The Economic Crime and Corporate Transparency Act 2023 (the “Act”) received Royal Assent on 26 October 2023, having received its first reading in Parliament over a year ago and more recently having been the object of a series of “ping pong” amendments and counter amendments between the House of Lords and the Government in the House of Commons. The Act will introduce major reforms in a number of corporate-related areas, as well as addressing certain other economic crime-related issues, as mentioned below.

The Department of Business and Trade have produced various Fact Sheets which helpfully summarise and explain most of the Act's provisions and purposes. The following summary of certain - but by no means all - of the Act's reforms is based on some of those materials and is primarily focused on those that will be of interest to companies. Look out for our more detailed briefings on specific reforms as further details of those become available in regulations to be made under the Act and in further announcements by Companies House.

Companies House have also published a useful blog post about the changes that the Act will bring about in relation to their powers, procedures and filing requirements, etc.

Commencement

Most of the “reforming” provisions of the Act will be brought into force by commencement regulations and although the corporate criminal liability identification provisions (see “Further economic crime reforms impacting companies” below) will take effect on 26 December 2023. Some provisions will require more substantive secondary legislation. As the Companies House blog says, it will need to update its IT systems – for which it has been allocated additional funding by the Government -before it will be in a position to start to exercise the Registrar's new powers and its expanded role, although some new powers are expected to come into force in early 2024.

Companies House and filings reform

The Act introduces the biggest “shake up” in the 180 year history of Companies House with reforms designed to expand substantially the role of Companies House well beyond that of a simple registry receiving company filings and to improve transparency over UK companies and other legal entities (in particular limited partnerships).

Notable reforms include the following.

Identity verification

This will be required for all new and also existing registered company directors, People with Significant Control, and all those delivering documents to the Registrar (e.g., on behalf of companies). Verification in respect of the relevant individuals making the filing or in respect of whom a filing is being made, will be available on a direct basis and indirect basis (via an “authorised corporate service providers” - see below). In Part 3C of its Corporate Transparency and Register Reform White Paper published in February 2022, the Government provided more detail of how this identity verification process might work. The hope is that verification will only take 15 minutes or so involving, in the case of direct verification, the director (say) creating an account with Companies House and providing a photo of their face and an identifying document (e.g., passport or driving licence) for comparison and matching by Companies House technology. Once verified, the relevant user will have access to all Companies House services, across all companies for which they are authorised to act and will not - absent any subsequent suspicions with respect to this verification being raised within Companies House - need to reverify their identity each time they make another filing.

Alternatively, verification may be carried out indirectly via an authorised corporate service provider (ACSP). These will typically be company formation agents, accountants or even lawyers who provide a third party service of filing documents with the Registrar on behalf of their corporate clients. ACSPs will need to be authorised by Companies House to provide this indirect verification service on behalf of their clients and registered with an anti-money laundering supervisory authority under which they will already be required to carry out customer due diligence checks.

Companies House intends to make available alternative methods of verification for those unable to use the digital method. No identity verification will be required for a company's secretary. An exemption from verification for a particular director will be available from the Secretary of State in the interests of national security or for the purposes of detecting or preventing serious crime.

The Act provides that a director whose identity has not been verified (or where notice has not been given to the Registrar of the appointment of the director) may not act as a director and that an offence will be committed by the director and company if this restriction is breached but that this will not in any way affect the validity of the director's actions.

The Act's changes as regards companies will also be applied, where relevant, to limited liability partnerships (LLPs). In particular, all members (and any PSCs) of a LLP will have to have their identity verified. Much bigger changes are being made by the Act in respect of limited partnerships (which are not the same as LLPs); see “Limited Partnerships” below for details of these.

Filing documents with Companies House

The Act introduces restrictions on who can make filings with Companies House. An individual will not be able to file documents on their own behalf unless their identity has been verified and the filing includes confirmation of that. Neither can they file documents on behalf of another unless their prescribed status in relation that other person is confirmed (e.g., they are an officer or employee of the relevant company), they are delivering the document on behalf of the other and, as applicable, the other's identity is verified.

New powers for the registar

The Act will empower the Registrar to become a more active gatekeeper over company formation and a custodian of more reliable data. Companies House will have new powers to check, remove or reject information submitted to, or already on, a company's register, as well as powers to query information filed, by requiring additional information. The relevant Factsheet says that the Registrar will use this querying power “sparingly”, e.g., where, as a result of other information available to it, there is a concern about the integrity of data on a company's register.

New statutory objectives for the Registrar

These new powers will be underpinned by four new objectives that the Act will give the Registrar:

• ensuring that all information required to be delivered to the Registrar is "properly" delivered
• that all such information is accurate and complete
• that the Registrar's records do not create a false or misleading impression
• preventing companies and others from carrying out themselves (or helping others to carry out) unlawful activities.

Sharing of information - by the Registrar and others

The Act will broaden the powers of Companies House to proactively share information with (as well as to receive information from) law enforcement, regulatory and other public bodies, for the purposes of the Registrar's (or the relevant body's) functions. In addition, any person will be permitted to disclose information to, and to receive information from, the Registrar for purposes of the exercise of the Registrar's functions, free from any restraints of confidentiality but still subject to data protection requirements.

The Act will also facilitate information sharing between certain “regulated” businesses in relation to customers where the discloser is satisfied that this may assist the recipient in, for example, carrying out customer due diligence to prevent or detect economic crime, etc.

Company names

The Registrar's powers to challenge registered company names are being expanded to cover cases where the name: (i) could be used to facilitate certain crimes, (ii) suggests a false connection with a foreign government or international organisation, or (iii) which contains computer code. These new powers and the Registrar's new “querying power” (see above) will not replace the functions of the Company Names Tribunal in cases of “goodwill” and related disputes over registered company names.

“Appropriate” Registered office and email addresses

The Act will require companies to register “appropriate” registered office address and, for the first time, an email address. This email address will be private and available for use by the Registrar for communicating with the company. “Appropriate” for these purposes will mean an address at which “in the ordinary course of events” a document or email sent to that address would be “expected to come to the attention of a person acting on behalf of the company”.

Accounts for small and micro companies

The current regime for filing of accounts by companies qualifying under the Companies Act 2006 (the “2006 Act”) small companies or micro-entities regimes will be modified so that the option for filing abridged accounts will be removed and small companies and micro-entities will be required to file profit and loss accounts. In addition, companies relying on an audit exemption will have to state the particular exemption they qualify for.

Transparency

The Act will make a number of changes to improve corporate transparency in relation to, among other things, shareholder names and PSC (persons with significant control) and certain beneficial ownership disclosures, etc. Companies will have to enter in their register of members the full name of a shareholder (and not just an initial and surname) and, when the relevant provisions come into force, a full list of shareholder names in their next confirmation statement. In addition, a one-off shareholder list will need to be filed by private companies, and also by “traded” companies with shareholders holding at least 5% of issued shares of any class. As currently, this will have to be updated to reflect any changes when the company's annual confirmation statement is filed.

During the bill's passage through Parliament amendments were proposed that would have extended the new identity verification regime to shareholders. These were rejected by the Government on costs grounds and do not appear in the Act.

Companies that wish to rely on an exemption from providing PSC information will have to disclose the relevant basis for this - e.g., if they are listed and information about their shareholder base is available publicly, they will have to disclose the market on which they are listed and where information about their shareholders can be found. Where their PSC is disclosed as being a RLE (a relevant legal entity, i.e., a corporate entity which, if it had been an individual would have qualified as a PSC) instead of an individual, the conditions satisfied that allow this will need to be disclosed, including, if the RLE is listed, the market on which it is listed.

Discrepancy reporting

Under the Act the Secretary of State may make regulations requiring businesses to obtain certain information about their customers, identify any discrepancies between that information and information publicly available from the Registrar and to report discrepancies to the Registrar.

Local registers and the central register

The Act will remove the requirements for companies to maintain their own ("local") directors, secretary and PSC registers and also remove the option for private companies to keep shareholder information on the Registrar's “central register”, requiring those companies instead to keep that information on their own “local" register of members.

Protection of information provided to the Registrar from abuse

The Act contains a number of provisions designed to provide individuals and others protection from misuse or abuse of information provided by them to, or held in respect of them by, the Registrar. In some cases these expand on existing protections in the 2006 Act. So, for example, the company's email address (as mentioned above) provided to the Registrar for communications (as well as certain other information) will be added to the list of materials under the 2006 Act that are not available for public inspection. The currently limited cases (i.e., addresses) in which an individual can apply for the suppression of personal information about them will be expanded to any prescribed information by regulations to be made by the Secretary of State. Regulations may also be made providing for a company, on application, to be required to refrain from using or disclosing “individual membership information” except in specified circumstances.

Ban on corporate directors

In 2015, the 2006 Act was amended to require all directors to be natural persons but that provision has not yet been brought into effect. In 2020 the Government consulted on introducing the ban with a “principles” based set of exceptions where corporate directors would be permitted. In section 6 of its Factsheet dealing with ACSPs, the Government has said that it intends to implement the ban with regulations made under the 2006 Act in parallel with the Act coming into force. Only corporate directors with legal personality will be permitted under the exceptions and all the directors of those permitted corporate directors will have to be natural persons whose identity has been verified. Companies with existing corporate directors will have 12 months in which to comply with the regulations (when they have been made - none have been published yet).

Further economic crime reforms impacting companies

Failure to prevent fraud offence

During the bill’s passage, the Government inserted into the bill a new offence to hold organisations to account if they profit from fraud committed by their employees, agents or subsidiary undertakings, etc. Under the new offence, “large” UK or non-UK companies or partnerships (i.e., for companies, “large” for the purposes of the accounts regulations) will be liable where a specified fraud offence – largely drawn from the 2006 Fraud Act but also including fraudulent trading and false accounting - is committed by an employee or agent, etc., for the organisation’s benefit, and the organisation did not have reasonable fraud prevention procedures in place (i.e., in this respect similar to the Bribery Act 2010 offence for which there is a defence if the organisation had in place “adequate procedures" to prevent bribery). As with the Bribery Act, the Secretary of State will have to issue guidance about the sorts of procedures that could be put in place to prevent fraud.

Corporate criminal liability: the identification doctrine

The Government has also included in the Act a reform of the identification doctrine in relation to corporate criminal liability for economic crimes. This is intended to make it easier for corporate liability to be attributed to a company in respect of economic crimes committed by its “senior managers”, without having to grapple with the legal issues involved in identifying who are the “directing minds” of the company. “Senior managers” will encompass individuals who have a significant role in deciding how the organisation's activities are managed (similar to the definition used in the Corporate Homicide Act 2007). Although the Act only applies this corporate identification principle to a prescribed list of economic crimes, in the relevant Factsheet the Government indicates its intention in due course to extend the principle to all criminal offences.

Limited Partnerships

The Act also introduces some major reforms and updates to the regulation of limited partnerships (LPs) (as distinguished from limited liability partnerships (LLPs)). The updates are intended both to address concerns about the ease with which certain LPs (including Scottish LPs which, unlike English LPs, have corporate personality) have been used to facilitate fraud and to modernise legislation that has not been updated in any substantive way for over 100 years. The reforms will apply to existing LPs, as well as newly registered LPs, and so require appropriate filings, etc. to be made by those LPs (subject to a transitional period of six months from the relevant reforms taking effect). Where the necessary filings, etc., are not made by existing LPs, they will face potential dissolution by the Registrar.

The Act will require much more information to be filed with the Registrar with respect to the LP and its partners than is currently the case. Many of the new (and some existing) requirements for companies will also apply to LPs. For example:

• identity verification will be required for partners (including officers of a corporate general partner)
• LPs will have to maintain an “appropriate” registered office and email address. Not only must the registered office be an address at which in the ordinary course of events a document addressed to the LP would be expected to come to the attention of someone acting on behalf of the LP but, to address the concern about LPs after registration in the UK ceasing to have any other connection with the UK, the address (which must be in the part of the United Kingdom in which the LP is registered) must also satisfy other conditions - e.g., being the principal place of business of the LP or the usual residential address of a general partner that is an individual or the registered or principal office of a general partner that is a legal entity or the address of an ACSP acting for the LP
• documents in relation to the registration of, or changes to, the LP will only be capable of being delivered to the Registrar by an ACSP
• annual confirmation statements with respect to information about the LP (and changes to it) filed with the Registrar, will be required.

Regulations may also be made requiring LPs to prepare accounts which on request must be made available to HMRC. Significantly as regards future changes to LP regulation, regulations may also be made extending company law requirements under the 2006 Act to LPs. Important changes are also being made in relation to the dissolution of LPs - e.g., the LP will be dissolved if it ceases to have a general partner or limited partner and the Secretary of State will be able to petition for the winding up of a LP on grounds of public interest.

Other non-corporate focused reforms

The Act also covers some issues that are not specifically corporate-related, including: Cryptoassets - providing additional powers to law enforcement agencies so they are able to more quickly and easily seize and recover cryptoassets which are the proceeds of crime or associated with illicit activity such as money laundering, fraud and ransomware attacks; Strengthening anti-money laundering powers – by enabling better information sharing about suspected money laundering, fraud and other economic crimes; and Strategic Lawsuits Against Public Participation (SLAPPs) which feature economic crimes - providing defendants with greater protection when faced with SLAPPs. This reform includes an early dismissal mechanism and a new cost protection regime for defendants, as well as defining a SLAPP in legislation for the first time.

Next steps

Further detail about some of these key changes and the steps that existing companies and LPs will need to prepare to take, particularly as regards their existing registration with the Registrar, will be available once the relevant regulations under the Act are published and guidance is published, whether by the Secretary of State or by Companies House. Watch out further briefings from Shearman & Sterling on these topics.

[View source.]