The ECCTA: What HR teams really need to know

zinc logo icon
Maria Kampen
April 30, 2025
Updated on:

Exciting news! The government is adding to the acronym soup of legislations governing financial institutions. 

You’ve heard of the FCA, the SMCR, BS7858, and more, but now the Economic Crime and Corporate Transparency Act (ECCTA) is here, and it’s bringing big changes that HR and compliance teams can’t ignore. 

The ECCTA is the latest and greatest bit of legislation dictating how UK businesses must combat fraud and financial crime. And background checks are a big part of staying compliant. 

The headline-grabbing piece is, of course, the new “failure to prevent fraud” law that takes effect on 1st September 2025 — a corporate offence designed to hold companies, and senior leaders, accountable if they turn a blind eye to fraud from employees or associates. 

If you’re working in HR or compliance, this means you need to get prepared. We’re here to help. Instead of swimming in acronyms, we’ve done the research so you’ll know:

  • How the ECCTA and “failure to prevent fraud” will affect you
  • What’s driving these economic reforms
  • Why background checks are so important for compliances
  • Common roadblocks to implementation
  • Best practices for compliance

Let’s dive in. 

Why do we need the ECCTA, anyway?

Fraud makes up 40% of all crime in England and Wales.

Despite what the news would have you believe, fraud is the the most common offence in the UK and makes up 40% of all crime in England and Wales. This means a staggering loss for businesses: one report suggests that the private sector loses £157.8 billion to fraud every year, contributing to a £219 billion cost each year to the UK economy when you include public and individual losses. 

Whether or not your company is affected, there’s an inevitable impact on UK businesses as a whole. According to a 2024 survey from Cifas, 58% of decision-makers in large UK firms see fraud and financial crime as a serious threat.

And they weren’t wrong to be worried — 2023 was the second-biggest year for scams in two decades, and the value of reported fraud cases doubled to £2.3 billion.

The collapse of Patisserie Valerie in 2018 exposed a £94 million internal fraud scheme, all orchestrated by senior management.

The thing that could’ve prevented it? Better oversight, robust internal controls, and a better whistleblowing system. 

The bottom line is that economic crime is a big deal, and businesses often bear the consequences. In response, the ECCTA is here.

In the same spirit as previous laws targeting bribery and tax evasion, the ECCTA is intended to drive a culture shift and make fraud prevention a priority instead of an afterthought. While the ECCTA only applies to large organisations, it’s considered best practices for all FCA-regulated organisations, regardless of their size. 

The ECCTA at a glance: What companies need to know

If you remember nothing else from this article, remember the two goals of the ECCTA: enhancing corporate transparency and bolstering corporate liability for economic crimes. 

Failure to comply doesn’t just mean penalties at the company level. Under the ECCTA, senior leaders can be held liable if it’s found that they didn’t put effective measures in place. 

Here’s what it means in practice:

1. Identity verification requirements

If your onboarding process doesn’t already include identity verification, it’s time to start. 

To comply with the ECCTA, all new directors must now verify their identity with Companies House before their appointment can be registered, and new Persons of Significant Control (aka major owners) must verify within 14 days. 

If you’ve already got existing company directors and beneficial owners, they have a transition period to complete identity checks — but non-compliance can result in criminal fines.

Work closely with company secretaries or compliance teams to make sure that any new directors or board appointees complete the required ID verification. 

This is a big change: before ECCTA, you didn’t have to verify identity and fake identities could slip through, leading to fraud and money laundering. Now, identity checks are a legal obligation, the same as right to work (RTW) checks. 

2. “Failure to prevent fraud” as a corporate offence

The new “failure to prevent fraud” legislation holds your organisation liable if an employee at your company commits fraud for the organisation’s benefit and you didn’t have “reasonable” fraud prevention procedures in place.

This means not only can your company be prosecuted for not stopping fraud, but also for simply not doing enough to stop fraud. 

The only defence is to be able to show that you have ‘reasonable procedures’ in place to prevent fraud. What are those reasonable procedures? We’ll get to them in a sec. 

3. Expanded corporate liability

The fun doesn’t stop with the failure to prevent fraud provision, though. The ECCTA broadens the scope for companies to be directly criminally liable when senior staff commit economic crimes. 

Instead of being limited to top executives and board members, a company can now be guilty of certain offences (fraud, false accounting, bribery, money laundering, you name it) if committed by a “senior manager,” or someone who has a significant role in managing part of all of a company's activities. 

In other words, if a CFO or other senior manager engages in fraud, the company itself can now more easily be prosecuted for that fraud, not only for failing to prevent it. 

Naturally, the UK Serious Fraud Office (SFO) is quite excited about this change. They’ve called it “the most significant boost to [our] ability to investigate and prosecute serious economic crimes in over 10 years.” 

This makes it more important than ever to run thorough checks on candidates for high-level roles — if you miss something, the entire company could suffer. 

What HR teams need to do to stay compliant

If you work for an FCA-regulated organisation, you already understand the importance of thorough background checks. But under the ECCTA, HR teams will have to get even more thorough — starting with better background checks. 

Remember, under the ECCTA companies are responsible for:

  1. Failing to prevent fraud
  2. Certain criminal behaviour (fraud, money laundering, etc) from senior managers

Whether you’re using AI tools for HR compliance or running things in-house, you need to stay up to date. 

Psst — want a compliance-focused breakdown? Check it out here. 

Background checks for key personnel

Better background checks is the first recommendation from the UK government on ECCTA compliance.

Thorough background checks are the best way to avoid hiring someone who opens the company up to legal liability. In fact, the first recommendation from the government guidance is to focus on pre-employment checks and regular re-checking for existing employees. 

Under the ECCTA, it’s important to review and strengthen pre-employment background checks for roles that involve financial authority or access to sensitive assets. 

This can include, but not necessarily be limited to:

  • Criminal record checks
  • Employment and qualification verification
  • Credit checks
  • Robust reference checks

The goal is to identify red flags before you hire someone. ECCTA raises the stakes: hiring an individual with a known history of dishonest conduct could be disastrous if something happens under your watch. 

Keep checking employees and contractors

Background checks don’t stop as soon as they’re on the payroll.

The ECCTA includes associated persons, which covers employees, agents, contractors, and subsidiaries. 

Continuous monitoring programs like re-checks or audits of third-party partners can help you stay on top of any risks. Be sure to keep up-to-date lists of approved contractors, do your due diligence on vendors, and build anti-fraud clauses into contracts with third parties. 

Onboard new directors carefully

As we covered in this post, it’s now mandatory to verify the identity of directors and beneficial owners. So if you’re involved in executive hiring or board appointments, you can’t skip this step.

Whether you’re using a government-approved digital identity framework (like Zinc!) or the Companies House online system, failure to verify within the required timeframe could block their appointment or even lead to fines. 

It’s also important to brief new directors on their duties under the ECCTA, and what your company is doing to meet requirements.

Build it into your company culture

It’s not an HR post if we’re not talking about company culture — but how your company thinks about compliance and fraud is vital to preventing it in the first place. 

Under the ECCTA, fostering an anti-fraud culture is vital. HR can lead the charge by ensuring regular fraud awareness training for all staff, from top executive to new joiners. Employees should understand:

  • What fraud it
  • How to spot warning signs
  • How to report their concerns

Setting up a confidential whistleblowing hotline or policy is crucial, as is encouraging employees to, you know, actually use it if there are issues. 

Conclusion: What the ECCTA means for HR teams

TL;DR? The ECCTA tightens the rules of who is running companies (through identity verification, intended to increase transparency) and how companies must behave (through new fraud liability and prevention duties).

The most important thing you can do as an HR or compliance team is to run thorough, comprehensive checks on all new employees that fall under the legislation. If you don’t, there could be big financial consequences. 

If you want help or advice on how to ensure your organisation stays compliant with new ECCTA legislation, get in touch with the Zinc team today.