Economic Crime and Corporate Transparency Act 2023

How will it affect companies and their officers?

We regularly reap the benefits of the digitisation of services that we use. Online banking is quick and immediate. Online information provides quick access to huge amounts of information. Online shopping brings the world’s bounty to our doorsteps. But it is not all rosy. Digitisation has also opened up enormous opportunities for fraud. According to recent government statistics, fraud now accounts for more than 40 per cent of all crime in England and Wales, costing society £6.8 billion. The Economic Crime and Corporate Transparency Act 2023 (ECCTA) is a landmark piece of legislation aimed at reducing opportunities for fraud by the abuse of corporate structures. The changes to be introduced under ECCTA range from new powers for Companies House to significant changes in company law.

ECCTA’s changes are being introduced on a rolling basis, and while some have already been implemented, others will come in during the coming year. This note outlines some key changes that will affect all companies registered in England and Wales this year.

Background

Back in 2011, Companies House was reformed to create a straightforward framework that enabled online company incorporations to happen within 24 hours for £12. Names and addresses supplied by applicants were not verified by Companies House. It is perhaps not surprising that this simplified and accessible framework contributed to an increase in fraud using the company registration system.

One of the principal effects of ECCTA is to change the role of Companies House from a passive recipient of company information to a more active gatekeeper. It has done this by giving the Registrar of Companies new powers to:

• query and, if appropriate, request additional information when reviewing new filings
• reject or remove information that is incorrect or inconsistent with previous filings
• disclose information to any public authority for the purposes of crime prevention; and
• impose fines and criminal sanctions in relation to non-compliance

Other changes that will impact the day-to-day management of companies include the requirement for companies to register an ‘appropriate address’ as their registered office (PO Boxes are not permitted) and register an email address where correspondence from Companies House will be picked up. The email will not be publicly available. These reforms aim to make records at Companies House, which are open to public inspection, more accurate, more reliable and less useful to fraudsters.

The ECCTA 2025 Timetable

Companies House

The government has announced that it intends that the following changes will come into effect this year:

• Statutory registers – companies will no longer be required to keep a local register of directors, directors’ residential addresses, secretaries and persons with significant control (PSCs). The definitive register will be maintained at Companies House. This means that all UK businesses need to ensure that any future changes to their Company registers are recorded accurately at Companies House through the relevant filings and within the relevant time frames.
• Register of members – companies will still be required to keep their register of members but will no longer be able to keep this register at Companies House. This means that companies will also need to ensure they have standardised information for their members including forenames, surnames (or a full company name) and a service address.

Identity verification

Another notable change impacting all UK businesses later this year is identity verification (IDV). This reform aims to ensure that individuals named in Companies House registration are who they claim to be. IDV will be compulsory for new directors and PSCs from Autumn 2025. PSCs will have 14 days in which to verify their identity and a ‘relevant officer’ of a relevant legal entity (RLE) will have 28 days. There will also be a 12-month transition period from this time for all existing directors and PSCs who will have to complete IDV as part of the Company’s annual confirmation statement filing. This means that companies should make the individuals concerned aware that they will need to verify their identity in due course. Companies will also need to establish processes for verifying the identity of any newly appointed directors.

Failure to prevent fraud offence

For larger companies, a new offence of failure to prevent fraud (FPF) will be introduced. Under this offence, a company will be criminally liable if an associated person (employee, agent, or subsidiary) commits a specified fraud offence intending to benefit the company. It will not be necessary to demonstrate that a company’s management knew about or instigated the fraud.

The offence applies to ‘large organisations’ only. A company will fall within scope if it satisfies two of the following three criteria:

• more than 250 employees
• a turnover exceeding £36 million
• more than £18 million in assets

Organisations found liable in relation to this new offence can be subject to an unlimited fine.  A defence will be available where the company can demonstrate it has put in place reasonable fraud prevention procedures. This means that larger companies will need to prepare and put in place fraud prevention measures when government guidelines are published later this year.

Impact

Because ECCTA will relate to every company, their owners and their directors, companies should take the following actions.

Companies House action points:

• Ensure all existing director, secretary and PSC filings are accurate and up to date in advance of the abolition of the statutory registers;
• Ensure the company has a registered valid office address and select an email address to be registered as part of their next confirmation statement; and
• Be aware that any future changes to the Company’s registers will need to be notified accurately at Companies House within relevant timeframes and put in place the means to do this.

Identity verification action points:

•  Prepare a list of the individuals (directors, PSCs and ‘relevant officers’) who will need to do IDV; and
• Make those individuals aware that they will need to provide valid ID, such as a passport or driving licence, ahead of the IDV regime being implemented.

Fraud prevention action points:

• Larger companies that fall within the scope of the FPF will need to start reviewing their fraud prevention strategies, such as auditing fraud risks, fraud awareness training and existing policies.

We will update this summary as and when the relevant statutory guidance is published. If you would like to discuss any aspect of this summary or ECCTA more widely, please contact Laura Lindsay-Smith on 01473 298307 or llindsaysmith@prettys.co.uk.