Why the Economic Crime and Corporate Transparency Act is significant step in the right direction for the fraud community

After a highly charged passage through Parliament, we welcomed the enactment of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) on 26 October. This wide-ranging piece of legislation marks important progress in the fight against economic crime in the UK, covering, as it does, a number of areas which the anti-economic crime community has long campaigned for.

This includes the enactment of new information-sharing provisions for the purposes of preventing and detecting economic crime. Although one of the less commented on aspects of the Act during its passage through Parliament, the enactment of these new provisions marks a major step forward for information-sharing in the prevention of economic crime. 

In summary, provisions 188 and 189 of the ECCTA disapply civil liability for breach of confidentiality for regulated sector businesses sharing information in specific circumstances. This removes one of the key perceived barriers to information-sharing on economic crime in the regulated sector. In doing so, the act provides legal certainty for banks and wider regulated sectors to share financial crime information, including in relation to money laundering, both peer-to-peer and via a third-party platform. A vital development in combatting economic crime and reducing the harm to society from money laundering and the wider organised crime it enables.

Data sharing must be underpinned by the appropriate safeguards and checks and balances, and we were delighted to note that that the protections and appeals mechanisms outlined in the act will be based upon the Cifas National Fraud Database. Further vindication of the robust governance Cifas provides to deliver legal and proportionate data sharing, including clear and transparent data access and complaints procedures. While the new economic crime data sharing provisions represent a significant and hugely welcome development, they remove just one of many real (or perceived) barriers to information-sharing. As a result, these provisions must be seen as a starting point and not an end. On this basis, we will be tracking the progress of the Data Protection and Digital Information Bill over the coming months to ensure this includes the measures necessary to support proportionate economic crime information-sharing for the future. Further to this we are engaging closely with the Home Office’s Economic Crime Data Strategy process, launched in the Economic Crime Plan 2 which will chart a pathway for a data-driven approach to tackling economic crime.

The ECCTA’s most prominent area of reform, however, relates to changes to the role, function and powers of the UK’s corporate registry, Companies House. It has long been recognised that UK corporate vehicles have been regularly abused for the commissioning of economic crimes, largely due to the hitherto limited role and powers of the Registrar of Companies.

The Act marks the biggest shake-up to the registry in over a century and will, amongst other things, give the registrar a statutory role in upholding the integrity of the register and in combatting economic crime. To enable the registrar to perform this new function, she is empowered with expansive new information-sharing gateways. We encourage Companies House to use these to share and receive information from both the public and private sectors, including through data consortia like our own.

Furthermore, the Act implements new identity verification standards for those registering companies and company directors. Given the well-documented scale of identity fraud on the register these measures will, once secondary legislation is enacted, go some way to reducing fraudulent abuse of people’s personal data on the register. Again, cross-matching data with industry datasets on identity fraud will help Companies House to properly fulfil this role going forward. Using such checks before registering companies would bring the corporate registry in line with onboarding guidelines issued recently by the FCA to the banking sector, which noted the role of data consortia, like Cifas, as an important, preventative measure.

Finally, the Act sees the advent of new ‘failure to prevent fraud’ provisions, which would make large corporates guilty of an offence if a person associated with the company commits a fraud offence for the benefit of the company – unless the company can prove it had reasonable prevention measures in place. Although a welcome starting point, these provisions faced considerable challenge in their passage through Parliament, with many believing that their limited scope and application would hinder their efficacy in practice.

Be that as it may, this new offence underlines the importance of organisations having effective internal fraud controls. a ‘tone from the top’ approach to fraud prevention, and a robust anti-fraud culture that includes specialist fraud training for staff, and pre-employment and ongoing employee screening.

In summary, the ECCTA is undoubtably a landmark piece of legislation, which provides significant opportunity to drive down fraud and money laundering. However, it marks a starting point for action and not an end in and of itself.