updated on 25 March 2025
Question
What’s the impact of the Economic Crime and Corporate Transparency Act?It’s difficult to quantify the impact of corporate and economic crime – fraud alone was estimated to have caused losses of £1.17 billion in the UK Finance Annual Fraud Report 2024. The government has come under increasing pressure to tackle economic crime – the February 2022 treasury committee report concluded that the government wasn’t making corporate crime enough of a priority. Subsequently, the economic crime plan 2 (2023–2026) was introduced by former Prime Minister Rishi Sunak’s government. The plan has three key aims:
It’s hoped that the introduction of the Economic Crime and Corporate Transparency Act 2023 will support these aims. The act has been described as aiming to “bear down further on kleptocrats, criminals and terrorists who abuse our financial system, strengthening the UK’s reputation as a place where legitimate business can thrive, whilst driving dirty money out of the UK”. The act introduced several key changes, such as:
For the purposes of this article, I’ll focus on the new failure to prevent fraud offence and the extension of the identification doctrine.
Corporate organisations can commit criminal offences both via their actions (or the actions of their agents) or by inaction. The most common bases on which corporations can be found criminally liable are via:
Where a corporation is alleged to have committed a crime, it’s not always clear whose acts (eg, a false representation) or whose state of mind (eg, dishonesty) should be attributed to the company. This conundrum has typically been addressed via the English law “identification doctrine”.
The origins of the identification doctrine can be traced to the case of Lennard’s Carrying Co Ltd v Asiatic Petroleum Ltd, which related to a ship transporting goods for Asiatic Petroleum Co. that sank due to a fire caused by defects in its boiler. The court considered whether the company should be held liable for the negligence of its director and owner, Lennard, who knew or should have known about the defects. The court held that Lennard was the “directing mind and will” of the company and, therefore, the organisation could be held liable for the negligence of its director. This principle developed over time to allow an organisation to be convicted for a criminal offence where one of its “directing minds” had committed that offence. In Tesco Supermarkets Ltd v Nattrass, the identification doctrine was described as being applicable where an employee is “an embodiment of the company”.
Historically, this “directing mind and will” or “embodiment” has been limited to very senior members of an organisation, (often, but not always, a director or a member of the board) so it has been difficult for the courts to hold organisations to account, particularly large corporations where management responsibilities are delegated across many individuals.
The weaknesses of the doctrine were particularly evident in the failed prosecution of Barclays following the financial crisis for conspiracy to defraud. Barclays successfully argued that the CFO and CEO didn’t represent the “directing mind and will” of the bank, such that their actions and state of mind could not be attributed to Barclays. This was because those individuals, while senior executives, didn’t have “full discretion” or “entire autonomy” to complete the deal in question without final sign off from Barclays’ board. This case emphasised the challenge in applying the existing identification doctrine, particularly to large organisations with complex governance structures.
The act has modified the identification doctrine for certain specified “economic” offences. For such offences, the prosecution doesn’t need to identify the directing mind and will of a corporate defendant; it need only identify a senior manager who has committed the relevant crime when acting within the actual or apparent scope of their authority. Senior managers can be any individuals who play a significant role in:
This represents a significant extension of the identification doctrine and has applied to all commercial organisations, irrespective of size, since 26 December 2023. This aligns the UK’s approach more closely with that US, which instead has the ‘respondeat superior’ doctrine, which allows a company to be held liable for the actions of agents at all levels.
The government is already considering a further extension of the scope of this new “senior managers” test beyond economic crimes. Section 130 of the Crime and Policing Bill would allow the “senior manager” approach to attributing criminal liability to corporates for all criminal offences.
To manage the risks associated with the extension of the identification doctrine, organisations should:
The act has also introduced a new failure to prevent fraud offence. This new offence will come into force on 1 September 2025. Under the new offence, a corporate or partnership which is a “large organisation” will be liable where an “associate” (which term will include employees, agents, subsidiaries and their employees and anyone else who performs services for or on behalf of the organisation) commits specified fraud offences for the organisation’s benefit (whether directly or indirectly). A corporate or partnership meets the definition of a “large organisation” if it satisfies two or more of the following:
This offence will apply to any large organisation doing business in the UK, irrespective of its domicile, if the underlying fraud involved a UK nexus.
However, where a relevant fraud has been committed, an organisation will have a complete defence if it can prove that, at the time the fraud offence was committed:
The government hopes that the implementation of this offence will encourage organisations to improve their fraud prevention measures and allow for organisations to be held accountable if they profit from the fraudulent actions of their employees.
The government’s failure to prevent fraud guidance outlines six guiding principles for organisations to consider when reviewing their anti-fraud programmes to avail themselves of the “reasonable prevention procedures” defence:
The new failure to prevent offence is intended to encourage organisations to promote transparency and to act with integrity. As fraud makes up such a significant proportion of the offences committed in the UK every year, it’s a key area of concern for the government.
The extension of the identification doctrine aims to address the weaknesses of the earlier regime and allow the SFO and other bodies to more readily prosecute organisations.
The act also introduces a range of broader investigatory and prosecutorial powers for Companies House, the National Crime Agency and the SFO to utilise. However, it remains to be seen how effective these powers will be in practice.
The act represents a significant shift in the landscape of corporate crime and regulation. By introducing the new offence of failure to prevent fraud and by extending the identification doctrine to include senior managers, the act aims to hold organisations accountable for fraudulent activities and encourage them to implement robust fraud prevention measures. It also helps to clarify what had become a complex and fractured landscape, as a result of inconsistent application of principles in case law. The government hopes that these changes will strengthen the UK's reputation as a place where legitimate business can thrive, while driving out dirty money.
To learn more about the new Economic Crime and Corporate Transparency Act and the failure to prevent fraud offence and what it might mean for organisations please see the articles below:
This article is intended to provide a general overview of the new failure to prevent fraud offence. It doesn’t constitute legal advice and the information contained in this article should not be construed as legal advice.
Charlotte Colvin is a trainee solicitor at Burges Salmon LLP.