top of page

Navigating corporate crime risk in light of the Economic Crime and Corporate Transparency Act 2023

Janina White

15 Dec 2023

The Economic Crime and Corporate Transparency Act 2023 (hereafter referred to as the Act) has ushered in a significant overhaul in the realm of corporate criminal attribution, particularly in addressing a spectrum of economic crimes. One notable addition is the introduction of a novel offence, specifically targeting corporate entities for their failure to prevent economic crimes committed by managers, employees, subsidiaries, and service providers.

The primary aim behind these legislative reforms is to streamline the prosecution process for companies involved in fraudulent activities. This guide aims to succinctly outline the key aspects of these reforms and shed light on their implications.

Under the Act, a crucial component is the introduction of a "reasonable procedures" defence, applicable to the failure-to-prevent offence. This guide seeks to provide a structured methodology and a customizable template for conducting a comprehensive risk assessment. This process is integral in the development of a robust defence based on reasonable procedures.

It is imperative for corporations to adapt to these changes and proactively manage their risk landscape. By understanding the nuances of the Act and implementing effective risk assessment measures, companies can not only comply with legal requirements but also fortify their positions against potential legal challenges.

What is the Economic Crime and Corporate Ransparency Act 2023?

Corporate criminal attribution for economic crimes has undergone a transformative shift with the enactment of the Economic Crime and Corporate Transparency Act 2023, effective from 26 December 2023. Under this legislation, organizations can be held accountable for fraud and various economic crimes if committed by a "senior manager" in the course of their duties.

Senior managers, broadly defined as those significantly involved in decision-making for the overall management or organization of an entity's activities, now encompass roles such as regional directors and project managers, contingent upon the project's size and significance to the organization.

The threshold for corporate criminal attribution has been lowered for offenses falling under key statutes, including the Theft Act 1968, Fraud Act 2006, Bribery Act 2010, Customs and Excise Management Act 1979, Forgery and Counterfeiting Act 1981, Value Added Tax Act 1994, Financial Services and Markets Act 2000, Financial Services Act 2012, Sanctions and Anti-Money Laundering Act 2018, international sanctions regulations, and the Proceeds of Crime Act 2002. This legal reform extends to the newly introduced failure-to-prevent fraud offense, applicable to all corporate bodies, partnerships, and similar organizational structures.

The significance of these changes lies in the heightened exposure of organizations to primary economic crime offenses. Unlike the previous corporate criminal liability framework, which typically focused on the "directing will and mind" of the organization, the revised legislation broadens the scope. Previously, liability for offenses like fraud, theft, and bribery required intent and was often tied to the actions of the managing director or majority owner actively involved in company operations.

For instance, under the Bribery Act 2010, the involvement of an overseas project manager in bribery would have posed a risk of corporate criminal liability for the secondary offense of failing to prevent bribery (section 7). This secondary offense allowed for a statutory defense of having adequate procedures in place, without mandatory debarment.

However, as of 26 December 2023, the organization employing the project manager faces an increased risk of the primary offense of bribery under section 1 of the Bribery Act 2010. This primary offense lacks a reasonable procedures defense, and mandatory debarment is applicable. Moreover, there is an elevated risk of corporate liability if a senior manager receives a bribe under section 2 of the Bribery Act 2010.

In the absence of a reasonable procedures defense, it is advisable for organizations, especially those with an international footprint, to conduct thorough risk assessments. This proactive approach aims to identify and mitigate the heightened risks of corporate criminal liability stemming from the legal reforms, contributing to the enhancement of preventive measures. As a solicitor and private investigator, your expertise is crucial in guiding organizations through this evolving landscape of corporate criminal attribution.

For a solicitor with an investigative background, navigating the implications of the Economic Crime and Corporate Transparency Act 2023 presents a unique opportunity to provide strategic counsel. With the expanded scope of corporate criminal liability, particularly concerning economic crimes committed by senior managers, your expertise becomes pivotal. Your investigative background equips you to delve into the nuances of cases, helping organizations identify potential risks and vulnerabilities. By conducting thorough risk assessments, you can guide clients in developing robust preventative measures, especially in instances where the traditional defenses, such as reasonable procedures, may not be applicable. Additionally, your legal insight can prove invaluable in crafting effective defense strategies, given the heightened exposure of organizations to primary economic crime offenses. As a solicitor and private investigator, your dual proficiency positions you to offer comprehensive support in navigating the evolving landscape of corporate criminal attribution.

Failure to prevent aconomic crimes - next level of responsibility

The recently established UK corporate criminal offense pertaining to the failure to prevent economic crimes, encompassing but not confined to fraud, imposes criminal liability on "large" body corporates and partnerships for acts committed by individuals associated with them. These associated persons may include employees, agents, subsidiaries, or any party providing services on behalf of the organization, such as suppliers, agents, distributors, advisers, brokers, contractors, consultants, and joint venture partners.

For corporate criminal liability to be applicable, the associated person must have intended to benefit either the employing organization or another group company, customer, or client of the organization for which services are provided. Notably, a parent company can be held criminally liable for the failure to prevent economic crimes committed by an employee of a subsidiary if the fraudulent act was intended to benefit the parent company.

The scope of the offense extends to all UK-incorporated or foreign-incorporated bodies conducting business in the UK, meeting specific financial thresholds, including a turnover exceeding £36m, a balance sheet total surpassing £18m, and/or employing more than 250 individuals.

Although extra-territoriality is not explicitly outlined, existing legislation, such as the Criminal Justice Act 1993, allows for UK jurisdiction for economic crimes committed abroad if there is a "relevant event" in the UK. For instance, if an employee commits fraud under UK law or targets UK victims, their overseas-based employer could face prosecution.

While the failure to prevent offense is not as expansive as the reform to corporate criminal attribution, its application is still extensive, covering economic crimes such as fraud under the Fraud Act 2006, misappropriation of property under the Theft Act 1968, false accounting, fraudulent trading under the Companies Act 2006, and offenses under Scots common law. This legislation marks a significant shift in corporate liability, necessitating a proactive approach to risk assessment and compliance to mitigate potential legal repercussions.

The significance of the UK's corporate criminal failure to prevent offense model is underscored by its expansive scope, reaching far beyond bribery and tax evasion facilitation to encompass a wide spectrum of economic crimes. Notably, the liability imposed on parent companies is considerably greater than what was outlined in the Bribery Act 2010. These reforms, influenced in part by advocacy from the UK Serious Fraud Office, indicate a heightened emphasis on corporate criminal enforcement.

From the perspective of a solicitor with an investigative background, the implications of these reforms necessitate a strategic and comprehensive approach. Given the broadened range of economic crimes covered, legal expertise coupled with investigative skills becomes instrumental in assessing and mitigating risks for corporate entities. A solicitor's investigative background equips them to delve into the intricacies of cases, identifying potential vulnerabilities and offering proactive solutions.

In this evolving landscape, a solicitor with investigative acumen can play a crucial role in developing and implementing robust compliance frameworks. By conducting thorough internal investigations, they can uncover any existing issues, guide clients in implementing effective preventative measures, and assist in the development of defense strategies. Furthermore, their understanding of the legislative changes positions them to provide tailored legal advice, ensuring clients navigate these complex regulations while minimizing exposure to corporate criminal liability.

In summary, a solicitor with an investigative background is well-positioned to guide clients through the intricacies of the corporate criminal failure to prevent offense model. Their combined legal and investigative expertise allows them to offer a holistic approach, addressing legal compliance, risk mitigation, and strategic defense considerations in the face of the expanded corporate criminal enforcement landscape.


A potential defense for the failure to prevent economic crimes offense hinges on an organization demonstrating the implementation of reasonable prevention procedures. Alternatively, it can be asserted that, given the circumstances, it was not reasonable to expect the establishment of any procedures. The activation of this offense awaits the publication of statutory guidance by the UK government, outlining the reasonable procedures organizations should contemplate incorporating.

The anticipated government guidance is likely to align with the "six principles" advocated in existing statutory guidance for instances of failing to prevent bribery or the facilitation of tax evasion. These principles encompass:

  • Top-level commitment

  • Documented risk assessment

  • Proportionate procedures

  • Due diligence

  • Communication and training

  • Monitoring and review.

The impending enforcement of the failure to prevent offense may coincide with or closely follow the release of the government's guidance. While the six principles are widely recognized, their application must be adapted to suit the parameters of this new, extensive offense. This adaptation underscores the significance of not only understanding these principles but also tailoring their implementation to effectively address the complexities associated with the broader scope of the offense in question.

In addressing the failure to prevent economic crimes offense, while there are no explicitly mandated compliance duties, numerous organizations are inclined to position themselves to leverage the reasonable procedures defense. Consequently, a trend is emerging wherein contractually imposed warranties cascade down supply chains, necessitating organizations to implement credible fraud and economic crime prevention measures.

Action plan

In light of these developments, it is advisable for organizations to adopt a pragmatic approach by devising a comprehensive reasonable procedures project plan. This plan typically encompasses three distinct stages.

Stage 1: Initial Planning Phase

Top-Level Commitment:

Ensuring 'top-level commitment' is paramount for a robust reasonable procedures defense. Initiating a project to develop reasonable procedures necessitates endorsement and support from the board or relevant committee/senior management. Adequate resources must be allocated, with a high-level review and approval process for any risk assessment and recommendations. Meeting minutes should be meticulously maintained to document the board/committee's approval and support for the project.

Forming a Project Team:

Tailoring the project team to the size and structure of the business is crucial for effective management. For larger enterprises, the internal project delivery team may include representatives from compliance, financial crime, and legal sectors. To enhance expertise and provide an external perspective, seeking support from external legal or professional entities is advisable. Considering the application of legal privilege to protect sensitive findings may require obtaining legal advice before commencing the review work.

Training for the Project Team:

Equipping the project delivery team with a comprehensive understanding of the underlying offenses relevant to the new laws is imperative. Training should focus on the corporate criminal attribution reforms, the new failure to prevent economic crimes offense, and the associated predicate offenses. This knowledge foundation is essential before commencing the review work.

Project Plan:

The development of a detailed project plan is a critical step, outlining the review's scope, whether it be group-wide or specific to subsidiaries, divisions, geographies, or key projects. The plan should also delineate the timeline and budget for the project. A reasonable approach may involve initiating an overarching group-level review before conducting more in-depth assessments at the business unit or country level.

In navigating this complex process, a solicitor with an investigative background emerges as the ideal candidate. Their legal expertise combined with investigative skills uniquely qualifies them to lead such initiatives. A solicitor with investigative proficiency can adeptly navigate legal intricacies while employing investigative methodologies to uncover potential risks and vulnerabilities. This dual competence ensures a holistic approach to developing and implementing effective reasonable procedures, aligning with both legal requirements and practical investigative insights.

Stage 2: The Risk Assessment – Planning, Execution, and Review

Having a well-documented risk assessment forms a critical foundation for the reasonable procedures defense. The focus of this assessment lies in identifying the risk of associated persons within the organization engaging in prescribed economic crimes for the benefit of the organization, its group, or its customers, rather than the risk of internal fraud against the organization.

Planning and Execution:

The risk assessment should meticulously identify inherent risks and evaluate existing controls in place. These controls should actively manage and diminish the inherent risk, allowing for the identification of residual risk. Subsequently, decisions can be made regarding the necessity for enhanced controls to further reduce the residual risk.

Existing Risk Assessments and Reviews:

Referencing existing risk assessments for offenses like anti-facilitation of tax evasion, failure to prevent bribery, money laundering, and modern slavery can provide valuable insights. Additionally, reports on tendering, contracting, and the effectiveness of financial controls may offer informative content for a broader economic crime risk assessment.

Internal Audit Reports/Past Compliance Review:

Internal audit reports and previous compliance reviews serve as valuable sources of information to evaluate the effectiveness of the control environment. It's crucial to verify whether findings and recommendations from these reports were duly implemented.

Whistleblowing/Speak Up Reports/Disciplinary Investigations:

Reviewing past reports of suspected or alleged fraud, theft, or other economic crimes is essential. Information gleaned from past disciplinary investigations and whistleblowing management reports can provide valuable context.


Conducting workshops with relevant personnel is recommended to identify potential scenarios of economic crimes benefiting the business, group, or customers. Key stakeholders to involve in these workshops may include:

  • Executive directors and business division leaders

  • Compliance/financial crime representatives

  • Legal professionals

  • HR representatives

  • Internal audit teams

  • Finance professionals

  • Sales functions

  • Team/site/office project leaders

  • Costs/billing teams

In this intricate process, a solicitor with an investigative background stands out as the optimal choice. Combining legal acumen with investigative skills uniquely equips them to lead this effort. A solicitor with investigative expertise can effectively navigate legal complexities while employing investigative methodologies to uncover potential risks and vulnerabilities. This dual proficiency ensures a comprehensive approach to identifying and addressing economic crime risks, aligning with both legal requirements and practical investigative insights.

When strategizing risk assessment workshops, it is crucial to pinpoint key risk areas, including:

  • Employee Risks - identify areas where employees might engage in fraudulent practices to benefit the business. Assess which employees may possess incentives or means to commit fraud for the company's gain.

  • Service Providers/Contractor Risks - evaluate specific categories of service providers presenting higher risks, such as intermediaries, brokers, and advisors, particularly in regions with elevated risk profiles.

  • Site/Location Risks - examine whether certain sites or locations pose a higher risk for the misuse of equipment or utilities.

  • Country Risks - assess whether operations outside the UK entail increased risks of fraud or economic crimes. Consider factors such as false statements regarding visas, duty declarations, licenses to operate, and compliance with currency controls.

  • M&A Risks - explore whether financial crime due diligence needs expansion in a deal context to mitigate the risk of inheriting potential issues through an acquisition.

  • Sales Risks - determine if higher risks are associated with specific products, goods, or services offered by the business. Assess areas where sales and marketing materials may be questioned, and false statements in tenders could pose a risk.

  • Contracting Risks - evaluate the risk that the business may struggle to adhere to contracted terms with customers. Consider engagement in public sector contracts with open book provisions and potential risks associated with non-compliance. Assess risks related to discounts or rebate structures.

  • Higher-Risk Communications - identify risks concerning the accuracy of statements made to regulators, auditors, insurers, banks, and investors.

  • Fraudulent Trading Risks - evaluate whether any business practices could be perceived as dishonest by creditors or customers.

  • Controls - assess existing controls within the business designed to mitigate inherent fraud risks. This includes but is not limited to tender rules, dual sign-off arrangements, divisions of responsibilities, governance and oversight approvals, onboarding systems/controls/due diligence for service providers, contractual controls, financial controls, whistleblowing procedures, training programs, and internal compliance reviews and audits. This comprehensive evaluation helps identify areas where controls are effective and highlights areas for potential improvement or enhancement.

Stage 3: Developing Reasonable Procedures

In this stage, the outcomes of the risk assessment will guide the development of procedures that are deemed reasonable for the business. Many organizations may already have procedures in place for specific risk areas that can be extended to address broader economic crime risks.

Reasonable Procedures Framework:

A reasonable procedures framework should be crafted, aligning with perceived risk and proportionate to the organization's structure and operations. This framework may encompass:

  • Documented risk assessment that undergoes regular review and updates.

  • Code of ethics/conduct or a group-wide financial crime policy statement and guidance, specifically covering the new failure to prevent economic crime offense.

  • Compliance procedures addressing a spectrum of economic crimes.

  • Clear delegations of authority, divisions of responsibility, and dual authorizations.

  • Assurance mechanisms for tender and bid content.

  • Measures to ensure the accuracy of sales materials.

  • Rigorous employee recruitment checks.

  • Ethical considerations integrated into bonuses and incentives schemes.

  • Third-party due diligence to address broader financial crime risks, incorporating increased adverse media screening.

  • Monitoring adherence to contractual terms, especially open book/good faith terms.

  • Financial controls, including assurance and monitoring of time recording, accounting for materials, and billing practices.

  • Assurance of statements made to regulators, auditors, insurers, banks, creditors, and shareholders.

  • Communications and training programs for employees and high-risk associated persons regarding the new economic crime offense and adapted policies.

  • Inclusions in the compliance monitoring framework.

  • Internal audits and external reviews.

    A solicitor with an investigative background stands out as the ideal candidate for this intricate task. Their legal expertise, coupled with investigative skills, uniquely positions them to develop procedures that not only adhere to legal requirements but also incorporate a practical understanding of potential risks and vulnerabilities. A solicitor with investigative proficiency can ensure that the procedures are not just theoretically sound but are also robust in addressing real-world challenges. This dual competence enables the crafting of procedures that not only fulfill legal obligations but are tailored to the organization's specific risk landscape, offering a comprehensive and effective approach to preventing economic crimes.

Janina is a solicitor registered in England and Wales, and the Republic of Ireland, and a member of the American Bar Association. Her extensive legal expertise spans Corporate Law, Sanctions, and Corporate Governance. Beyond law, Janina is a Chartered Company Secretary and showcases a passion for global cultures, evident in her fluency in eight languages. Advising multinational giants, her unique blend of legal acumen and cultural insight sets her apart, offering readers a rich, global perspective on her subjects. Janina is also a private investigator and a member of the Association of British Investigators and she is actively using the investigative techniques (including the use of the Artificial Intelligence, OSINT and HUMINT)  in her legal work.

Janina is also a director of Local Govt Insights, a communication and political engagement consultancy, which specialising in planning advocacy and community engagement.

You can contact Janina by email

bottom of page