On 26 October 2023, the Economic Crime and Corporate Transparency Act 2023 (ECCTA) became law in the UK. ECCTA represents a comprehensive overhaul of several different areas of the UK’s existing legal framework for corporate and economic crime. The stated purpose of ECCTA is to tackle the use of UK business and finance for criminal activities. As such, it introduces changes ranging from new powers for enforcement agencies; additional requirements for corporate transparency; and perhaps of most importance, legislative changes aimed at facilitating the prosecution of corporations for fraud and economic crime failings. 

The changes introduced by ECCTA are being implemented into UK law on a rolling basis, with certain provisions already in effect. In relation to specific aspects of ECCTA, the Government will also publish guidance on how it will interpret new offences and its expectations for corporates in ensuring compliance. 

This article provides an overview of the key legislative changes introduced by ECCTA in respect of corporate criminal liability and enforcement. The UK’s framework for corporate criminal liability can have extra-territorial reach for corporates located outside the UK. This article outlines the key concerns of which international corporate groups, and those advising them, need to be aware. 

Corporate Criminal Liability

The “Failure To Prevent Fraud” Offence

From the perspective of corporate criminal liability, perhaps the most significant aspect of ECCTA is the introduction of a “failure to prevent fraud” (FTPF) offence. The FTPF offence follows in the footsteps of similar “failure to prevent” offences already in effect in the UK, being “failure to prevent bribery”¹; and “failure to prevent the facilitation of tax evasion”².

The FTPF offence makes it an offence where a person associated with a “relevant body” commits a fraud offence intended to benefit, whether directly or indirectly: (a) the relevant body; (b) or any person to whom, or to whose subsidiary undertaking, the associate provides services on behalf of the relevant body³. For this purpose: 

• A “relevant body” means a “large organisation”, being an organisation that satisfies two of more of the following conditions in the financial year that precedes the year of the relevant fraudulent offence⁴:
  • its turnover is more than £36m; 
  • its balance sheet total is more than £18m; and
  • it has more than 250 employees. 
• An “person associated” means⁵:
  • a person who is an employee, agent or subsidiary undertaking of the relevant body; or
  • a person who otherwise performs services for or on behalf of the relevant body.

It also includes anyone who is an employee of a subsidiary of the relevant body⁶.

• A “fraud offence” means an act that constitutes an offence listed in Schedule 13 to ECCTA or the aiding, abetting, counselling or procuring the commission of such an offence. At present, the offences included in Schedule 13 to ECCTA are broad, including the offences of false accounting⁷; false statements by company directors⁸; fraudulent trading⁹; fraud¹⁰; participating in a fraudulent business carried on by a sole trade¹¹; obtaining services dishonestly;¹² and the common law offence of cheating the public revenue. There is scope for further offences to be added using secondary legislation.

The FTPF offence is a strict liability offence meaning that if a qualifying fraud offence under Schedule 13 of ECCTA is committed and the requirements set out above with respect to the definitions of a “relevant body” and “person associated” are satisfied, then the corporate body has prima facie committed the offence. However, a body does not commit a FTPF offence where it was itself the victim of the fraud¹³. In addition, in circumstances where the individual committing the offence is an employee of a subsidiary of the relevant body, a FTPF offence will only be committed if that person intended to benefit the parent company (whether directly or indirectly). Otherwise, in order to avail itself of a defense to the FTPF offence, the relevant body will need to prove at the time the fraud offence was committed: (a) it had in place preventative procedures that it would be reasonable in all the circumstances to expect it to have; or (b) it was not reasonable in all the circumstances to expect it to have any prevention procedures in place¹⁴.

The FTPF offence is not only of relevance for UK companies, but is intended by the Government to be of extra-territorial effect in circumstances where part of the relevant fraudulent act takes place in the UK or targets UK victims, even if the corporate and employee are based in another jurisdiction¹⁵. Many of the statutory fraud offences that are relevant to the FTPF offence have extra-territorial effect¹⁶, insofar as an offence is committed where a “relevant event” occurs in the jurisdiction. “Relevant event” in this context means any act, omission or event required for a conviction of an offence, or specifically in relation to fraud pursuant to section 1 of the Fraud Act 2006, where the harm or gain occurred in the jurisdiction. Consequently, international companies could be at risk of committing the FTPF offence where a constituent element of a fraudulent offence occurs in England and Wales. This is an important point for companies to bear in mind when conducting internal investigations into any suspected impropriety by its employees. 

As noted above, the definition of associated person is very broad and companies can commit the FTPF offence even when they and all associated persons are not based in the UK. Companies will therefore also need to ensure that their entire corporate groups are aware of the FTPF offence and are also subject to appropriate policies and procedures. 

The Government has not yet set a date for the FTPF offence to come into effect. Following the recent change in Government, current predictions are that it will come into effect in early 2025. Prior to the FTPF offence coming into effect the Government will release formal guidance setting out the steps that it expects relevant bodies to take in order to avail themselves of a defense. It is very important for bodies to ensure they are aware of the guidance and steps that will be expected; and that they have scrutinised the suitability of their existing policies and procedures, including regular training and risk assessments, in order to avail themselves of a defense if a relevant fraud offence is committed within its business.

The Identification Doctrine

ECCTA has introduced a change to the “identification doctrine” by which criminal liability can be attributed to a corporate body or membership as a result of the conduct of individuals at the company. This change came into effect on 26 December 2023. 

The existing identification doctrine under English law has received substantial criticism, particularly from enforcement agencies, for being too restrictive. In summary, to date the identification doctrine has required conduct to be attributable to an individual who represents the “directing mind and will” of a company¹⁷. In the modern-day context of large organisations with multiple layers of management and committees, prosecuting agencies have argued that this has increasingly proven to be a difficult threshold to meet. The most frequently cited example is when the Serious Fraud Office (SFO), the UK’s specialist enforcement agency for complex fraud, suffered a high-profile courtroom failure when attempting to prosecute Barclays Plc¹⁸. In that case, the SFO had sought to prosecute Barclays for offences including conspiracy to commit fraud by false representation and providing unlawful financial assistance. However, the SFO was unable to demonstrate the Barclays directors represented the “directing mind and will” of the company for the particular offences charged, in circumstances where the board of a large international organisation such as Barclays would not be expected to concern itself with all day-to-day operations: there were complex corporate governance structures in place; and it could therefore not be established that the directors had complete autonomy for the offences the company was charged with committing. 

ECCTA includes legislative changes designed to broaden the identification doctrine such that a company can commit an economic crime offence where the relevant conduct is attributable to a “senior manager”. The definition of “senior manager” has been borrowed from the existing definition used for the purpose of corporate manslaughter offences pursuant to the Corporate Manslaughter and Corporate Homicide Act 2007 (CMCHA). A senior manager is a person who plays significant roles in: (i) the making of decisions about how the whole or a substantial part of its activities are to be managed or organised; or (ii) the actual managing or organising of the whole or a substantial part of those activities¹⁹.

The expanded identification doctrine applies to the offences listed in Schedule 12 to ECCTA, which includes the same fraud offences relevant to the FTPF offence, as well as a number of other offences including, for example: contraventions of the Financial Services and Markets Act 2000; money laundering and terrorist financing offences; bribery; and contraventions of the Financial Services Act 2012. 

The culpability of senior managers under the CMCHA has not been tested significantly to date and it therefore remains to be seen whether and how the expanded identification doctrine will assist in holding corporates criminally liable for the actions of senior individuals. Whilst part of the aim appears to be to alleviate the difficulties in identifying a “directing mind and will”, it remains to be seen whether this change will have a significant impact on prosecutorial activity. By its own assessment, the Government estimates that the changes to the identification principle will result in only an additional 0 – 3 prosecutions per year²⁰. Nevertheless, it is a statement of intent to ensure that corporates can be held to account for economic crime offences, perhaps to be as much a deterrent as a prosecutorial tool. Companies should take steps to review their managerial structure and accountability and ensure that individuals in their organisations that discharge managerial responsibilities are aware of this development and receive appropriate training on economic crime risk issues. 

Enforcement

The intended aims of ECCTA include to “help tackle economic crime, better protect national security and enable Companies House to deliver a better service for individuals and businesses”²¹. In addition to the changes affecting corporate criminal liability, ECCTA includes amendments to the UK’s existing criminal law framework, which are intended to assist enforcement agencies in conducting investigations and seizing criminal property. 

Law enforcement agencies have been granted wider investigatory powers in an effort to improve the success rate of investigations relating to economic crime. In particular, the SFO now has powers to compel individuals and corporates to provide information in relation to fraud and domestic bribery and corruption matters, before it decides whether to open an investigation. 

This represents an extension of powers that the SFO already possessed pursuant to the Criminal Justice Act 1987 (CJA)²². Prior to ECCTA, the SFO was able to compel the production of information by individuals and corporates only once it had already opened an investigation²³, or at the pre-investigation stage only in relation to international bribery matters²⁴. Requests for information made by the SFO using these powers are often referred to as “section 2 notices”. In summary, section 2 notices can compel the production not only of documentary evidence, but also interviews with individuals. It is an offence for the recipient of a section 2 notice not to comply with that request. A relatively unique hallmark of a section 2 notice is that subjects are not able to withhold information at interview on the basis of privilege against self-incrimination²⁵. The quid pro quo is that the SFO is not able to use information obtained from a section 2 notice as evidence against the person that has provided disclosure of that information. These powers are therefore often used as a tool for the SFO to build a case against other subjects and to compel the co-operation of witnesses. The new powers therefore expand the circumstances in which the SFO can utilise section 2 notices and should assist with early stage investigations.

The amendments to the CJA came into effect on 15 January 2024. It remains to be seen if and how the SFO will utilise these broader powers, but the expectation is that there will be an increase in section 2 notices and a consequent increase in the number of formal investigations opened by the SFO. The SFO has received criticism in recent years due to several high-profile failures, including the Barclays case referred to above. The hope for the SFO is that there will be an increase in successful outcomes for its investigations, in circumstances where the SFO has been able to obtain significant information prior to making a decision to open an investigation in the first place. 

Success for the SFO may also include an increase in the number of deferred prosecution agreements (DPAs) entered into by corporates. DPAs allow corporates to avoid prosecution if they agree to pay a financial penalty and to comply with conditions imposed on them for a time frame determined by the SFO, which might include a monitor being installed at the company. DPAs were intended to be used in circumstances of corporate self-reporting of unlawful conduct. The use of DPAs in the UK has increased over time, presenting a comparatively efficient method by which the SFO can secure financial penalties without the uncertainties of trial. The expansion of the identification doctrine and the introduction of the FTPF offence only serve to increase legal risk for corporates and thereby encouraging them to co-operate with investigations and self-report conduct to enforcement agencies at an early stage to negotiate DPAs. 

Final remarks

ECCTA has been billed as a landmark piece of legislation designed to ensure that corporates are accountable for fraud and economic crime failings; to encourage better practices necessary for the prevention of fraud; and to provide law enforcement with greater tools to investigate economic crime and ensure that criminal proceeds are identified, frozen and recovered. These changes are not only of relevance for UK companies, but also for international groups with any business dealings or group companies in the UK. The expectation is that UK law enforcement will utilise the changes introduced by ECCTA to increase both the number and success rate of corporate investigations. Whether this will in fact result in increased enforcement activity remains to be seen. However, the aims of ECCTA are as much to act as a deterrent for corporate misconduct and to encourage early self-reporting and co-operation in respect of any issues.  

¹ Pursuant to section 7 of the Bribery Act 2010
² Pursuant to sections 45 and 46 of the Criminal Finances Act 2017. There are two separate offences under these sections: (1) the failure to prevent the facilitation of UK tax evasion; and (2) the failure to prevent the facilitation of foreign tax evasion
³ Section 199(1) of ECCTA
⁴ Section 201(1) of ECCTA
⁵ Section 199(7) of ECCTA
⁶ Section 199(8) of ECCTA
⁷ Section 17 of the Theft Act 1968
⁸ Section 19 of the Theft Act 1958
⁹ Section 993 of the Companies Act 2006
¹⁰ Section 1 of the Fraud Act 2006
¹¹ Section 9 of the Fraud Act 2006
¹² Section 11 of the Fraud Act 2006
¹³ Section 199(3) of ECCTA
¹⁴ Section 199(4)(a)-(b) of ECCTA
¹⁵ UK Government, Government Factsheet: Failure to Prevent Fraud Offence (26 October 2023)
¹⁶ By virtue of Sections 1 and 2 of the Criminal Justice Act 1993, an offence is committed under sections 17 (false accounting) and 18 (false statements by company directors) of the Theft Act 1968; and sections 1 (fraud), 9 (participating in fraudulent business carried on by a sole trader) and 11 (obtaining services dishonestly) of the Fraud Act 2006, if a relevant event occurs in England and Wales
¹⁷ Tesco Supermarkets Ltd v Nattrass [1972] A.C. 153
¹⁸ Serious Fraud Office v Barclays Plc [2018] EWHC 3055 (QB)
¹⁹ Section 196(4) of ECCTA
²⁰ Home Office, Impact Assessment: Reform to the Identification Doctrine (13 June 2023)
²¹ House of Lords Library Briefing, Economic Crime and Corporate Transparency Bill HL Bill 96 of 2022-23 (2 February 2023), paragraph 1.1
²² Section 211 of ECCTA introduced amendments to Sections 2 (Director’s investigation powers) and 2A (Director’s pre-investigation powers) of the CJA
²³ Pursuant to Section 2 (Director’s investigation powers) of the CJA
²⁴ Pursuant to Section 2A (Director’s pre-investigation powers) of the CJA
²⁵ The principle of privilege against self-incrimination means that a legal person is, in most circumstances, not required to disclose information that would incriminate them