Economic Crime & Corporate Transparency Act 2023

Protect your business from the risk of prosecution with our exclusive Economic Crime and Corporate Transparency Act resources.

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) represents a huge overhaul of corporate crime legislation. The changes affect all UK businesses, meaning they are now at greater risk of prosecution for crimes, such as fraud, false accounting, theft, money laundering, bribery and financial mis-selling.

We can help you to protect your business against the impact of this new law, including the new corporate offence of Failure to Prevent Fraud and the expansion of the Identification Doctrine, by ensuring that you have the right training and internal processes and procedures in place.

Economic Crime & Corporate Transparency Act Webinar Replay

In 2023, new legislation broadened economic crime offences for businesses and officers, aligning with the government’s Fraud Strategy to curb fraud and increase corporate transparency.

These changes impact all businesses in England and Wales, with further updates expected soon, making it essential to stay informed and protect your business.

Watch the replay and explore how these changes impact businesses and the protective measures you should consider.

You’ll learn:

  • How Companies House changes will impact your business
  • Who may incur liability with the expanded corporate criminal liability
  • When the Failure to Prevent Fraud offence might apply to your business
  • What enhanced law enforcement powers might mean for your business

 

Key Changes Guide

Our summary guides provide the answers to key questions on the changes and how they may affect your business. We’ve split these into three sections:

Expansion of Corporate Criminal Liability

The circumstances in which an organisation can be held liable for a criminal offence have been expanded.

What is the new law?

If a senior manager of a corporate body or partnership acting within the actual or apparent scope of their authority commits a relevant offence after 26 December 2023, the organisation is also guilty of the offence.

What is meant by a senior manager?

A person who has authority to make decisions, or actually manages and organises, the whole or a substantial part of the activities of an organisation. Managers in operational divisions and regional managers are likely in-scope.

Is the definition of senior manager the same as in the Financial Services and Markets Act 2000?

No. The same legal test as the Corporate Manslaughter and Corporate Homicide Act 2007 has been adopted. This considers the role of the individual– not just their title.

Does the new law relate to all offences committed by a senior manager?

No, at this stage it only relates to economic crime offences (see below), but it will be extended to all offences before long.

Is it already in force?

Yes. It came into force on 26 December 2023. However this only applies to offences committed from that date onwards; it does not have retrospective effect.

Does it affect my business?

It will affect any business entity that has a person that can be considered a ‘senior manager’, regardless of size. That is, essentially, every form of business.

What are the consequences of this change?
  • The range of employees that can cause businesses to become criminally liable is substantially broader.
  • Prosecutions of corporate entities for fraud offences have also become easier as, whilst dishonesty has to be proven, it will now include conduct by a senior manager — no ‘directing mind and will’ (the harder to test to prove) of the corporate need be involved.
  • We expect an increase in private prosecutions — as the Economic Crime and Corporate Transparency Act makes it easier to find a business entity liable for actions of more individuals within it.
How do I protect my business?

Use this checklist:

  • Do you have people within your organisation who meet the definition of a senior manager?
  • What activities do they perform within the business where it is possible that they could commit an economic crime offence?
  • What policies, processes and procedures are in place to prevent economic crime offences that may be committed, to identify them where they have occurred, and to take action where required?
  • What training has been provided to senior managers?

 

Failure To Prevent Fraud Offence

The government’s aim in developing the new Failure to Prevent Fraud offence is to force better corporate behaviours to prevent fraud from occurring, and to bring acts of fraud in line with other legislation that you may be familiar with, including:

a. Bribery Act 2010 offences – i.e., failing to prevent bribery.
b. Criminal Finances Act 2017 – i.e., tax evasion offences.

How does this new offence apply to my business?

This new law applies to any large body corporate or partnership (referred to for these purposes as a “Relevant Body”) if certain criteria are made out. It essentially means that, if you operate a large business (defined below) and a fraud is committed by a person associated with it, and with an intention to benefit it, then your business will be liable unless it can prove it had reasonable procedures in place to prevent it from happening. A business does not need to have intended or ordered that the criminality happen; it just needs to have failed to stop it from happening.”

We look at the two examples below:

Flowchart of New Offences - Failure to prevent fraud examples

Example 1

  • an associate (employee, agent, subsidiary or service provider) of the Relevant Body
  • commits a “fraud offence”
  • intending to benefit (whether directly or indirectly) the Relevant Body or
  • intends to benefit any person to whom the associate provides services on behalf of the Relevant Body including their subsidiaries. In reality this is likely to be the Relevant Body’s customers and clients
  • the Relevant Body is a large organisation (see below for the definition).

 

Example 2

  • an employee of the Relevant Body
  • commits a fraud offence
  • intending to benefit (whether directly or indirectly) the Relevant Body or
  • intends to benefit any person to whom the employee provides services on behalf of the Relevant Body including their subsidiaries.
  • the Relevant Body is the subsidiary of a large undertaking (see below), even if it does not meet the criteria itself.
What constitutes a fraud offence for these purposes?

The factsheet issued by the Government describes the behaviours it is trying to prevent as “dishonest sales practices, hiding important information from consumers or investors, or dishonest practices in financial markets”.

An employee may commit a fraud for their own benefit but if it inadvertently benefits the Relevant Body, the Relevant Body will be guilty of an offence unless it has reasonable procedures in place (see more on this below).

The fraud offences listed in the Act are:

  • fraud by false representation (section 2, Fraud Act 2006)
  • fraud by failing to disclose information (section 3, Fraud Act 2006)
  • fraud by abuse of position (section 4, Fraud Act 2006)
  • obtaining services dishonestly (section 11, Fraud Act 2006)
  • participation in a fraudulent business by a sole trader (section 9, Fraud Act 2006)
  • false statements by company directors (Section 19, Theft Act 1968)
  • false accounting (section 17, Theft Act 1968)
  • fraudulent trading (section 993, Companies Act 2006)
  • cheating the public revenue (common law).
What is meant by a ‘large undertaking’ for the purposes of the Failure to Prevent Fraud offence?

A ‘large undertaking’ for the purposes of the Failure to Prevent Fraud offence means an organisation that meets two of these three criteria:

  1. it has more than 250 employees;
  2. it has more than GBP 36 million turnover; and / or
  3. it has assets of more than GBP 18 million

The Failure to Prevent Fraud offence therefore does not, currently, apply to Small and Medium-sized Enterprises (“SMEs”), except in circumstances where the SME’s parent organisation meets the above criteria.

My business does not meet the criteria for a large organisation. Does that mean I don’t need to worry about the Failure to Prevent Fraud offence?

No, for two reasons.

First, if someone within your organisation commits a fraud offence while providing services to a Relevant Body, the Relevant Body could be liable for that fraud offence unless it has reasonable procedures in place.

It is therefore extremely likely that before a Relevant Body agrees or continues to do business with you, they will ensure that your organisation has procedures in place to prevent fraud. So, we are advising those in that position to start thinking about this now.

Second, it is expected that the Failure to Prevent Fraud offence will be expanded to capture Small and Medium-sized Enterprises in time. This has been a subject of much debate, but the prevailing thought is that it would be unfair to implement this only against larger organisations and not smaller ones.

Is my business still at risk if we are based overseas / the associate who committed the fraud offence is based overseas?

If the fraud (or part of it) contravenes UK law, targets UK victims or leads to a gain in the UK, the Relevant Body could be prosecuted even if the Relevant Body (and the associate) are not based or even incorporated in the UK.

Is there a defence to this offence?

Yes. Though it requires proactive steps beforehand.

The Relevant Body will have a defence to Failure To Prevent Fraud if it can show that, at the time the offence was committed, it had ‘reasonable procedures’ in place or that it was not reasonable to require them to have any prevention procedures in place. We expect the latter to be difficult to rely upon.

As a result, it will not be necessary to prove that a Relevant Body’s management knew about or ordered the fraud but simply that they did not have the proper procedures in place.

It is also important to note that a Relevant Body will not be guilty of an offence if it is in fact purely the victim of the fraud, or if the associated person acted was solely for personal gain and it was not their intention that the Relevant Body gain from it.

Can I, as a director of the company, be prosecuted as an individual for Failure to Prevent Fraud?

Law enforcement won’t prosecute managers in their personal capacity for Failure to Prevent Fraud. In the event a manager knew what was happening and encouraged the behaviour, there are other offences that they could be prosecuted for but Failure To Prevent Fraud will remain a corporate offence.

What is the worst-case scenario if my company is prosecuted for Failure to Prevent Fraud?

The penalty for Failure To Prevent Fraud is an unlimited fine. A prosecution for this offence has other potential consequences such as affecting your chances of obtaining business insurance, or of winning contracts, particularly public sector contracts.

Deferred Prosecution Agreements are available for this offence. This is an opportunity for a Relevant Body to avoid prosecution by entering into an agreement with law enforcement. However, these are difficult to secure and require significant work and negotiation with law enforcement, resulting in them being a costly way to avoid prosecution.

Are there any other consequences of the new offence to be aware of?

We anticipate that there will be an increase in private prosecutions (where non law enforcement individuals or entities bring prosecutions for criminal offences) as this offence makes it far easier to establish corporate liability than the pre-existing law.

How do I protect my business?

Use this checklist:

  • Have you conducted an audit to identify all associates that may place your business at risk?
  • Have you identified the ways in which your business may be at risk of a fraud offence being committed?
  • Do you have reasonable procedures in place to prevent fraud?
  • Have you provided training to all members of staff?

Companies House changes and new powers

Companies House, the registrar of incorporated corporate bodies, has four new statutory objectives:

a. To ensure that those required to deliver documents to the Registrar do so, and that the requirements relating to proper delivery are complied with.
b. To ensure that information contained in the register is accurate and that the register contains everything it ought to contain.
c. To ensure that records kept by the registrar do not create a false or misleading impression to members of the public.
d. To prevent companies from (a) carrying out unlawful activities; or (b) facilitating the carrying out by others of unlawful activities.

What are the new registered address requirements?

An appropriate physical address is now required for your company, where documents can be sent to a real person (providing a PO Box address will no longer be permissible).

If an appropriate address is not provided in the timeframe, the business risks Companies House changing it to the default address. This may have an impact on a business’ ability to obtain credit for example.

There is also a new requirement to supply an appropriate registered email address. This won’t appear on the register, though careful thought needs to be given to what address is provided (a team’s email address is likely to be most appropriate rather than an employee’s, should they leave your organisation).

Will there be any new filing requirements?

Yes, Companies House is making changes over the next two to three years which will mean filing accounts can only be done digitally in an electronic format and ultimately through software.

New companies will now have to confirm their formation is for a legal purpose and its future activities will be lawful. Existing companies will need to provide similar information as they file their confirmation statements from March 2024.

Micro and small companies now need to file a profit and loss account, and small companies will also need to file a Directors’ Report. It is likely that profit and loss information will remain private from the public record, however.

What are the new identity verification checks?

The Act has introduced requirements for all new and existing Directors, as well as people with significant control and filing responsibilities on behalf of companies, to have their identities verified.

The new Director verification checks are for natural persons only meaning, unless otherwise exempted, only natural persons can be company Directors. The Act introduces a ban on corporate Directors so that all Directors need to be natural persons.

Will Companies House check the accuracy of information it’s provided with?

Yes, the Registrar can now check, query, reject, and remove information. It can challenge and request evidence to corroborate information it receives. Companies House can ask for or compel more information if there is reasonable doubt about the veracity of information supplied to protect the integrity of the register.

For example, where supplied information is not consistent with other information already held by Companies House, or with other public and private sector data, it can cross-check it against.

It can also act to remove incorrect information more quickly particularly where it could be relied on in other matters by consumers, such as a requested change of name or reduction in share capital.

Does Companies House have the power to decline approval or remove a company’s name?

Yes, there is now more control over company names and powers to direct changes. For example, if the name suggests a link to a foreign state, is misleading, or uses computer code.

If a company is required to change its name and doesn’t do so in 28 days, the name may be removed from the register and replaced with the company number. A person required to change a name and who doesn’t, may also face a fine of up to £1,000.

What happens in the event rules aren’t complied with?

The Registrar will be able to prosecute criminal offences. For example, for not providing evidence within a time limit.

The criminal offence of providing misleading, false or deceptive information to Companies House has been expanded. This now applies where any person provides misleading, false or deceptive information without reasonable excuse (rather than applying only where any person does so knowingly or recklessly).

There is also a new aggravated criminal offence for knowingly providing misleading, false or deceptive information.

Further, there is a new offence of acting as a Director without telling Companies House within 14 days of appointment and powers to disqualify Directors have been increased to include more categories such as where a person is designated under sanctions rules.

What is the worst that can happen?

The Registrar will be permitted to proactively share information with another public body for a purpose connected to its function. For example, with law enforcement agencies and Insolvency Practitioners in particular, where prosecution decisions could end in imprisonment of company directors, unlimited fines, or both.

This is a clear drive towards the ‘transparency’ referenced in the name of the Act and the interlinking roles the government sees stakeholders taking in ensuring cultural change is enacted.

How do I protect my business?

Use this checklist:

  • Have you checked the information currently held by Companies House for your business is accurate, consistent and up to date?
  • Are you ready and prepared for the identity verification checks?
  • Do you have a corporate Director or a P.O. Box address that needs replacing under the rules?
  • Have you nominated a suitable mandatory email address to provide Companies House?

Meet the team

The reputation of our Business Crime & Investigations team is built on discretion, integrity and success in the cases we take on.

Our multi-disciplinary team, comprising of specialists from within our firm, understand the expertise you require, where the criminality and regulatory issues lie and when we need to utilise our international networks.

When you choose us you can expect the highest standards of expertise, commitment and practical guidance to help you through difficult times.

Find out more Get in touch

Latest articles