The ECCTA: Navigating the identification doctrine and the failure to prevent fraud offence 

December 9, 2024

Since its introduction, the Economic Crime and Corporate Transparency Act (ECCTA) has ushered in significant changes to corporate governance in the UK. Two of its most significant provisions are the failure to prevent fraud offence and the new identification doctrine which extends accountability for economic crimes to ‘senior managers’. These changes are likely to significantly impact how companies approach the development of their ethics and compliance programmes. 

We explored the implications at our recent House of Lords debate. The discussion offered insights on practical challenges, areas of concern and the steps businesses are taking to ensure compliance and to foster a culture of accountability which clearly ties in all senior managers across the organisation. 

Opening remarks from Lord Gold

Lord Gold’s opening remarks praised the Act’s attempt at enhancing corporate transparency and acknowledged the gravity of its obligations, particularly for multinational companies managing far-flung subsidiaries. He noted that a large part of the Act is focused on corporate transparency and the reform of Companies House and how companies reveal corporate ownership. In terms of the new failure to prevent offence, he stressed that the onus remains on companies to ensure robust anti-fraud systems are in place. Failure to do so could lead to dual prosecutions: once for the fraud itself and a second for failing to establish adequate prevention measures.  

While welcoming the Home Office’s guidelines, he acknowledged the difficulty of embedding the six principles in practice. For most companies, the main challenge is less about setting up systems—most are already in place—the challenge is ensuring everyone takes ownership of them. To facilitate this, he highlighted the importance of tone from the top and avoiding mixed messaging. Ethical behaviour must be consistent across all communications, avoiding contradictions where ethics are emphasised one day, but financial pressures dominate the next. Lord Gold also urged companies to make training relevant and human-centric: no endless lectures about abstract principles, but rather job-specific guidance. Finally, he underscored the importance of continuous risk assessment. He also mentioned the benefit of external advisors to provide an independent assessment of the compliance programme to help provide board assurance and a defence in court, if it were ever needed. 

Challenges raised by participants 

The debate shed light on the practical difficulties companies are grappling with under the new regime. 

The first issue raised was about the definition and the importance of distinguishing clearly between fraud that benefits the company (the focus of the ECCTA) and fraud against the company. In many companies, the term fraud has been used almost exclusively to mean fraud against the company, so this change in emphasis and definition is key to understand at the outset. However, several participants noted that they are reviewing both inward and outward fraud as part of the same review. 

The new identification doctrine is a challenge. It implies that senior managers need to be identified and trained. A number of participants noted that they had undertaken an exercise to review and name all of the senior managers in the organisation. This has been done so that enhanced ethics and compliance training can be delivered. Some participants said that this list had been developed under legal privilege, with the implication being that the list could be used against the company in the event of a prosecution. The company might want to hold out the possibility of arguing in court that the person involved was not in fact a ‘senior manager’ and therefore the company could avoid prosecution. Other participants noted that they had deliberately decided not to identify and name senior managers to try to avoid this risk. 

The new doctrine also raises the challenge of what senior managers are supposed to be doing differently than before. The current ethics and compliance programmes require everyone to behave in line with the company’s code of conduct and to avoid bribery, corruption and fraudulent behaviour. However, the new doctrine implies that the messaging and culture amongst senior managers now need to be reinforced. 

The debate raised the issue of whether the ‘reasonable procedures’ to prevent fraudulent behaviour were the same as the ‘adequate procedures’ to prevent bribery. The debate concluded that the guidance is helpful because it shows that the same six principles apply to the design of the ethics and compliance programme. However, the fraudulent behaviour risks contain broader and distinct elements that need to be considered and controlled. Examples cited include the risk of greenwashing, the risk of misleading investors with wrong financial or non-financial data, mis-selling, falsely inflating invoices and misrepresenting the value of a company during an M&A transaction. These examples suggest that a separate risk mapping for fraud is essential and distinct from the work done for the Bribery Act. 

Misrepresentation in sustainability or non-financial reporting was cited as a particular concern. This is made more complex by the fact that methodologies for non-financial and sustainability reports are still being standardised, and companies have been pushed to adopt green strategies with ambitious claims. The debate raised the issue of whether the auditors’ role will have to change due to these new risks. 

Like with the Bribery Act, the debate raised the risk relating to third parties such as sales intermediaries. Clearly these present a risk of acting fraudulently in order to win business for the company. Extending training and tighter controls may be required to address these risks. 

The guidance is appreciated. However, participants had questions about the definition of specific terms and their possible implications.  The definition of ‘benefit to company’ remains tenuous in the minds of many. The act proposes a wider definition of fraud. The trigger is low, and the actual threshold for a prosecution is unclear. Debate participants noted that it would require cases to go to court before businesses can adequately understand how they should respond to the ECCTA requirements. 

Good practices identified  

Despite these challenges, many companies are making significant strides to align with the new requirements: 

  • Most companies have begun identifying their senior leadership populations, though some remain hesitant due to concerns about liability 
  • Most companies have undertaken an initial review of their ‘reasonable procedures’. It was also clear that several participants are planning a more detailed review in 2025, now that the guidance is published 
  • Most companies have started discussions internally about ‘outward fraud’ and how it might apply to each company’s operations 
  • Some companies are conducting more rigorous due diligence on sensitive hires and high-risk third parties 
  • Innovative approaches like bite-sized, story-led sessions or “Think Like a Criminal” scenarios are being introduced to make training more effective and relevant 
  • Some companies are strengthening whistleblowing. Some are creating alternative reporting avenues and ‘question-led’ reporting channels to encourage employees to raise concerns without fear 
  • Some participants reported engaging employees through surveys or focus groups to learn about existing gaps in the compliance programme and understand whether employees feel as though risks are being adequately addressed 

GoodCorporation’s view 

The ECCTA is a welcome development in strengthening the corporate governance environment more broadly. It should allow good companies to stand out, win business and attract talent by adopting good ethics and compliance programmes.  

The identification doctrine is helpful in that it makes it clear that companies must make sure that senior managers are incentivised and trained to follow expected behaviours. We are likely to see a continuation of the efforts to identify and train this population.  

The failure to prevent fraud offence is also significant. The release of the new guidance provides an opportunity to review existing procedures considering the principles outlined by the Home Office. GoodCorporation’s Prevention Against Fraud framework aligns closely with this guidance. It takes a comprehensive approach, addressing all relevant functions to help organisations identify and evaluate the risks and controls necessary to reasonably prevent fraud. Our work has helped clients both with outward as well as inward fraud, allowing an efficient response to building a strong ethics and compliance programme. We are also helping our clients rationalise structures, ensuring that all compliance topics can be addressed seamlessly.