UK Corporate Crime Law Puts ‘Senior Managers’ in the Hot Seat

The Economic Crime and Corporate Transparency Act (ECCTA), coming into force in September 2025, is landmark legislation set to reshape the UK’s corporate compliance landscape. A key aspect of ECCTA is that it emphasizes the prevention of fraud, in myriad underlying offenses, holding organizations accountable for the actions of their internal teams and external partners. This will require organizations to implement adequate procedures to prevent and detect fraud, including due diligence on third parties, robust internal controls and regular employee training.

Despite the anticipated significant impact, ECCTA’s guidelines from the Home Office have raised questions over their lack of clarity and practical guidance. Traditionally, proving a company’s involvement in fraud required showing a clear link between the criminal act and the company’s “directing mind and will.” ECCTA lowers this bar, making it easier to hold organizations liable for actions of their teams and partner ecosystem if they have been deemed to have benefitted from the wrongdoing.

A critical ambiguity in the act is its definition of a “senior manager.” The guidelines reiterate the statutory definition, leaving organizations to interpret it case-by-case. ECCTA expands this definition to include individuals playing a significant role in managing or organizing substantial parts of the organization’s activities. This broader definition means more individuals, beyond the board and executive management, can cause the organization to be held liable for economic crimes.

Perhaps inevitably, the guidelines also lack detailed steps for ECCTA compliance and fraud prevention. While the six principles provide a high-level framework, they cannot offer the granular detail needed for effective implementation. Organizations should, therefore, adopt a proactive approach to fraud prevention, considering internal and external threats, fostering a culture of integrity, transparency and reassurances for staff who raise concerns, leveraging data analytics to identify red flags and conducting thorough due diligence on third parties.

To mitigate potential risks, focus on these key areas:

Senior management liability

ECCTA lowers the “controlling mind” threshold, making the organization susceptible to actions taken by a larger population of its employees. Organizations must:

• Identify senior managers: Define who may qualify as a senior manager under ECCTA.
• Implement risk management Strategies: Develop strategies to address the risks of senior managers’ actions, such as: assessing fraud risks in operational areas; providing enhanced training on ECCTA and financial crime risks; increasing internal audit scrutiny of controls, policies and procedures; and reviewing historical allegations, whistleblower reports and audit findings for potential fraud weaknesses.

Litigation monitoring

Civil lawsuits potentially offer insights into corporate wrongdoing that could trigger a criminal investigation. Larger organizations with complex structures should:

• Monitor litigation filings: Actively monitor litigation repositories for mentions of the organization or subsidiaries to identify potential issues early.
• Respond swiftly: Develop a plan to address potential issues, mitigate risks and promptly prevent escalation.

Compliance

What Would UK Corporate Crime Changes Look Like in Practice?

by Lloydette Bai-Marrow

July 17, 2023

Read moreDetails

Third-party risk management

ECCTA extends liability to a range of “associated persons” who provide services on behalf of the organization, including partners, agents and distributors. Organizations should:

• Assess third-party risk: Evaluate potential ECCTA-related risks associated with third parties.
• Implement risk mitigation strategies: Consider strategies such as: offboarding high-risk third parties; incorporating ECCTA considerations into the onboarding process; conducting enhanced due diligence on high-risk third parties; requiring agents and partners to disclose past litigation; undertaking third-party fraud audits; implementing automated monitoring for fraud indicators; and demonstrating a commitment to fraud risk mitigation. 

Section 2 notices

The Serious Fraud Office has enhanced powers to obtain information under Section 2 of the Criminal Justice Act 1987. Organizations must be prepared to:

• Develop a response plan: Create a comprehensive plan to coordinate responses to information requests and potential dawn raids.
• Identify key personnel: Designate individuals responsible for coordinating responses and select external advisers (legal counsel, forensic experts, PR specialists).
• Train internal teams: Educate IT, data handling and in-house legal teams on compliance procedures, rights and response strategies.

Conclusion

ECCTA presents significant challenges, but it also offers an opportunity to assess and strengthen corporate governance, enhance trust and build a resilient organization. By proactively managing fraud risk, fostering a culture of integrity and continuously improving fraud prevention measures, organizations can navigate the new legal landscape effectively and contribute to a more transparent and ethical business environment.

A well-resourced and empowered compliance function is critical. Management must support this function to navigate the responsibilities arising from ECCTA and other compliance obligations, effectively. A successful response requires a coordinated, cross-organizational effort.