By Max Tether, Compliance Consultant
The Economic Crime and Corporate Transparency Act (ECCTA) 2023 provides various amendments to the Companies Act 2006. The most notable, the Failure to Prevent Fraud Offence, will come into force later this year, in September 2025. Affected firms should pay heed to the guidance on adherence to the new rules.
Changes already in place
Material changes presented by the ECCTA that have already taken effect are:
- Updates to the Identification Doctrine (effective December 2023)
- The ID Doctrine assigns criminal liability to organisations whose directing members’ conduct breaks the law
- The update extends this liability to include conduct by any ‘senior managers’ within the organisation. Previously it only applied to those who were deemed to represent the ‘directing mind and will’ of a company
- Increasing the Powers of the Registrar (effective March 2024)
- Companies House can now analyse, question, challenge and even reject data proposed
- The offence of misrepresenting company information has been expanded to capture those who provide inaccurate data ‘without reasonable excuse’ (previously it applied to those who ‘knowingly or recklessly’ provided such data)
- Companies House can now directly fine firms for failing to provide accurate data
Changes to come
And here are the key changes coming up later this year:
- Identity Verification (due autumn 2025)
- Verified ID will need to be provided to Companies House for new and existing directors/persons with significant control
- Existing directors will have a 12-month window (from autumn 2025) to verify their ID with Companies House
- Verification likely to occur via a digital service on the Companies House website. Directors will be linked with their primary ID, such as a passport
- Third parties who undertake filings on behalf of companies will need to be registered with a supervisory body for AML purposes to complete these submissions
- The Failure to Prevent Fraud Offence (due September 2025)
Spotlight on the Failure to Prevent Fraud Offence
The aim of the Failure to Prevent Fraud Offence is to make it easier to hold organisations to account for fraud committed under their watch and to encourage firms to establish prevention procedures and change their corporate culture around fraud. The core of the Offence is as follows:
An organisation may be criminally liable where an employee, agent, subsidiary, or other ‘associated person’, commits a fraud intending to benefit the organisation and the organisation did not have reasonable fraud prevention procedures in place.
Companies in scope of the Failure to Prevent Fraud Offence include solo large companies (as well as their parents and subsidiaries) that meet two or more of the following criteria:
- Over 250 employees
- Over £36m turnover
- Over £18m in assets
There are no territorial limitations to the Offence, i.e. it applies to non-UK entities if fraud affects UK victims.
Consequences of committing a Failure to Prevent Fraud Offence include possibly unlimited fines and prosecution against individuals for the base fraud committed.
Next steps expected of firms
Firms will need to consider the above points in the context of their activities. For 2025, keeping Companies House data up to date is a priority.
Regarding the Fraud Offence, firms should assess if they meet the threshold criteria. If so, there are defences that organisations can utilise against the charge of failing to prevent fraud. Firms should ensure they have the following ‘Reasonable Prevention Procedures’ in place with regards to fraud:
- Top level commitment from the board of directors, partners or senior management to foster a culture against fraud
- Risk assessment of the organisation’s exposure to the risk of associated persons committing fraud, as well as its systems and controls to prevent it
- Proportionate risk-based prevention procedures to prevent any occurrence of fraud
- Due diligence applied in respect of persons who perform or will perform services for or on behalf of the organisation
- Communication (including training) both internally and externally of the organisation’s stance against fraud and tools to prevent it
- Monitoring and review of the above preventative measures, and remediation where necessary.
Speak to IQ-EQ
To discuss the upcoming changes presented by the ECCTA, request assistance with implementing the required changes, or simply to find out more about the support available from IQ-EQ’s expert compliance consulting team, contact us today.
