From Identification to Prevention: How ECCTA 2023 Rewires Corporate CriminalLiability and What Boards Must Do Before 1 Sept 2025

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) represents the most significant reform of corporate criminal liability in half a century.1 This introduces two landmark changes. First, it codifies a statutory “senior manager” attribution test that broadens the scope of accountability beyond directors to include a wider group of senior management.2 Secondly, it develops a new strict liability “failure to prevent fraud” offence, which can be mitigated only by the reasonable procedures defence.3 With the act taking effect on 1 September 2025, boards and general counsels face multiple different governance implications. These reforms intersect closely with directors’ duties under the Companies Act 2006, evolve expectations under the UK Corporate Governance Code, and align with the Serious Fraud Office’s increasingly proactive enforcement stance.4 

1. Context and the Identification Problem 

Corporate criminal liability in the UK was long guarded by the “directing mind and will” test, which was established in Tesco Supermarkets Ltd v Nattrass [1972] AC 1535. There, the House of Lords held that a company could only be liable if its board or very senior executives, those embodying the “directing mind”, were culpable/guilty.6 

This narrow framework created many enforcement barriers. Modern corporations decentralise authority, meaning fraud often arises at divisional or managerial levels without board involvement7. The LIBOR and Euribor manipulation scandals exposed these weaknesses, leading to numerous individual prosecutions but few corporate convictions.8 9 

The Law Commission’s 2022 Options Paper highlighted that the doctrine was “inadequate for complex organisations” and undermined enforcement.10 With fraud costing the UK approximately £190 billion annually, public and political pressure for reform was foreseeable. The ECCTA therefore represents a statutory correction.11 

2. The Senior Manager Test: Attribution Reset 

The ECCTA’s attribution reform centres on the “senior manager” test12. Section 196 defines a senior manager as anyone playing a significant role in either decision-making or managing a substantial part of the business.13 

This represents a decisive turn from Tesco v Nattrass14. Liability now attaches not only to directors but also to those exercising genuine operational authority, such as regional directors, divisional heads, and senior finance officers. Moreover, this test is functional rather than formal, assessing responsibility based on actual managerial influence rather than corporate titles. 

The model draws on the Corporate Manslaughter and Corporate Homicide Act 2007, which uses a similar definition15. Consequently, prosecutors can now attribute liability without proving board-level involvement, significantly lowering evidential burdens. For boards, this reorientation underscores the critical need to clarify reporting structures, document decision-making hierarchies, and ensure senior managers operate within a robust compliance framework.16 

3. Failure to Prevent Fraud (FTPF): Scope and Defence 

The Act also introduces the new “failure to prevent fraud” (FTPF) offence.17 Sections 199–204 impose strict liability on large organisations, defined as those exceeding Companies Act thresholds (turnover over £36m, balance sheet over £18m, or more than 250 employees), if an associated person commits fraud intending to benefit the company or its clients.18 

“Associated persons” include employees, agents, subsidiaries, and contractors. Covered offences include fraud by false representation under the Fraud Act 200619, false accounting, fraudulent trading, and misleading financial disclosures. Mirroring the Bribery Act 201020, this offence establishes strict liability but allows a mitigation defence where the organisation can prove reasonable procedures were in place to prevent fraud. The Home Office’s November 2024 guidance explicates six pillars for these reasonable procedures21. From maintaining a tailored fraud risk assessment, demonstrating top-level commitment through policies and resource allocation, conducting rigorous due diligence on third parties, implementing targeted controls and training specifically for high-risk functions, providing accessible and secure whistleblowing and investigation mechanisms, and lastly ensuring ongoing monitoring and review enhanced by audits and data analytics22. 

While the standard is reasonableness rather than perfection, the importance of the offence’s commencement compels organisations to urgently overhaul their fraud prevention frameworks and supply chain controls, and to prepare clear evidence of compliance23. 

4. Enforcement Posture: SFO, DPAs and Self-Reporting 

The Serious Fraud Office (SFO) has signalled a proactive enforcement strategy24. Its 2024 Annual Report prioritises fraud, and senior officials have highlighted a shift towards earlier intervention25. Deferred Prosecution Agreements (DPAs) are expected to become the main enforcement tool for FTPF, as they have under the Bribery Act26. 

Companies that voluntarily self-report and cooperate are likely to negotiate more favourable DPA terms, including lower fines and mitigated reputational harm. In contrast, those that seek to conceal or delay disclosure risk facing full-scale prosecutions, heightened shareholder litigation, and enhanced regulatory penalties27. The SFO director has forecast a rise in “plea-bargain-style” resolutions, bringing UK enforcement more in line with established US practices28. The reputational stakes are considerable; for listed firms, investor trust and market confidence far exceed the impact of any financial penalty resulting from criminal proceedings.29 

5. Duties and Governance 

The ECCTA reframes directors’ duties30. Under section 172 of the Companies Act 2006, directors must promote the success of the company, considering the long-term implications for reputation, among other factors31. Section 174 imposes duties of care, skill, and diligence. In the current regulatory environment, failing to oversee effective fraud prevention could constitute a breach of these duties32. 

The UK Corporate Governance Code states that boards establish effective risk management and internal control systems. The FTPF offence codifies these governance standards by setting a statutory baseline for “reasonable procedures.”33 Boards that neglect their oversight responsibilities risk not only criminal liability but also potential derivative proceedings brought by shareholders.34 Additionally, fraud convictions or DPAs may trigger further disclosure obligations under the Market Abuse Regulation and FCA Listing Rules, imposing enhanced transparency and annual reporting requirements35. This legal framework creates a shift where proactive self-reporting and compliance serve as strategic obligations, while silence or complacency results in litigation and reputational collapse36. 

6. The US and the UK Comparison 

The UK reforms mirror developments in the United States. Similarly, the US Department of Justice’s 2023 Corporate Enforcement Policy prompts voluntary self-disclosure, remediation, and cooperation, principles mirrored in the FTPF regime37. 

Delaware fiduciary duty cases showcase this. In In re Caremark International Inc Derivative Litigation(1996)38, liability arose from directors’ failure to maintain compliance systems. In Marchand v Barnhill (2019)39, directors were liable for ignoring obvious risks in a key business line. These cases cemented oversight as a fiduciary responsibility. 

FTPF could be viewed as the UK’s “Caremark moment”, as it embeds compliance within statutory corporate duties, aligning governance expectations across the Atlantic40. This development presents both challenges and opportunities for multinational boards to harmonise governance and compliance standards across jurisdictions. 

7. What Boards and General Counsels Should Do Before 1 September 2025 

Boards should act immediately41. Firstly, they should conduct comprehensive fraud risk assessments across all business lines and geographic jurisdictions to identify vulnerabilities42. Secondly, documented top-level commitment must be secured through clear policies, resource allocation, and clear accountability structures43. Thirdly, due diligence and contractual safeguards for associates, including third parties and subsidiaries, should be enhanced to mitigate fraud risks. 44Fourthly, targeted training programmes and control mechanisms should be deployed with a focus on high-risk functions such as procurement and sales45. Finally, companies must establish robust monitoring and review processes, leveraging audits, data analytics, and whistleblowing feedback to ensure ongoing compliance.46 

These measures provide a statutory defence, reinforce directors’ duties, and reassure regulators and investors. Organisations that delay risk being early test cases under the new regime.47 

Conclusion 

The ECCTA closes long-standing gaps in corporate criminal liability by broadening attribution and imposing a proactive duty to prevent fraud.48 The legal standard is reasonableness, not perfection, but boards that ignore the reforms risk prosecution, derivative litigation, and reputational collapse. Prevention is essential to sustaining investor trust49. With the failure to prevent fraud offence commencing on 1 September 2025, boards have little time left to embed effective controls and evidence compliance50. 

Bibliography 

1. Economic Crime and Corporate Transparency Act 2023, c 56 

https://www.legislation.gov.uk/ukpga/2023/56accessed 29 August 2025. 

2. Home Office, Economic Crime and Corporate Transparency Act 2023: Failure to Prevent Fraud Factsheet (29 February 2024) 

https://www.gov.uk/government/publications/economic-crime-and-corporate-transparenc y-act-2023-failure-to-prevent-fraud-offence accessed 29 August 2025. 

3. Home Office, Guidance to Organisations on the Offence of Failure to Prevent Fraud (s 204 ECCTA) (6 November 2024) 

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_ data/file/1125640/eccta-failure-to-prevent-fraud-guidance.pdf accessed 29 August 2025. 4. Tesco Supermarkets Ltd v Nattrass AC 153 (HL). 

5. Norton Rose Fulbright, ‘Biggest Reform of the Identification Doctrine in More Than 50 Years’ (2024). 
6. Law Commission, Corporate Criminal Liability: An Options Paper (Law Com No 372, 10 June 2022). 
7. BBC News, ‘Economic Crime Act Overhauls UK Company Law’ (26 October 2023). 8. ECCTA 2023, s 196. 
8. Macfarlanes LLP, ‘The Economic Crime and Corporate Transparency Act 2023 (ECCTA)’ (15 June 2025). 
9. Corporate Manslaughter and Corporate Homicide Act 2007, s 1. 
10. Allen & Overy LLP, ‘Economic Crime and Corporate Transparency Act 2023: Where Are We and What’s Next?’ (6 April 2025). 
11. ECCTA 2023, ss 199–204. 
12. ECCTA 2023, s 201. 
13. Fraud Act 2006, ss 2–4. 
14. Bribery Act 2010, s 7. 
15. WilmerHale, ‘UK Failure to Prevent Fraud Offence to Come into Force—Is Your Organisation Prepared?’ (25 August 2025). 
16. Serious Fraud Office, Annual Report and Accounts 2024. 
17. R (on the application of SFO) v Alpha Corp EWCA Civ 789.
18. Stephenson Harwood LLP, ‘Failure to Prevent Fraud: Corporate Prosecution Guidance Updated’ (2024). 
19. ‘SFO Boss Predicts More Plea-Bargain-Style Deals Under New UK Fraud Law’, Financial Times (London, 2024). 
20. Markus Kachler, ‘Companies Brace for Impact of New Failure to Prevent Fraud Offence’, The Times (London, 2025). 
21. Companies Act 2006, ss 172, 174. 
22. Financial Reporting Council, Guidance on Board Effectiveness (2018). 24. Jennifer Pacella and David F Zaring, ‘The Corporation as Monitor’ (2020) 130 Yale LJ Online 27. 
23. Companies House, ECCTA 2023: Progress Report (16 June 2025). 26. John T Coffee Jr, ‘Corporate Crime and Punishment: A Structural Perspective’ (2006) 1 Colum JLSoc Probs 103. 
24. United States DOJ, Corporate Enforcement Policy (2023 update). 28. In re Caremark International Inc Derivative Litigation 698 A 2d 959 (Del Ch 1996); Marchand v Barnhill 212 A 3d 805 (Del 2019). 
25. Richard B Black and Robert J Rhee, ‘Regulating Corporate Fraud and Misconduct: The Case for Enhanced Penalties’ (2018) 47 U Mich J L Reform 69. 
26. WilmerHale (n 16). 
27. Bindmans LLP, ‘Libor: Double standards in fraud prosecutions?’ (2023) https://www.bindmans.com/news-insights/blogs/double-standards-in-fraud-prosecutions/ accessed 31 August 2025. 
28. BBC News, ‘Jailed bankers appeal against interest rate “rigging” convictions’ (13 March 2024) https://www.bbc.com/news/business-68563091 accessed 31 August 2025. 33. R (Respondent) v Hayes (Appellant) UKSC 87 https://supremecourt.uk/cases/uksc-2024-0087 accessed 31 August 2025.

1 Economic Crime and Corporate Transparency Act 2023, c 56 https://www.legislation.gov.uk/ukpga/2023/56 accessed 29 August 2025.

2Ibid 1. 

3Ibid 1. 

4 Home Office, Guidance to Organisations on the Of ence of Failure to Prevent Fraud (s 204 ECCTA) (6 November 2024)  https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1125640/eccta-fail ure-to-prevent-fraud-guidance.pdf accessed 29 August 2025. 

5 Tesco Supermarkets Ltd v Nattrass [1972] AC 153 (HL). 

6Ibid 5. 

7 Norton Rose Fulbright, ‘Biggest Reform of the Identification Doctrine in More Than 50 Years’ (2024).

8 Bindmans LLP, ‘Libor: Double standards in fraud prosecutions?’ (2023)  https://www.bindmans.com/news-insights/blogs/double-standards-in-fraud-prosecutions/ accessed 31 August 2025.

9 BBC News, ‘Jailed bankers appeal against interest rate “rigging” convictions’ (13 March 2024) https://www.bbc.com/news/business-68563091 accessed 31 August 2025. 

10 Law Commission, Corporate Criminal Liability: An Options Paper (Law Com No 372, 10 June 2022). 11Ibid 10. 

12 Ibid 1. 

13 ECCTA 2023, s 196. 

14 Ibid 5. 

15 Corporate Manslaughter and Corporate Homicide Act 2007, s 1. 

16 Allen & Overy LLP, ‘Economic Crime and Corporate Transparency Act 2023: Where Are We and What’s Next?’ (6 April 2025). 

17 Ibid 1.

18 Ibid 1. 

19 Fraud Act 2006, ss 2–4. 

20 Bribery Act 2010, s 7. 

21 Home Office (n 3). 

22 WilmerHale, ‘UK Failure to Prevent Fraud Offence to Come into Force—Is Your Organisation Prepared?’ (25 August 2025). 

23 Serious Fraud Office, Annual Report and Accounts 2024. 

24 Ibid 23. 

25 Ibid 23.

26 Ibid 20. 

27 Stephenson Harwood LLP, ‘Failure to Prevent Fraud: Corporate Prosecution Guidance Updated’ (2024).

28 SFO Boss Predicts More Plea-Bargain-Style Deals Under New UK Fraud Law’, Financial Times (London, 2024).

29 Markus Kachler, ‘Companies Brace for Impact of New Failure to Prevent Fraud Offence’, The Times (London, 2025). 

30 Ibid 1. 

31 Companies Act 2006, ss 172, 174. 

32 Ibid 31. 

33 Financial Reporting Council, Guidance on Board Ef ectiveness (2018). 

34 Jennifer Pacella and David F Zaring, ‘The Corporation as Monitor’ (2020) 130 Yale LJ Online 27. 

35 Companies House, ECCTA 2023: Progress Report (16 June 2025).

36 John T Coffee Jr, ‘Corporate Crime and Punishment: A Structural Perspective’ (2006) 1 Colum JLSoc Probs 103.

37 United States DOJ, Corporate Enforcement Policy (2023 update). 

38 In re Caremark International Inc Derivative Litigation 698 A 2d 959 (Del Ch 1996). 

39 Marchand v Barnhill 212 A 3d 805 (Del 2019). 

40 Richard B Black and Robert J Rhee, ‘Regulating Corporate Fraud and Misconduct: The Case for Enhanced Penalties’ (2018) 47 U Mich J L Reform 69. 

41 Home Office (n 3). 

42 Ibid 41. 

43 Ibid 41. 

44 Ibid 41.

45 Ibid 41. 

46 Ibid 41. 

47 Ibid 41. 

48 Ibid 1. 

49 WilmerHale (n 17). 

50 Ibid 1.