Economic Crime and Corporate Transparency Act 2023 (“ECCTA”): Implications for Senior Interim Managers in ‘Large’ Organisations.

The Home Office has now issued guidance on that part of the Act which refers to the prevention of fraud. The following is a quote from the Introduction:

“The Law Commission published a paper in June 2022 examining options to improve the law to ensure that corporations are effectively held to account for committing serious crimes. This paper considered the creation of a new offence of failure to prevent fraud. This offence was created by the Economic Crime and Corporate Transparency Act 2023.

Under the offence, an organisation may be criminally liable where an employee, agent, subsidiary, or other ‘associated person’, commits a fraud intending to benefit the organisation and the organisation did not have reasonable fraud prevention procedures in place. In certain circumstances, the offence will also apply where the fraud offence is committed with the intention of benefitting a client of the organisation. It does not need to be demonstrated that directors or senior managers ordered or knew about the fraud.

The offence sits alongside existing law; e.g. the person who committed the fraud may be prosecuted individually for that fraud, while the organisation may be prosecuted for failing to prevent it.

The offence will make it easier to hold organisations to account for fraud committed by employees, or other associated persons, which may benefit the organisation, or, in certain circumstances, their clients. The offence will also encourage more organisations to implement or improve prevention procedures, driving a major shift in corporate culture to help prevent fraud.

The offence applies to large organisations only and applies across the UK.

Although the offence of failure to prevent fraud applies only to large organisations, the principles outlined in this guidance represent good practice and may be helpful for smaller organisations.”

A ‘large’ organisation in this context in the is defined as meeting two or three of the following criteria:

• more than 250 employees
• more than £36 million turnover
• more than £18 million in total assets

The Act applies in the public sector as well as private and also covers large charities/not for profits.

The way that the Act is drafted necessitates an organisation to do a lot more than a risk assessment: it applies to all parts of the organisation (i.e. not just about the finance function) and effectively requires clear evidence that fraud prevention becomes an intimate part of the organisation culture. Given the intent of the Act, all functions have to be aware and any senior interims therefore need to take account of the requirements for ‘reasonable practice’ to be built into the way of working throughout all commercial activity.

The Home Office has now produced guidance for the Act on fraud prevention. This has been included as an attachment for your reference. The link to the documentation on line is here: https://www.gov.uk/government/publications/offence-of-failure-to-prevent-fraud-introduced-by-eccta

Six principles that identify what reasonable practices or procedures mean, are:

1. Top level commitment
2. Risk assessment
3. Proportionate risk-based fraud prevention procedures
4. Due diligence
5. Communication (including training) and
6. Monitoring and review

Being able to demonstrate a reasonable response in these areas provide the basis for an organisation to have a defence to prosecution.

The format has a lot in common with the two other ‘failure to prevent’ offences; bribery and the facilitation of tax evasion.

KPMG have produced a summary of the regulation, which includes 5 things to focus on building in as a response (this will not represent everything that an organisation may wish to do).

1. As alluded to above, the benefits of the fraud do not have to be directly financial
2. The benefit can be inferred. That is, the organisation may not be the primary beneficiary of the fraudulent act but benefit indirectly, perhaps not even intended by the person involved.
3. Unsurprisingly, risk assessment is part of the process but clearly only one aspect.
4. Document the decisions made as you go along building and applying the processes, and makes sure review occurs and lessons learned are applied.
5. The extent of overseas reach is not completely clear. It is likely to require what benefit accrues to the UK based business versus the overseas group enterprise where the issue occurred.

In summary, from September 2025, interim managers or interim executives in large organisations need to ensure that they are working in a well-structured environmental response to ECCTA. This is not just about an interim board member but anyone in a position to see potential fraud and/or where they can support the client by ensuring the processes and procedures actively exist.

Writing this, I cannot think of a function that can ignore the Act’s requirements.