacity. The third pillar looks outward, aiming to extend the US technology stack, from software to applications, to allied countries through a proposed AI Alliance.

What does this all add up to?

The AI Action Plan is less a detailed roadmap than a signal of intent. The US government wants to accelerate AI adoption at scale, remove structural bottlenecks, and ensure America remains competitive globally. For businesses, this means the policy backdrop is becoming more supportive of investment and experimentation with AI, while also setting expectations that organizations should be ready to deploy and integrate these tools responsibly.

For AppZen, this isn’t a new starting line. We’ve been applying AI to finance workflows for many years, working with some of the world’s largest enterprises. What has changed is the policy environment. With the government’s new direction on AI, coupled with the interactions I’m having with AppZen customers, it’s clear to me that the conversation is shifting. It’s no longer, “What is AI?” or, “Why AI?” or even, “Will AI harm my data?” but, increasingly, “How fast can we adopt and scale AI?”

Legislation such as the UK’s ECCTA highlights why AI is needed, putting fresh pressure on companies to strengthen corporate compliance and, quite literally, prevent fraud or face criminal prosecution. Companies need to be better at working smarter. In this regard, the AI revolution is arriving at a critical time, and I believe it will be an essential asset for businesses that must manage risk and comply with the law.

Protect your organization from AP and expense fraud with the most sophisticated finance AI risk protection available. Contact us today for a free audit and live demonstration.

Watch: The Invisible Threat: Detecting AI-Generated Fake Receipts to learn more.