From Raw Filings to Real-Time Risk: Why the Next Era of Fraud Detection Starts in the Data Supply Chain

Let’s face it – fraud is a thriving business. And last year it evolved faster than anyone could have predicted.

Financial risk professionals are under pressure to detect scams and shell companies faster than ever. Yet amid all the buzz about AI and analytics, one lesson has become clear: fraud detection is only as strong as the data pipeline behind it.

Just as you wouldn’t build a house on rotten foundations, you can’t rely on machine learning models if the filings and corporate records feeding them are flawed.

The next era of fraud detection will be won (or lost) upstream, in how we capture, clean and channel raw data into decision-grade intelligence.

In other words, it starts in the corporate data supply chain.

The corporate data supply chain: An untapped advantage

Traditionally, many risk teams focused on data warehouses and data lakes as static repositories – back-end afterthoughts to store information. But I make the case that leading organisations must now treat data more like a supply chain, with raw inputs, quality control checkpoints, and refined outputs delivered just in time to decision makers.

Why a supply chain? Because complex corporate data (company registrations, financial statements, director identities, beneficial ownership records, and so on) passes through many hands and formats before it’s usable. At each step, there’s potential for contamination: a typo, a fake entry, a cloned company registration, or a malicious manipulation. If you don’t catch those early, the “finished product” of your risk report is invariably compromised.

Think of raw filings at corporate registries like Companies House as the raw materials. In the past, Companies House essentially took filings on trust – placing documents on the register with limited verification, meaning there was little assurance the information was accurate. That environment made life easy for fraudsters. Bogus directors could hide behind PO boxes and false addresses. Fake financials could slip into the system unquestioned. It’s no wonder the UK’s corporate registry earned a reputation as a “soft touch” for fraud.

For risk professionals, this meant fraudulent data upstream led to flawed risk assessments downstream.

2024 vs. 2025: A turning point in data integrity

This past year has marked a turning point. In October 2023, the UK passed the Economic Crime and Corporate Transparency Act (ECCTA), ushering in the biggest overhaul of Companies House in generations. By 18th November 2025, identity verification became mandatory for all new and existing company directors and Persons with Significant Control (PSCs) – a radical shift from the old honour system.

This wasn’t a one-day deadline but the start of a 12-month transition to verify every relevant individual. The goal is simple: make the data provenance of corporate records more trustworthy by ensuring the people behind companies are who they say they are.

The impact is already visible. More than 1 million directors and beneficial owners proactively verified their ID ahead of the rule’s formal start. This wave of early compliance reflects a broad acknowledgement that transparency is the new normal. Reliable identity data flowing into the supply chain will eventually mean fewer bogus companies and shell directors polluting our databases.

In fact, Companies House now boasts stronger powers to query, reject or remove filings that appear false or misleading – moving from a passive filing cabinet to an active gatekeeper of data integrity. Between March 2024 and March 2025 alone, the registry queried or struck off false information affecting over 100,000 companies and rejected more than 10,200 suspicious filing applications. In short, the quality of corporate data is (slowly) improving.

Yet, like water finding a crack in a dam, fraud is already seeking out new weak spots. In the run-up to the ID verification rules, we witnessed some unusual activity. Many legitimate company officers rushed to confirm their details – a prudent move. But we also suspect less scrupulous actors tried to squeeze in registrations and confirm “questionable” filings before the gate slammed shut. After all, if you were intent on misusing the system, you’d prefer to do so before showing a passport or driving licence.

Time will tell how many dubious companies were snuck onto the register in late 2025 under the old rules. The onus is now on risk teams to sniff those out.

New data, new fraud patterns

Regulation can make data more reliable, but it doesn’t automatically stop fraud. It changes fraudsters’ behaviour. Yes, verifying directors will deter casual scammers. But determined bad actors will adapt – often by exploiting any remaining blind spots in the data pipeline.

Here are some emerging patterns and anomalies risk professionals should watch for as we enter this new era:

Fake financials

Some new or dormant companies are filing accounts with completely unrealistic figures – one remarkably claimed £58 billion in assets. Others have claimed cash reserves in the trillions. These filings are clearly fake but still end up on the public register. They’re often used to build false credibility and should be flagged automatically by risk systems.

Suspicious filing patterns

Strange filing behaviour is another warning sign. Examples include last-minute filings before rule changes, repeated changes to accounting dates, or constant use of micro-accounts to avoid scrutiny. One trick involves changing a company’s accounting year by just one day to delay filing full accounts. These patterns can signal an effort to hide something and should trigger alerts.

Gaps in identity verification

The new rules allow some people to verify their ID through an authorised agent (like an accountant). That’s useful – but only if the agent is properly verified too. We’ve seen cases where this isn’t clear. Risk teams need to check who’s doing the verifying and whether they’ve been vetted themselves. Knowing the chain of trust is just as important as the data itself.

What does a real‑time risk data pipeline look like?

Armed with cleaner data and aware of evolving fraud tactics, financial risk professionals can now pivot to what really sets apart proactive organisations: real‑time risk monitoring built on a sturdy data pipeline.

The goal in 2026 and beyond is continuous, real-time monitoring. And that requires engineering your data supply chain for speed and trust. In my experience, here’s the best way to approach it:

Integrate diverse data sources

Modern fraud detection draws on more than just registry filings. It taps into news feeds, sanctions lists, credit bureaus, even web data. A well-designed risk data platform (whether a data lake or warehouse) should ingest and link these sources into a unified view.

For example, if a new director is appointed at a company, your system should automatically cross-check that person against watchlists and the wider “corporate identity graph.” By resolving entities (through advanced entity resolution techniques), you might discover that this “new” director is also linked to three prior companies that collapsed due to fraud. Such link analysis can reveal risks that siloed data would miss.

Automate data cleaning and validation

Data provenance must be tracked meticulously at each stage. Implement automated checks for consistency and plausibility as data arrives. This could be as simple as flagging if a company that was dormant last year suddenly declares £50 million in revenue, or if a director’s name on a filing doesn’t match the name on the verification record.

Think of these as quality gates on the supply chain – much like a factory’s QC station catching defective parts. By systematically validating inputs, you stop bad data from ever reaching your risk models or analysts’ desks.

Deploy anomaly detection for early warnings

Advanced analytics (including AI, used wisely) can learn the “normal” patterns in filing behaviours and financials for companies in a given sector or risk cohort. When a company deviates – say, a usually punctual firm delays its annual return, or a borrower’s directorship suddenly resigns en masse – the system should raise a flag.

At Company Watch, we’ve built early warning systems that score such events in near real-time. These alerts enable risk teams to investigate potential fraud or distress signals before losses occur. It turns reactive due diligence into proactive surveillance, which is the need of the hour.

Embrace feedback loops with regulators

With ECCTA’s changes, regulators and law enforcement are more actively purging bad data and pursuing fraud. Companies House itself is becoming a stronger ally by removing bogus entries and even annotating the register with warnings.

Stay plugged into these updates. For instance, if a company you’re monitoring gets a Companies House query or strike-off notice, your system should know immediately. By mirroring the regulators’ vigilance in your own data, you ensure your risk assessments always reflect the latest ground truth.

Conclusion: Always trust by design

In a year of rapid change – from an embattled economy that often breeds scams, to new laws that promise cleaner corporate data – one principle stands out: vigilance must be engineered into the data itself.

Fraudsters will always try to slip through cracks, but if we fortify our data pipelines, those cracks become smaller and fewer. The firms that treat their corporate and financial data as a carefully managed supply chain will be the ones catching the next clone company or fraudulent set of accounts before they wreak havoc.

As risk professionals, our remit is no longer just to react to fraud after it happens, but to build trust into the system so we can prevent fraud wherever possible. That means investing in data quality, validation, and timeliness as much as in fancy algorithms. It means comparing then vs. now and ensuring that improvements in data integrity (like the ECCTA reforms) are fully leveraged, while remaining alert to new deceitful tactics that arise in response.

Above all, it means recognising that a “real-time risk” capability isn’t powered by magic. It’s powered by good data, flowing through a resilient pipeline, from the source all the way to the final decision. In the next era of fraud detection, success will belong to those who build that pipeline with care and never stop watching for the drip of water seeping through.