A year and a half after the Economic Crime (Transparency and Enforcement) Act 2022 received Royal Assent, the Economic Crime and Corporate Transparency Act 2023 (Act) came into law on 26 October 2023. Although the Act does contain some amendments to its predecessor in relation to overseas entities, it is more far-reaching than that, with an apparent fundamental emphasis on the reduction of and protection against corporate fraud. Amongst wide-sweeping reforms to the powers of the Registrar of Companies House (Registrar) and enhanced verification and regulation of the information recorded therein, the Act also introduces a "failure to prevent fraud" offence and makes significant updates to the legal test for corporate liability.
In time, this Act will require adjustments to be made by the majority of corporate entities registered on Companies House. Subject to follow-up legislation and practical updates to Companies House, there will be fundamental changes to the way in which the registry is managed. In a bid for enhanced corporate transparency and accountability, officers will need to be verified, shareholders more clearly identified, and filings restricted to those who can be held responsible (i.e., verified directors and authorised providers). The initial driving force of this transformation will be the Registrar's new power to query information on the register, as well as the introduction of a company email and "appropriate" physical address, which will directly facilitate any such query.
Although the legislation is extensive, we have outlined some significant reforms below.
The Act introduces several measures that substantially broaden the current powers of the Registrar and give it the tools to better ensure the integrity of the register and the accuracy of information it contains. This transformative change will mean companies will increasingly need to ensure filings are made with care, expecting queries or requisitions to be raised in respect of any inaccuracies. The Registrar will now be able to take significant steps to verify, query and (in some cases) remove company information; review company names; investigate and share data with law enforcement; protect individuals from fraud; and clamp down on general registry abuse.
These powers are underpinned by a new set of objectives outlined in the Act, as follows:
- "to ensure that any person who is required to deliver a document to the registrar does so (and that the requirements for proper delivery are complied with)";
- "to ensure information contained in the register is accurate and that the register contains everything it ought to contain";
- "to ensure that records kept by the registrar do not create a false or misleading impression to members of the public"; and
- "to prevent companies and others from (a) carrying out unlawful activities, or (b) facilitating the carrying out by others of unlawful activities".
Communication with the Registrar
Entities listed on Companies House will be held to a higher standard of communication by being required to register (i) an "appropriate" address and (ii) an email address. An address is appropriate if in the ordinary course of events, a document (or email) "addressed to the company would be expected to come to the attention of a person acting on behalf of the company". The provided email address will not be made public but must be monitored to enable a direct line of communication with Companies House. It looks like these changes are being introduced to drive accountability and route out bad practices. Entities that are currently using PO boxes (or otherwise unmonitored addresses) will be required to make changes.
Following further legislation, Companies registered on Companies House will become subject to a range of new identification and transparency requirements, which should work to increase the reliability of information on the register.
- All current and future directors will have to undergo a process of identity verification, with current directors having until any subsequent confirmation statement to comply.
- All persons with significant control (PSCs) and relevant officers of relevant legal entities (RLEs) will also have to have their identity verified.
- Although shareholders (who are not PSCs or RLEs) will not have to verify their identity, companies will now be required to detail the full name of a shareholder (i.e., not an initial and surname) and provide a list of the same in any subsequent confirmation statement, with a one-off list of shareholders (for traded companies — only those holding more than 5 per cent of any share class) to be filed separately on Companies House.
- Following these verification processes, the ability to make company filings will be limited, with verified directors and certain "Authorised Corporate Service Providers" (ACSPs) who have registered with Companies House able to do so. The historic requirement for companies to keep their own registers of directors, secretaries and PSCs will then be removed.
Although the actual procedure of identity verification is likely to be comparatively straightforward (and should prove relatively familiar to directors), companies with complex structures (i.e., where trusts are involved) should consider undertaking a thorough PSC analysis sooner rather than later, to ensure the correct individual is identified for registration.
Limited Liability Partnerships (LLPs) and Limited Partnerships (LPs)
LLPs, in a similar fashion to companies, will now have to ensure members (including directors of any corporate member) and PSCs have their identity verified. Meanwhile, the transparency requirements of LPs will also be significantly increased and brought closer into line with those already applied to companies. LPs will be required to verify the identity of their general partner (in the same way as companies will have to verify directors) and provide certain partner details to the Registrar. Additionally, they must now file an annual confirmation statement (through a registered ACSP). Private equity structures that commonly use the general/limited partner mechanism may want to consider where they are registered before these laws come into place if they wish to retain the privacy of their limited partners.
Failure to prevent fraud offence
The Act has introduced a new offence which aims to hold certain corporate entities to account in cases where they profit from a fraud perpetrated by an employee. The offence, which appears similar to the 'failure to prevent bribery' offence brought in under the UK Bribery Act 2010, (BA 2010) and the failure to prevent facilitation of tax evasion under the Criminal Finances Act 2017 (CFA 2017), will mean that a 'large' entity is liable for a 'failure to prevent fraud' if:
- a specified fraud offence is committed by an "associated" person, who is either;
- an employee, agent or subsidiary of the relevant organisation, or
- an employee of a subsidiary, or
- a person who otherwise performs services for or on behalf of the organisation,
- and the associated person has the intention of benefitting the entity or any person that the associated person is providing services to on behalf of the entity.
There has been debate about the scope of the offence, as currently it only applies to "large" companies or partnerships (i.e., where two of the following conditions are met: > £36m annual turnover, > £18m balance sheet assets, or > 250 employees) in contrast to the offences under the BA 2010 and CFA 2017 which applies to all businesses.
The legislation encompasses most of the fraud offences applicable to companies under the Fraud Act 2006, Theft Act 1968 and Companies Act 2006. It also covers the common law fraud offence of cheating the public revenue which raises the question — how does this differ from the offence under the CFA 2017? While the entities subject to the new offence are limited to "large companies" it has widened the scope of potential actors for whose fraud offence a large company can be liable by introducing subsidiaries (and employees of a subsidiary). However, the fraud offence must benefit the entity, which is not a prerequisite under the CFA 2017 provisions. As the UK parent can be made liable for its subsidiaries' activities under the Act, we may see that future enforcement actions are more likely to be brought under the Act than the CFA 2017 where the large company benefits from the fraud.
Ultimately, it will be a defence if it is proven that (i) there were reasonable prevention procedures in‑place at the time of the offence, or (ii) it was not reasonable to expect such prevention procedures to be in-place. Although this offence is not likely to come into effect until Spring 2024, organisations will likely need to introduce a specific policy in the future in order to have a defence against a fraud offence under the Act. Large companies should, however, in readiness re-visit their current CFA 2017 prevention procedures to ensure they cover all parts of their corporate structure in light of the new offence.
Following consultation, the Act also includes a reform of the "identification doctrine" to ensure that corporations are, in their own right, liable for economic crime. With this expansion of corporate liability on the horizon, companies will want to ensure that the scope of authority of senior managers is clearly delineated. Previously, a corporate body was usually only liable for criminal conduct by one or more natural persons who represented its "directing mind and will". However, recent case law has demonstrated that if high-ranking managers of a corporate entity are capable of being found not to satisfy this test, then the threshold may have been overly restrictive.
Now, in order to prove corporate liability for economic crime, prosecutors need only identify a "senior manager" who has committed a "relevant offence" while "acting within the actual or apparent scope of their authority". In this instance, a "senior manager" is an individual "who plays a significant role in (a) the making of decisions about how the whole or substantial part of the activities of the body corporate or (as the case may be) partnership are to be managed or organised, or (b) the actual managing or organising of the whole or a substantial part of those activities".
The Act brings in various other measures aimed at tackling fraud and economic crime, such as amending the Proceeds of Crime Act 2002 to enable enforcement agencies to recover cryptoassets and streamline anti-money-laundering processes so that businesses can share information more easily. Other measures evidence the government's desire to clamp down on economic crime and include an amendment to reduce the effectiveness of strategic lawsuits against public participants (SLAPPs) concerning economic crime, by enabling such claims to be dismissed before trial and limiting the circumstances in which a defendant must pay the costs of the claimant.
Most of the above will not come into force immediately, as secondary legislation and technical updates to Companies House are required. However, the Registrar has indicated that certain measures (along with higher fees) will become applicable in early 2024 — these will include the Registrar's new power to query information provided to Companies House as well as stronger checks on company names and the requirement that entities provide an 'appropriate' registered address and email. While amendments to the identification doctrine will be applicable earlier, the failure to prevent fraud offence is not likely to come into effect until Spring 2024, following guidance on necessary fraud-prevent procedures.
*Hayley Rabet, a Transactional Tax Planning trainee, contributed to this advisory.
Additional Authors: David Wood and George Warren