Corporate cards for UK businesses: How to choose the right programme

Choosing the wrong corporate card programme raises fees and leaves your finance team chasing receipts that should already be matched. It creates audit trail gaps that a compliance review could flag, and it leaves your spend data sitting in a format your accounting software can't use.

Most provider comparison pages treat corporate cards as a payment product. For finance teams responsible for complex spend controls, that's not the whole picture. The difference between a card product and a finance-grade programme shows up after the transaction is done. It shows up in how much work the programme adds to month-end, the audit trail it leaves behind, and the evidence your board can show on internal controls now that new UK governance rules require a declaration.

Those practical demands are now tied more closely to governance expectations. Before comparing card types, costs, or providers, it helps to understand why programme design has become a control question as much as a payments one.

What the UK regulatory environment means for your programme choice

Three regulatory changes from late 2025 onwards raise the bar on corporate card governance. None of them mentions corporate cards specifically. All three make your card setup part of the evidence regulators and auditors expect to see.

Failure to prevent fraud under ECCTA

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) introduced a "failure to prevent fraud" offence that came into force on 1 September 2025. It applies to large organisations meeting two of three thresholds: more than 250 employees, turnover above £36 million, or balance sheet total above £18 million. If an employee, agent, or other associated person commits fraud intending to benefit your organisation, you could face criminal liability unless reasonable fraud prevention procedures were in place.

A corporate card programme without pre-transaction controls weakens that defence. To show your fraud-prevention procedures are working in practice, not only on paper, you need documented evidence of how they operate day to day, according to Serious Fraud Office guidance.

Could you produce that evidence today, or would your compliance team have to scramble for it under scrutiny? If the answer is the second, the programme has a gap to close before any defence relies on it.

Internal controls under Provision 29

Boards must now declare the effectiveness of material internal controls under Provision 29 of the Financial Reporting Council (FRC) UK Corporate Governance Code. The new requirement applies to accounting periods beginning on or after 1 January 2026, so your first annual report including this declaration will be published in 2027. If your card programme allows unlogged edits to posted transactions, or doesn't keep a complete audit trail, you have less evidence to point to when the declaration comes due.

Card scheme fee transparency

Card scheme fee structures are complex and opaque, according to a March 2025 final report from the Payment Systems Regulator (PSR). A later consultation proposed requiring schemes to give at least six months' notice before changing those fees. Until those changes take effect, you'll want clauses in your contract that limit fee increases over the life of any multi-year agreement.

Those three shifts raise the bar for what a corporate card programme has to do. They affect which providers qualify for your shortlist, and which contract terms you should negotiate before signing.

Corporate credit cards, charge cards, prepaid cards, and virtual cards: What each type costs you

Every provider offers some combination of these four card formats. The cards themselves are the baseline. The real difference between providers is in the controls, evidence, and integrations they build around the cards.

If you've inherited a corporate card programme and never questioned its structure, you may be carrying costs or risks that a different card type would eliminate. Are you paying interest on balances your team could settle monthly, or tying up working capital in prepaid top-ups when a credit facility would serve you better? The four card types below address both questions.

Corporate credit cards

With a corporate credit card, you get a revolving credit line. That gives you cash flow flexibility, with interest-free periods on many UK bank cards. The trade-off is interest-rate risk: APRs on UK business credit cards vary widely between providers. If you don't clear balances monthly, they can become an expensive form of finance, as the Association of Chartered Certified Accountants (ACCA) notes.

Charge cards

Charge cards require the full balance to be cleared every month. There's no option to carry it forward, so no interest builds up, but you also lose the credit buffer that a revolving facility gives you.

Prepaid cards

Prepaid cards work like topped-up balances. You load money onto the card up front, and that amount becomes the spending limit. Overspend becomes impossible, and most prepaid providers integrate with accounting software for automatic expense categorisation. The trade-offs: no credit buffer, and you'll need to manage top-ups actively.

Virtual cards

Virtual cards aren't a separate payment type. They're a digital card format you can issue from a prepaid, debit, or credit-backed programme. Each one carries unique card details and can be locked to a single use or a specific merchant. They're useful for controlling online subscriptions and one-off purchases. The limitation is straightforward: virtual cards don't work for in-person payments.

The best fit for your business comes down to two questions. The first is whether you need a credit facility for cash flow, or whether pre-funded control better matches how your finance team operates. The second is who carries the liability. Under individual liability, the employee contracts with the issuer and claims reimbursement, which creates paperwork friction and cash-flow stress for the employee, especially on teams with significant travel or project spend. Under corporate liability, your company contracts directly, which reduces employees' financial exposure and simplifies P11D reporting.

Before shortlisting providers, confirm your eligibility requirements with each one. Programme thresholds and underwriting approaches vary by provider. Under a corporate liability model, the issuer's underwriting focuses on the business.

Evaluation criteria that separate a programme from a card product

The finance-grade distinction lives here. Two providers can offer the same card type and the same headline fee structure, and one will save your finance team a working week each month while the other adds friction. Before any provider demo, you need to know whether the programme will still work when your team doubles, your accounting software changes, or when HMRC asks for a complete audit trail for a specific quarter.

Total cost of ownership beyond the headline fee

Annual fees are the visible cost. The real total includes FX margins, ATM withdrawal fees, inactivity fees, and application programming interface (API) access charges. Ask for a full written fee schedule and a worked example based on your projected transaction volume and currency mix before contract signature. That gives you a like-for-like basis for comparing providers.

Spend controls that work before the transaction

Without pre-transaction controls, the card keeps working no matter what. The cardholder can transact even if last month's receipts are still missing.

You need three controls on every card: spending limits you can adjust in real time, the ability to block specific merchant categories (gambling, cash advances, anything outside policy), and instant card freezing.

Can your finance team adjust limits from a dashboard without contacting the provider? Can they freeze and unfreeze a card immediately from the platform? If either answer is no, your finance team is waiting on the provider every time something needs to change. These controls also count as documented evidence of pre-transaction fraud prevention under ECCTA's reasonable-procedures defence. They earn their keep day to day and in an audit.

Accounting software integration depth

Proper integration needs more than a bank feed importing total transaction amounts. You need VAT amounts separated from net amounts, nominal codes and cost centres mapping through from the card platform, and receipt images attached in your accounting system. Your card data needs to flow into Making Tax Digital-compliant records, so confirm the integration is listed on your accounting platform's app marketplace. A claim on the provider's own website isn't verification.

Audit trail and approval workflow integrity

Can a cardholder or administrator edit a posted transaction after submission? If they can, is the edit logged with a timestamp and user ID? An unlogged edit is invisible after the fact, which leaves no defensible audit trail. Separation of duties is the other thing to verify. The person submitting an expense can't also be the person approving it, and the platform should enforce that automatically. Relying on staff to follow the expense policy guide is too easy to bypass. Systems should also check transactions against the policy, flag duplicates, and restrict coding to approved categories.

Receipt capture and VAT reclaim automation

Every finance controller knows the dread of approaching month-end with a stack of unmatched corporate card transactions and no receipts to show for them. For VAT recovery, card statements aren't sufficient on their own. You need the underlying VAT receipt or invoice for each transaction, as ACCA guidance on input tax recovery sets out. Without those records, HMRC can disallow the VAT claim, which means you've paid the VAT and can't reclaim it.

Does your provider's optical character recognition (OCR) extract VAT amounts and supplier VAT registration numbers, or only the total? What happens to unmatched transactions at month-end? Weak answers on either become your finance team's month-end backlog.

In practice, Niji's case study shows what good capture looks like. Niji's receipt recovery went from 10% to near-complete after switching from manual reconciliation to automated extraction on Spendesk, while transaction volume scaled 12 times over the same period. That kind of automation moves the VAT reclaim risk off your finance team's month-end.

Regulatory status of the card issuer

Too many mid-market companies skip checking provider regulatory status. Verify Financial Conduct Authority (FCA) registration independently via the FCA Register before entering contract negotiations. It's also worth distinguishing between bank-issued cards and cards from an electronic money institution (EMI). Bank-issued cards have deposits protected by the Financial Services Compensation Scheme (FSCS) up to £120,000 per eligible person, per authorised firm. EMI-issued card funds are safeguarded under Payment Services Regulations 2017, but FSCS protection doesn't apply.

Evaluating all of this can feel overwhelming when your team is already stretched. Getting the criteria right up front saves more time than running the process again in a year. The criteria above also describe what a spend management platform is built to deliver: all of them operating on a single connected workflow.

Spendesk is an all-in-one spend management platform consolidating company cards, expense management, accounts payable, procurement, and budgeting. For finance teams comparing card products, that consolidation matters because pre-transaction controls, audit trail, receipt automation, and integration depth all share one workflow.

Getting your programme live without disrupting month-end

A well-selected provider still underperforms if the rollout is rushed or the policy isn't in place before cards are issued. Bad processes get worse when you put technology on top of them. The finance-grade distinction either gets built into the rollout, or it doesn't show up at all.

Building the policy before issuing the cards

Your written card policy needs to exist before any card is distributed. The first thing HMRC is likely to ask for in an employer compliance inspection is a copy of your policy, according to Blick Rothenberg's expense-policy guidance. The same document also defines your starting position for any internal review.

At minimum, your policy should define:

• Approved and prohibited expenditure categories

• Receipt submission deadlines

• Consequences of misuse, including card cancellation triggers

• The liability model

For benchmarking, the University of Glasgow's corporate card policy requires employees to code all credit card expenditure within two weeks of receiving their statement, which is a useful cadence for mid-market teams that close monthly.

Setting tiered authorisation limits

For spend limits, a tiered authorisation model works well. Individual limits scale with seniority, and you introduce dual authorisation above a defined threshold. Team leads might have single-transaction authority up to £1,500, heads of department up to £5,000, and anything above £10,000 requires joint sign-off from two senior stakeholders. The specific numbers depend on your budget cycles and risk appetite.

Onboarding cardholders and tracking adoption

Employee onboarding should follow a clear sequence. Start with a signed cardholder agreement and practical training on receipt capture and expense coding. From there, cards can be issued through a designated programme administrator, followed by a structured review of the new cardholder's first expense cycle. You'll want to cancel cards immediately on resignation, redundancy, or extended leave, and set a final expense submission deadline before the employment relationship ends. That prevents transactions from posting after the cardholder's authority has lapsed.

How will you know the programme is working? Track four metrics against your pre-programme baseline:

• Percentage of transactions with receipts submitted within the defined deadline

• Number of out-of-policy transactions flagged per period

• Duplicate transaction alerts

• Time to month-end close, where finance operations or another designated team owns or tracks it

Tracking those four metrics gives your finance team the data to demonstrate the programme's value to the board, especially where finance operations or another designated team tracks month-end close. That matters when the FRC Provision 29 declaration requires evidence of effective internal controls.

Choosing a programme that grows with your finance team

As your team scales, the cost of choosing a card product over a finance-grade programme grows. By the time Provision 29's first declaration is due, you'll either be pointing at the data that proves your controls work, or scrambling to assemble it. The same logic applies to ECCTA's reasonable-procedures defence, and to whatever fee transparency rules the PSR finalises.

Pre-transaction spend control, complete audit trails, and real-time spend tracking aren't legally required as baseline features. They're best practice. The programmes that treat them as baseline anyway are the ones built to support a finance team.

The cost of choosing the wrong programme is rarely a single line item. It's the working week your finance team loses chasing receipts, the audit trail gap that becomes a Provision 29 control deficiency, the spend data that arrives in a format your accounting software can't use. None of those costs appear on the contract you sign. A finance-grade programme isn't a different card. The criteria above need to operate as a single workflow, and that gets harder to deliver when each capability is a separate product from a different vendor.

For finance teams looking at how those criteria fit together inside one platform, see Spendesk in action.

Frequently asked questions about corporate cards for UK businesses

How should you compare corporate liability and individual liability in practice?

It comes down to two things: who contracts with the issuer, and who carries the financial exposure. Under individual liability, the employee contracts with the issuer and claims expense reimbursements, which creates paperwork friction and cash-flow stress for the employee, especially on teams with significant travel or project spend. Under corporate liability, your company contracts directly. That reduces employees' financial exposure and simplifies P11D reporting, though some P11D obligations may still apply to personal or non-business expenditure.

What evidence should you request during a provider demo?

Ask the provider to show how pre-transaction controls work in real time, how limit changes and card freezes are handled, and whether edits to posted transactions are logged with a timestamp and user ID. You should also ask for a full written fee schedule, a worked example based on your projected transaction volume and currency mix, and evidence that the accounting integration is listed on your accounting platform's official app marketplace.

How can you tell whether a programme will suit a multi-entity business later on?

Look beyond what works today. The right question is whether the programme will still work when your team doubles, when your accounting software changes, and when your business scales from 30 employees to 150 across multiple entities. A finance-grade programme should keep audit trails intact, maintain usable accounting data, and avoid adding month-end workload as complexity grows.

Why is fee visibility so important before you sign?

Because the headline annual fee is only part of the cost. Review FX margins, ATM withdrawal fees, inactivity fees, and API access charges, then ask for a written fee schedule and a worked example based on your transaction profile. That gives you a like-for-like basis for comparing providers before you commit to a multi-year agreement.

What makes a provider shortlist worth revisiting before contract negotiations?

A shortlist should narrow to providers that meet both operational and regulatory requirements. The deciding factors are pre-transaction spend controls, complete audit trails, accounting automation depth, VAT evidence capture, and independent FCA registration checks. These are what determine whether a provider belongs in final negotiations at all.