Getting tough on corporate abuse: the Economic Crime and Corporate Transparency Act passes into law

The implementation of the ECCTA follows lengthy debate of the Bill in the House of Lords and the House of Commons as to its scope and application. The ECCTA has been anticipated since the publication of the Corporate Transparency and Register Reform White Paper in February 2022 and the passing of the Economic Crime (Transparency and Enforcement) Act ("ECA") in April 2022. Amongst other things, the ECA created a register of overseas entities to target bad actors using UK property to perpetrate fraud and money laundering. For further details on the ECA and the register of overseas entities, please see our briefing here. 

The ECA and the ECCTA are both born out of the government's desire to deliver reforms that tackle economic crime and improve transparency over UK corporate entities. The focus of the ECCTA is on an overhaul of the powers and role of Companies House. Heralded as the biggest series of reforms to Companies House since its inception in 1844, the government is looking to re-brand Companies House from a passive administrator to an active corporate gatekeeper through a series of reforms that seek to:

• introduce identity verification measures for all new and existing registered company directors, people with significant control, and those who file on behalf of companies;
  
  
• expand the role and powers of the Registrar to become a more active gatekeeper over company creation and a custodian of more reliable data;
  
  
• improve the financial information on the register;
  
  
• provide Companies House with more effective investigation and enforcement powers and increasing the Registrar's ability to share data with other bodies; and
  
  
• enhance the protection of personal information on the register to protect individuals from fraud.

Currently, the Registrar's main functions are broadly restricted to maintaining the register and making information on it publicly available. The Registrar has minimal powers to query information provided to it and is therefore limited in its ability to identify errors or raise concerns where suspicious activity is suspected. The government has acknowledged that these curbs on the Registrar's powers have, to date, compromised the integrity of the register.

The ECCTA aims to combat this by adding a new section 1081A to the Companies Act 2006, which sets out the following four key objectives (the "Objectives") for the Registrar going forwards:

1. To ensure that those required to deliver documents to the Registrar do so, and that the requirements relating to proper delivery are complied with.
   
   
2. To ensure that information contained in the register is accurate and that the register contains everything it ought to contain.
   
   
3. To ensure that records kept by the registrar do not create a false or misleading impression to members of the public.
   
   
4. To prevent companies from (a) carrying out unlawful activities; or (b) facilitating the carrying out by others of unlawful activities.

In order to meet these Objectives, the ECCTA gives the Registrar a raft of new powers, including: 

• the power to query and, if appropriate, require the supply of additional information in relation to material filed to Companies House; the power to require persons carrying on business in the UK to report discrepancies between information received from prospective customers and what is publicly available on the register;
  
  
• the power to proactively share information with any persons in connection with the Registrar's functions or the functions of other public authorities;
  
  
• expanding the Registrar's powers to remove material from the register;
  
  
• powers to change the company's registered office address and take action against those failing to provide an appropriate address; and
  
  
• removing constraints on the Registrar’s powers to make rules which mandate digital delivery of documents and filings. 

When thinking about the practical impact of the ECCTA, it may be useful to think about its effect in different categories of matters, as set out below. This summary does not cover all aspects of the ECCTA but those that may be most relevant to the day-to-day running of the company.

Directors

• Ineligibility of certain persons to act as directors: Certain designated persons, as defined by section 9(2) of the Sanctions and Anti-Money Laundering Act 2018, will not be able to act as directors of a company and disqualified directors must not be appointed as directors of a company. Directors may also be disqualified for breaches of the ECA.
  
  
• Director ID verification: An individual must not act as a director unless they have verified their identity and a company must ensure that an individual does not act as a director unless their identity has been verified (certain exemptions apply, e.g. on national security grounds).
  
  
• Declaration of ID verification/non-disqualification of director: Appointments of directors (including on incorporation of a new company) must include statements confirming that (i) the proposed company's directors have verified their identity, and (ii) none of the proposed directors is disqualified under directors' disqualification legislation or is otherwise ineligible to be a director.

PSCs

• PSC ID verification: Each PSC must verify their identity and maintain their verified status as long as they are registered with the Registrar and each RLE must verify the identity of their relevant officer and maintain the verified status of their registered officer as long as such RLE is registered with the Registrar. There will be an appointed day from which individual PSCs (within 14 days) and relevant officers of RLEs (within 28 days) will need to confirm that their identity is verified.
  
  
• PSC non-disqualification: Applications to register an initial PSC or registrable RLE must include a statement confirming that none of the proposed registerable persons or registrable RLEs is not disqualified under directors' disqualification legislation.

Subscribers/members

• Declaration of non-disqualification: On incorporation of a company, the company must include a statement that none of its proposed subscribers/members is a disqualified director.
  
  
• Full names of subscribers/members: For subscribers and members who are individuals they must provide a forename and surname and, in the case of a peer or individual usually known as a title, such title. A company will need to provide a full list of shareholders with the first confirmation statement.

Company secretaries/agents

• ID verification of individuals delivering documents to the Registrar: An individual delivering documents to the Registrar on behalf of a company must have their identity verified.
  
  
• Declaration of ID verification of individuals delivering documents to the Registrar: Where delivering documents on behalf of a company, the individual must confirm that they have the authority to do so.

Verification requirements

• Meaning of "identity is verified": An individual's identity is verified if the person has verified their identity with the Registrar directly in line with the prescribed verification requirements (which shall be prescribed by the Secretary of State) or if a verification statement in respect of the person has been delivered to the Registrar by an authorised corporate service provider (an "ACSP").
  
  
• Primary identifying document: Identity verification will involve linking a person with a primary identifying document such as a passport or driving licence, and using likeness-matching technology to compare a photograph or scan of their face with that document.

Company information

• Inconsistent or incomplete information: Where information is submitted to the Registrar and is deemed by the Registrar to be inconsistent with other information the Registrar holds, the Registrar may reject or remove the information, require the submission of additional information or issue a notice to the company to resolve the relevant inconsistencies.
  
  
• Company name: The Registrar shall have the power to change a company's name where it contains computer code or where the company has failed to change its name when directed to do so by the Registrar.
  
  
• Company registered office address: The company's registered office must be at an appropriate address, being an address where, in the ordinary course of events, a document addressed to the company, and delivered there by hand or by post, would be expected to come to the attention of a person acting on behalf of the company, and where the delivery of documents is capable of being recorded by the obtaining of an acknowledgement of delivery. Companies will not be able to use a PO Box as their registered office address.
  
  
• Company email address: All companies must maintain an appropriate email address, being an email address at which, in the ordinary course of events, emails sent to it by the Registrar would be expected to come to the attention of a person acting on behalf of the company.

• Company registers and filings:

–     Register of members: All companies will have to maintain their own register of members, meaning that private companies will no longer have the option to keep information about their members on the Companies House central register. A new duty will be imposed on members to notify to companies of their full name and a service address to be included in the register and any changes to that information.

–     Register of directors, register of directors' residential addresses, register of secretaries and PSC register: There will no longer be a requirement for companies to maintain their own register of directors, register of directors' residential addresses, register of secretaries or PSC register.

–     Software-only filing of accounts: The Registrar shall have the power to require companies to use software programmes to electronically file their accounts. Companies that currently file their annual accounts in paper format or via web-based services such as WebFiling are therefore encouraged to change to software filing before it becomes a legal requirement.

In addition to the changes to company administration set out in this briefing, the ECCTA introduces other changes including a new offence for failure to prevent fraud.

What is the Failure to Prevent Fraud offence?

The offence will apply to qualifying organisations when a fraud offence is committed by an employee, agent or other associated person, for the organisation's benefit, and the organisation did not have reasonable fraud prevention procedures in place. It will not need to be proven that consent or connivance by the organisation existed. The new offence will closely follow the precedent already set by the Bribery Act 2010 and the Criminal Finances Act 2017, which both contain corporate 'failure to prevent' offences.

Who does the offence apply to?

The offence will apply to large organisations in all sectors, with the relevant threshold being met where an organisation satisfies two or more of the following conditions in the financial year preceding the year of the offence: (i) more than 250 employees: (ii) more than GBP 36 million turnover; and / or (iii) assets of more than GBP 18 million.

If resources held across a parent company and its subsidiaries cumulatively meet the size threshold, that group of companies will be in scope of the failure to prevent fraud offence.

Liability can be attached to whichever individual entity within the group was directly responsible for failing to prevent the fraud.

Liability can alternatively be attached to the parent company, if a fraud was committed by a subsidiary employee, for the benefit of the parent company, and the parent company did not take reasonable steps to prevent it.

SMEs should be aware that, under the ECCTA, the Secretary of State can amend the meaning of "large organisation" via secondary legislation, potentially bringing them into scope without further parliamentary scrutiny.

The offence can be committed even if the organisation and the relevant employee are based outside of the UK.

What fraud offences are included in the duty?

The offence is limited to failing to prevent offences under the Fraud Act 2006 (fraud by false representation, fraud by failing to disclose information, fraud by abuse of position, obtaining services dishonestly and participation in a fraudulent business, the Theft Act 1968 (false statements by company directors and false accounting), fraudulent trading under the Companies Act 2006 and cheating the public revenue under common law.

Companies should note that this list of offences list may be updated through secondary legislation in future, although any new offences added would be limited to economic crime.

The types of conduct that could be caught are wide-ranging but, crucially in each case, there would have to be dishonest intent for an offence to be committed intending to benefit the relevant organisation.

What defence is available to organisations in respect of the offence?

It is a defence for the organisation to prove that they had reasonable procedures in place to prevent fraud or that it was reasonable to have no fraud prevention procedures in place (for example, organisations where the risk is extremely low).

The government is required to publish guidance to set out the procedures that relevant organisations can put in place to prevent persons associated with them from committing fraud offences. This guidance is expected to be published before the offence comes into force.

What is the potential penalty if an organisation is convicted of failure to prevent fraud?

If convicted, an organisation can receive an unlimited fine. The government is not proposing to introduce personal liability for directors and senior managers under this offence. Individuals within companies can already be prosecuted for committing, encouraging or assisting fraud under separate offences. The government’s view is that it would not be proportionate to prosecute an individual where they did not consent or know of the offence happening.

The ECCTA also reforms the way in which corporate entities can be held liable for economic crimes, providing that if a senior manager of a body corporate or partnership, acting within the actual or apparent scope of their authority, commits or attempts to commit a "relevant offence" after the section comes into force, the organisation is also guilty of the offence (broadening the range of individuals whose conduct an organisation may be criminally liable for).

As outlined by Companies House in a separate Factsheet, a number of the reforms proposed under ECCTA will be extended to Limited Liability Partnerships ("LLPs") in due course under secondary legislation equivalent to that proposed for limited companies. From a practical perspective, the key features which LLPs need to be aware of are:

i) the failure to prevent fraud offence introduced by ECCTA will apply to LLPs;

ii) the identity verification reforms will require all of the members and PSCs of an LLP to verify their identity and it will be an offence for any member to fail to do so. If an LLP member is a corporate entity, all for the directors (or
equivalents) must verify their identity;

iii) the provisions of ECCTA relating to company information set out above apply equally to LLPs, such that LLPs must maintain an appropriate registered office address, email address and confirm that their name complies with the new requirements under ECCTA;

iv) the changes introduced through ECCTA give the registrar the power to query information submitted to the
registrar and share information with other regulatory bodies; and

v) where an LLP is the general partner ("GP") of an Limited Partnership ("LP"), the LLP will be required to name a managing officer for the purpose of the Registrar communicating with the GP.

While the Bill is now law, many of the company law reforms will be effected through extensive amendments to the Companies Act 2006 and implemented through (as yet unpublished) secondary legislation. They will also require significant development and upgrades to Companies House systems and procedures so there is still a fair bit of "wait and see". Please get in touch with one of the contacts below to sign up for regular updates on ECCTA and what you can be doing to get ahead of the game.