Skip to content

The next step in tackling economic crime

Insight

Water abstract

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) received Royal Assent on 26 October 2023. It is the second part of the legislative package aimed at preventing the abuse of UK corporate structures and tackling economic crime. It follows the introduction of the Economic Crime (Transparency and Enforcement) Act 2022, which provides for the creation and maintenance of a register of beneficial owners of overseas entities that own property in the UK. Read more about this here and here.

The ECCTA is designed to prevent the abuse of UK corporate structures by providing, among other things, several reforms to Companies House powers and making various changes to the Companies Act 2006. Companies House has itself described the reforms being implemented by the ECCTA as one of the most significant shake-ups to its services in its 180-year history. It expands the role of Companies House from being a passive recipient of information to being an active gatekeeper of the creation of companies and manager of company data. It will have greater powers to ensure the transparency of corporate entities registered in the UK thereby improving the accuracy and integrity of the information available on the public register. 

We previously commented on the draft proposals here and many of those provisions have been adopted, with some amendments, in addition to a number of new provisions that have been incorporated into the final text of the legislation. The implementation of most of the provisions in the ECCTA requires yet to be published secondary legislation, as well as significant upgrades to the Companies House IT systems, so it is anticipated that it will be a while before the majority of the legislative provisions are in force. 

The Department of Business and Trade has produced a number of helpful Fact Sheets which explain the more pertinent provisions in the ECCTA. You can read more about some of the key changes, and about some practical steps that companies can take now to prepare for implementation, below.

Identity verification

Perhaps the most significant reform introduced by the ECCTA is the identity verification regime for all existing and new directors, PSCs, LLP members, general partners of limited partnerships and those filing information / documents at Companies House (the ID Verification Process). The main aim behind the ID Verification Process is to prevent fraudulent appointments and false information from reaching Companies House and to curtail the registration of false / fictitious directors or beneficial owners.

Identity verification for Directors

A director must not act until their identity has been verified. All directors will need to complete the ID Verification Process. This includes:

  • Proposed directors of new companies before the company is incorporated,
  • Newly appointed directors (ie those appointed after incorporation) as soon as possible and in any event before their appointment is notified to Companies House (which must happen within 14 days of appointment), and
  • All existing directors.


Companies must ensure all their directors have completed the ID Verification Process before those directors can act. It is an offence for a person to act as a director without first verifying their identity and they may be subject to criminal or civil proceedings if they fail to do so. Companies with unverified directors may also commit a criminal offence. Furthermore, new company incorporations may be rejected, the public register may also be annotated to indicate an individual is “unverified” and they may be prohibited from acting as a director. However, note this will not affect the validity of the unverified director’s actions.

Identity verification for PSCs

PSC identity verification must be completed by all new and existing PSCs. Any registrable relevant legal entities (RLEs) will have to verify the identity of a relevant officer. Individual PSCs must comply within 14 days of appointment and RLEs will have 28 days to confirm their identity.

Unlike the timing for directors, PSCs and RLEs will not need to complete the ID Verification Process in order to become a PSC. However, they must complete the process within a short time after they have become a PSC and the burden is on the PSC as Companies House will contact unverified PSCs directly rather than go through the companies themselves. Again, failure to comply may be a criminal or civil offence and the PSC may appear on the public register as “unverified”.

Identity verification for those delivering documents on another’s behalf

Identity verification requirements are also imposed on any individual delivering documents to the registrar on their own behalf and the documents must be accompanied by a statement confirming their verified status. Individuals may also deliver documents on behalf of:

  • Another individual, and
  • A company, provided that the individual delivering those documents has either verified their own identity, is an Authorised Corporate Services Provider (supervised for the purposes of the money laundering regulations) (an ACSP) or is an officer or employee of an ACSP.


LLPs

The ECCTA also contains provisions to improve registration and transparency requirements for limited partnerships. We will provide a separate briefing once these provisions come into force.

How to verify your identity

It is anticipated that there will be two ways to verify your identity:

  • Directly via Companies House (linking a person with a primary identity document such as a passport or driving licence), and
  • Indirectly through an ASCP.


The ID Verification Process is expected to be a one-off exercise, so once an individual has been verified they may take on subsequent roles without having to go through further verification steps. However, there may be limited circumstances where a director will be required to re-verify their identity such as on suspicion of fraud. Secondary legislation is expected address the trigger events for re-verification.

We expect the Government to introduce a transitional period for existing companies to ensure their directors and PSCs have completed the ID Verification Process. At the time of writing, we do not have any visibility on when the transitional period might begin or how long it will last. However, we are hopeful that the Government will take a pragmatic approach when drafting the secondary legislation to implement the new identity verification regime to ensure it is workable in practice. As Companies House will need to invest a significant amount of time to put the necessary technology in place in respect of the ID Verification Process, it is expected that it will take some time before the changes come into force. It is thought that the process will involve digital facial verification using approved photo identification together with a photo of the relevant individual’s face, but that will be confirmed once the process gets closer to being finalised.

Ban on corporate directors

The Government plans to bring into force a restriction on the use of corporate directors for UK companies. Once implemented, the ban will provide for a prohibition on all corporate directors unless all of the directors of the corporate director are natural persons and prior to their appointment those natural person directors have completed the ID Verification Process. There will be a transitional period of 12 months from the date these provisions come into force for companies with corporate directors to comply with these new obligations.

Companies House: the Registrar’s enhanced powers

Companies House currently operates to accept only “properly delivered” information but the Registrar has limited powers to query existing information. In addition to a new power enabling the Registrar to query or reject new filings, the ECCTA gives the Registrar the ability to rectify inconsistencies by providing rights to query, amend or remove information held at Companies House where it is out-of-date, inaccurate or where the company is legally required to amend it. The Registrar will be able to reject documents which are inconsistent with information already held about that company at Companies House, and it will also be able to request additional information when reviewing proposed new filings.

Other measures include giving the Registrar more investigative, enforcement and disclosure powers to other public authorities and other law enforcement and supervisory bodies where such disclosures would otherwise contravene data protection legislation. At the same time, enhanced protections will be put in place to protect the disclosure of members’ and directors’ personal data from the public register. 

If an offence under the Companies Act 2006 is committed, the registrar will be able to impose a civil financial penalty on an individual, as an alternative to pursuing criminal prosecution through the courts.

The ECCTA also tackles the misuse of limited partnerships by tightening registration requirements and increasing transparency requirements. It also provides additional powers to law enforcement agencies, allowing them to quickly and easilyseize and recover cryptoassets that are the proceeds of crime or associated with illicit activity.

Company record keeping

The ECCTA includes many changes that will be made to the Companies Act 2006 with the primary objective of increasing transparency and reducing the risk of abuse. There will be several changes made to company administration processes:

  • Companies must provide to the Registrar an “appropriate” email contact address,
  • Registered offices must be at an “appropriate” address, ie one where, in the ordinary course, documents can be delivered to the company or for the attention of someone acting for the company,
  • The requirement for a company to maintain most statutory registers will be abolished (although note that companies will still be required to keep a register of members, which will take a slightly different format such as the requirement to include full names of all members). Instead, registers of (1) directors, (2) directors’ residential address, (3) secretaries and (4) PSCs will be kept at Companies House placing the onus on companies to notify it of any changes,
  • Companies will be required to deliver a statement that they are being formed for a “lawful purpose” as part of the incorporation process and must repeat this statement annually when submitting the confirmation statement,
  • As a one-off, existing companies will need to confirm certain membership information when filing their next confirmation statement, and
  • All companies will eventually be required to comply with software-only filing of accounts.


Failure to prevent fraud offence

The ECCTA introduces a new failure to prevent fraud offence to hold organisations to account if they profit from fraudulent acts committed by their employees or agents. It imposes a criminal liability on a company that fails to prevent fraud if one of its associated persons commits a “fraud offence” that is intended to benefit the company. “Fraud offences” include fraud, theft, bribery, false accounting, money laundering, sanctions evasion and tax evasion. These are more fully set out in Schedule 12 of the ECCTA.

To ensure the burden on businesses is proportionate, the offence will apply across all sectors but be limited in scope to large organisations only, defined using the standard Companies Act 2006 definition (satisfaction of two out of the following three criteria: more than 250 employees, more than £36m turnover; and more than £18m in total assets). 

This does not create a liability for individuals, but if convicted an organisation may receive an unlimited fine. There will be a defence available if the company has reasonable fraud prevention procedures in place. The Government proposes to publish guidance with more information about what will constitute “reasonable procedures” before the offence comes into force. We do not expect this to be before spring 2024 at the earliest, with the commencement date for the failure to prevent fraud offence being after the guidance is published.

Corporate criminal liability will also be extended via the expansion of the class of persons whose conduct can be attributed to the company under the common law identification doctrine which will be partially codified in the ECCTA. If a senior manager, while acting within the actual or apparent scope of their authority, commits a relevant offence, the organisation will now also be guilty of the offence.

Timing for implementation

We understand the first change to be implemented will be the extension to the corporate criminal liability regime, which will be introduced on 26 December 2023. However, note that the Criminal Justice Bill (CJ Bill) was introduced to Parliament on 14 November 2023. The CJ Bill is proposing various reforms to certain aspects of criminal law, including expanding the identification doctrine further to allow criminal liability for companies and partnerships whose senior managers commit criminal offences (as described above). Once passed into law, the CJ Bill would replace s196 and Schedule 12 of the ECCTA.

Companies House has published a blog post indicating some of the other initial measures to come into force will be in “early 2024”. These will include the powers given to Companies House to query information, stronger checks on company names and the requirement to supply a registered email address and office address. Companies House also expects to start “taking steps to clean up the register, using data matching to identify and remove inaccurate information” and to be permitted to share data with other government departments and law enforcement agencies. Some of their fees will increase in the new year.

The remaining provisions will follow thereafter, but many of the measures require commencement regulations or secondary legislation and there is no indication of when these will be published as we understand the relevant Government departments are still working on an implementation timetable.

Comment

The ECCTA establishes a broad range of measures to strengthen regulatory and law enforcement powers by substantially changing the legal framework for registering and administering corporate entities under the Companies Act 2006 and giving enhanced powers to Companies House. 

Secondary legislation and Companies House guidance must be prepared to implement the changes set out in the ECCTA and new IT systems and processes must be developed to accommodate them. There are concerns that some of the obligations are too burdensome and around how the maintenance of company registers at Companies House will operate in practice. However, there are some things that you can do while we await further information, guidance and timeframes, including:

  • Identify who within your organisation may be required to complete the ID Verification Process,
  • Ensure company registers and records are up to date, including existing information that has been filed at Companies House to avoid the Registrar querying and rejecting information on the basis of inconsistencies, and
  • Consider how your company’s approach to routine and transactional filings at Companies may need to be adapted to accommodate the new restrictions on who can deliver documents to Companies House on its behalf.


This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.

© Farrer & Co LLP, November 2023

Want to know more?

Contact us

About the authors

Anthony Turner lawyer photo

Anthony Turner

Partner

Anthony advises on the full range of corporate transactions, from M&A, complex structuring and equity investments to fundraisings and governance advice. Anthony has a great deal of experience advising clients on transactions in all aspects of the financial services sector, and he is recognised as a financial services specialist in The Legal 500.

Anthony advises on the full range of corporate transactions, from M&A, complex structuring and equity investments to fundraisings and governance advice. Anthony has a great deal of experience advising clients on transactions in all aspects of the financial services sector, and he is recognised as a financial services specialist in The Legal 500.

Email Anthony +44 (0)20 3375 7460
landscape-sophie-giblin-linkedin-profile-picture-003

Sophie Giblin

Knowledge Lawyer

Sophie is the knowledge lawyer for the firm’s Corporate practice providing technical legal support and training to the team.

Sophie is the knowledge lawyer for the firm’s Corporate practice providing technical legal support and training to the team.

Email Sophie +44 (0)20 3375 7489
Suzanne Conticelli lawyer photo

Suzanne Conticelli

Knowledge Lawyer

Suzanne is a Knowledge Lawyer providing technical legal support to the Banking team on a wide range of legal and regulatory issues. She keeps both lawyers and clients up to date with current legal issues and developments in legislation, regulation and the industry as a whole. 

Suzanne is a Knowledge Lawyer providing technical legal support to the Banking team on a wide range of legal and regulatory issues. She keeps both lawyers and clients up to date with current legal issues and developments in legislation, regulation and the industry as a whole. 

Email Suzanne +44 (0)20 3375 7351

More by the authors

Further reading

Related sectors & services

Continue to next section
Back to top