The Economic Crime and Corporate Transparency Act: A New Era of Corporate Liability

Written By Elizabeth Wright

From 1 September 2025, large organisations across the United Kingdom will face significant changes in corporate liability regulation. The Economic Crime and Corporate Transparency Act 2023 (ECCTA) introduces a pivotal new corporate criminal offence: failure to prevent fraud. This represents a fundamental shift in regulatory focus, expanding corporate responsibility beyond being victims of fraud to establish accountability when fraud is committed on an organisation's behalf.

 

Understanding the New Offence

Under this legislation, large organisations may be held criminally liable if an associated person including employees, agents, or subsidiaries commits fraud with the intention of benefiting the organisation or its clients. Notably, liability extends even to circumstances where senior management had no knowledge of the fraudulent activity.

This approach follows the established precedent of "failure to prevent" provisions in anti-bribery and tax evasion legislation. The primary objective is to catalyse a cultural transformation in fraud prevention practices, encouraging proactive risk management throughout corporate structures.

The legislation applies exclusively to large organisations meeting at least two of these criteria:

  • Employee headcount exceeding 250

  • Annual turnover above £36 million

  • Total assets valued over £18 million

 

What Could This Look Like in Practice?

Draft government guidance offers illustrative examples of situations where a company might be held liable under the new offence:

  • Payroll – employees of the payroll team arranging for some pension payments to be diverted for other projects within the company;

  •  Accounts – the accounting department getting involved in fraudulently misrepresenting the value of the company;

  • Investment – an investment fund provider promoting an investment in a "sustainable" timber company knowing that, in fact, the company's environmental credentials are fabricated;

  • Testing results – the laboratory manager of an international testing company falsifying data from tests, aiming to benefit the client;

  • Permits/licences – the head of a technical department of a company deliberately falsifying the company's discharge monitoring system and providing false data to the Environment Agency;

  • Sales – a salesperson engaging in mis-selling for the purpose of securing a commission but also to benefit the organisation.

These scenarios demonstrate how wide-ranging the implications of the offence could be, and the variety of business functions potentially affected.

 

Jurisdictions Beyond the UK

The 1993 Criminal Justice Act extended UK jurisdiction for fraud and other economic crimes to where a “relevant event” occurred in the UK. This includes circumstances where the result of the conduct, such as financial gain or loss, occurs within the UK. In practice, this means:

  • An organisation may be prosecuted for fraud committed by one of its UK-based employees, even if the organisation itself is headquartered overseas;

  • An overseas organisation could face prosecution if an associated person commits fraud within the UK, or if the fraud is directed at UK-based victims;

  • However, where fraud is committed by overseas employees or subsidiaries of a UK organisation, and there is no UK connection, the offence will not apply.

 

Implications for Organisations

For qualifying entities, these changes represent a significant increase in legal risk. If an associated person commits fraud benefiting your organisation or its clients, your company may face prosecution regardless of whether senior leadership was aware of the misconduct.

The consequences extend beyond reputational damage and financial penalties to direct criminal liability. Without demonstrable prevention measures, organisations face significant legal exposure.

 

Strategic Prevention for a Proactive Advantage

The good news is that there is a defence: having "reasonable procedures" in place to prevent fraud. Whilst official guidance on what these procedures should involve is still expected, organisations must be able to show that they took meaningful, proportionate risk mitigation measures.

Satori Intelligence offers specialised support to legal teams, compliance officers, and executive leadership to assist in developing robust fraud prevention protocols. We are able to assess current vulnerabilities and strengthening preventative measures.

Our bespoke due diligence services include:

  • Background investigations into third parties, suppliers, and key personnel;

  • Comprehensive assessments on individuals and entities connected to your business;

  • Independent verification of professional credentials, histories, and affiliations;

  • Detailed analysis of ownership structures;

  • Ongoing monitoring where continued relationships or elevated risks are present.

 

By investing in preventative measures now, organisations position themselves optimally to meet emerging regulatory expectations while safeguarding against both operational risk and legal liability.

We welcome the opportunity to discuss how our due diligence expertise might enhance your organisation's risk management framework.

 

Published on 9 May 2025

Elizabeth Wright
Previous

2025 Anti-Money Laundering Changes: Essential Compliance Guide for UK Legal Professionals
Next

Beyond the Digital Surface: Understanding Online Information in Professional Investigations