Tony Lewis, Natalie Quinlivan, Farheen Ishtiaq-Stansfeld and Katherine Varatharajah from our Fraud, Commercial Crime & Investigations team discuss the Economic Crime and Corporate Transparency Bill which received Royal Assent yesterday, 26 October 2023 and what this will mean for businesses trying to navigate an already complex landscape when it comes to combatting fraud.

Heralded as a sledgehammer for prosecutors to wield against the business community in its efforts to tackle fraud and corruption, the new Economic Crime and Corporate Transparency Act 2023 (the "Act") introduces what the Government describe as world-leading powers which "will allow UK authorities to proactively target organised criminals and others seeking to abuse the UK's economy." Time will tell if they can achieve this aim but there are few disagreeing that the Act will add significantly to the ever-increasing burden on risk and compliance teams.

Key changes include a wider remit of powers for Companies House, a new Failure to Prevent Fraud offence and reforms to the so-called Identification Doctrine, in an overhaul of corporate criminal liability in the UK.

Key changes

A. Companies House

In the wake of much commentary on the issues with Companies House, the Act contains important reforms giving Companies House a larger role to play in investigations and enforcement. Whilst the existing remit of Companies House, per the Companies Act 2006, is to act as a register for company information and make that information available for public inspection, the Act introduces new objectives for Companies House which aim to improve the accuracy and integrity of the information on the register and give new powers to support this role. These include, amongst others, certain powers to:

  1. Require identity verification for all new and existing registered company directors, people with significant control, and those who file on behalf of companies.
  2. Remove inaccurate or unverified material from the register and require inconsistencies to be resolved, failing which a company can be struck off.
  3. Share information in line with requests from criminal enforcement agencies.
  4. Analyse their data to prevent and detect crime.
  5. Protect personal information to protect individuals from fraud and other harms.

While increased transparency obligations regarding company ownership progresses at pace in the UK, it is in marked contrast to developments in the EU where the EU's Charter of Fundamental Rights is posing challenges to corporate transparency in EU Member States' registries. It is increasingly the case that UK and UK oversea territories companies will have much higher transparency obligations than their European counterparts.

B. Failure to Prevent Fraud Offence

A decade after the proposal was first mooted by Sir David Green, and following a few false starts, the Act introduces a new failure to prevent fraud offence. Following in the footsteps of the failure to prevent bribery (Bribery Act 2010) and the failure to prevent tax evasion (Criminal Finances Act 2017), the failure to prevent fraud offence covers core fraud offences, such as fraud by false representation, fraud by failing to disclose information, and false accounting.

  1. Applies only to large companies and LLPs: Despite a series of debates between the Houses of Commons and Lords on the scope of the offence, the failure to prevent fraud offence will only apply to companies and incorporated public bodies qualifying as large under the Companies Act 2006, i.e. those that meet at least two of the following criteria: (a) turnover of more than £36m; (b) balance sheet total of more than £18m; (c) more than 250 employees. This is a marked difference from the earlier failure to prevent offences which apply to all companies, regardless of their size.
  2. The role of an 'associated person': Organisations will be liable if an 'associated person' commits a fraud offence for the benefit of the company. For these purposes, an associated person includes employees, agents, subsidiaries and intermediaries who perform services for or on behalf of the company.
  3. No liability if company is a victim: The Act provides an important exemption where the company was or was intended to be a victim of the fraud offence. This means a corporate will not be liable where an associated person commits a fraud offence for their own benefit, rather than for the benefit of the company.
  4. Strict liability offence: The company does not have to be aware of the fraud in order to be liable. It is sufficient for a crime to be committed by an associated person for the company's benefit.
  5. Extra-territorial effect: Importantly, the offence will have extra-territorial effect. This means that where conduct occurs abroad which would constitute fraud under UK law, or targets UK victims, the company could still be liable. Similarly, where conduct occurs in the UK, but the company is not based in the UK, the company could still be caught.
  6. Defence: The principled defence available to a corporate is to show that the company has reasonable prevention procedures in place to prevent the conduct from occurring. It is expected that the Government will issue guidance on what they consider reasonable prevention procedures to comprise early in the New Year.
  7. Penalties: If a corporate is found liable, they face an unlimited fine, loss in shareholder value and reputational damage, alongside the risk of civil litigation.

This new offence, which will come into effect when the Guidance is published next year, will require businesses to conduct updated fraud risk assessments across their operations to establish their risk profile. Once established, appropriate systems should then be implemented, or existing ones can be finessed, to ensure the business is safeguarded against future criminal enforcement.

C. Identification Doctrine

The amendments to the identification doctrine have been on the wish list of prosecutors for a very long time. Up until now, corporate criminal liability was determined according to the common law identification doctrine, which attributed the actions of an organisation's "directing mind and will" to the organisation itself.

As discussed by our colleagues previously, prosecutors struggled to satisfy this test when applying it to large companies with complex management structures whose directing minds are not readily identifiable. The Act has sought to reform the Identification Doctrine to make it easier to prosecute companies for economic crimes committed by senior managers.

An organisation will now be criminally liable when part or all of a specified economic crime (including fraud, bribery and tax offences) is committed in the UK by a senior manager of that company or partnership.

The new Doctrine will take effect from December and will cover instances where the senior manager is a person who plays a significant role in the making of decisions about the whole or a substantial part of the activities of the organisation. If the senior manager is guilty, the business will also be guilty. This change alone will mean the risk profile of many companies needs revisiting.

Unlike the failure to prevent fraud offence, this applies to all companies regardless of their size. That said, the impact will be reduced for smaller and less complex companies by virtue of the fact that senior managers will be more easily identifiable. Multinationals and other corporates will need to take steps to identify who their senior managers are for these purposes and assess economic crime risk falling within the scope of their authority. Consideration can then be given to how best to manage these risks.

The aim of the changes to the identification doctrine is to put the common law principle of the 'directing mind and will' on a statutory footing in relation to economic crime and make prosecutions of corporate defendants for economic crimes more successful by accounting for the practical shortfalls of the common law principle. We have seen many high-profile prosecutions collapse in recent times due to failures in corporate criminal attribution, therefore this lowering of the threshold signals a new era of exposure for organisations.

Will the ECCT Bill be effective in clamping down on fraud?

Fraud is by no means a new player in the corporate crime arena. However, with high corporate transparency requirements, and multiple routes through which an enforcement agency can investigate and prosecute corporates, the Act will likely make it easier for corporates to be held accountable for fraud within the business or perpetrated by associated persons of the business.

Although the failure to prevent fraud offence is limited in its application to large businesses, the attribution of liability for corporate crime through the action of senior managers applies to businesses of all sizes. This means there is homework for risk and compliance teams regardless of the size of the business to ensure they are fully compliant with the Act.

When an issue does arise, given fraud's prevalence both internally and through third party engagement, businesses should seek advice at as early a stage as possible regarding whether the offence is engaged. The risks here are significant. Long before a criminal prosecution takes place, the business facing criminal allegations will need to manage an internal and external investigation. These are time and cost intensive processes and early intervention can make all the difference.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.