The UK government is set to introduce a new corporate offence under the Economic Crime and Corporate Transparency Act 2023.

Claire Thomson joined us for her session, Economic Crime & CTA 2023 – Preparing for ID Verification & Related Changes, where she explained that from 1 September 2025, large organisations will be held criminally liable if they fail to prevent fraud committed by employees, agents, subsidiaries, or other "associated persons" acting on their behalf.

Who Will Be Affected?

This law will apply to:

Large UK incorporated bodies and partnerships, as defined by meeting at least two of the following criteria:

• More than 250 employees
• More than £36 million annual turnover
• More than £18 million in total assets
• UK subsidiaries of large UK groups

How Can Organisations Be Held Liable?

A company will be guilty of failing to prevent fraud if:

1. A person associated with the organisation (e.g., employee, agent, or subsidiary) commits fraud.
2. The fraud was committed with the intention of benefiting the organisation or its clients.
3. The company failed to have reasonable fraud prevention measures in place.
4. Importantly, senior management and directors do not need to be aware of the fraud for the organisation to be held liable. This significantly raises the stakes for corporate governance and internal controls.

Defences Against Liability

A company can defend itself if it can prove:

1. It had "reasonable procedures" in place to prevent fraud.
2. It was unreasonable to expect the company to have such procedures given its circumstances.

However, the determination of what constitutes "reasonable procedures" will ultimately be left to the courts.

How Can Companies Prepare?

To mitigate the risk of liability, organisations should establish a strong fraud prevention network, which should include:

1. Top-level commitment – Senior management must actively promote ethical conduct.
2. Proportionate, risk-based prevention procedures – Controls tailored to the organisation's risk profile.
3. Risk assessments – Regular evaluations of potential fraud risks.
4. Due diligence – Screening of employees, agents, and partners.
5. Communication and training – Ensuring employees understand fraud risks and reporting mechanisms.
6. Monitoring and review – Continuous assessment and improvement of fraud prevention measures.

Why Does This Matter?

Legal experts anticipate that high-profile prosecutions will attract significant media attention, making compliance a priority for large businesses.

While the offence does not extend to individuals (unless they personally commit fraud), companies must now take proactive steps to prevent fraudulent activities or risk substantial penalties.

As 1 September 2025 approaches, businesses should review and strengthen their internal fraud prevention controls to ensure compliance and mitigate risks.

For organisations uncertain about their obligations, seeking legal advice and consulting with internal auditors or forensic accountants may be essential. The upcoming changes underscore the UK’s commitment to tackling corporate fraud and enhancing transparency in financial practices.

For the full session, please click here. In this session Claire Thomson covers the following topics:

• ID verification requirements – who is impacted, and how to prepare
• Authorised corporate service provider status, and what this means for accountants
• The timeline of implementation
• Other changes the ECCTA is bringing
• Changes to UK company size thresholds

The contents of this article are meant as a guide only and are not a substitute for professional advice. The author/s accept no responsibility for any action taken, or refrained from, as a result of the material contained in this document. Specific advice should be obtained before acting or refraining from acting, in connection with the matters dealt with in this article. The information at the time of publishing was accurate and could be subject to final changes.