persona-logo
Published May 17, 2024
Last updated January 12, 2026

A guide to the UK Economic Crime and Corporate Transparency Act (ECCTA)

ECCTA is a UK law designed to reduce economic crime. Here’s everything businesses need to know about complying with the law’s IDV and anti-fraud provisions.
Shana Vu
Shana Vu
8 mins
Key takeaways
Under the ECCTA, organizations with a presence in the UK must verify the identities of key people working for or on behalf of the organization, including directors, secretaries, and people with significant control (PSCs).
The law also creates a new criminal offence for organizations that fail to prevent certain types of economic fraud. 
Entities that buy, sell, or transfer land in the UK are required to register with the Register of Overseas Entities, creating greater transparency for the public, regulators, and law enforcement.

The Economic Crime and Corporate Transparency Act (ECCTA) is a sprawling piece of UK legislation passed with a goal of reducing economic crimes — including fraud and money laundering — by 10% compared to 2019 levels. While it was passed in October 2023, several of its provisions are currently in effect and the rest are being gradually implemented through 2025 and 2026. 

The ECCTA builds upon and reforms a number of laws that came before it, including the 2022 Economic Crime (Transparency and Enforcement) Act and the Proceeds of Crime Act 2002 (POCA), among others. It touches on everything from corporate fraud to cryptocurrency-related crimes, corporate transparency, and more. 

In this article, we’ll take a closer look at how the UK Economic Crime and Corporate Transparency Act helps evolve the UK’s KYC and KYB regimes. This includes new identity verification requirements for important persons working at or on behalf of corporations, a new criminal offence for corporations that fail to prevent certain types of fraud, and a new register requiring overseas entities to disclose their beneficial owners when buying, selling, or transferring property in the UK.

ECCTA and identity verification

The Economic Crime and Corporate Transparency Act makes significant changes to the UK government’s registry for companies, Companies House — including a new requirement for key individuals within an organization to verify their identities. 

Under the law, anyone who serves in any of the following roles for an organization registered with Companies House must verify their identity:

  • Directors

  • Equivalents of directors (such as managing officers and general partners)

  • People with significant control (PSCs)

  • Authorised Corporate Service Providers (ACSPs)

  • Company secretaries and others who file for a company

The good news? Once you’ve verified your identity once, you’ll most likely never need to do so again unless Companies House specifically notifies you to do so. 

When do the requirements go into effect?

It is expected that the ECCTA’s identity verification requirements will be in effect by fall 2025. At this point, any directors and PSCs for new incorporations must verify their identities with the Companies House at the point of incorporation. Existing companies will have a transitional period of 12 months to complete these requirements.  

Ways to verify your identity

As of April 2025, Companies House has provided three means of verifying your identity to comply with ECCTA:

  1. Online using the government’s One Login service

  2. In person at a post office

  3. Via an Authorised Corporate Service Provider (ACSP), also known as a Companies House authorized agent.

In most cases, to verify your identity, you need to provide an ID from the approved list:

  • Biometric passport from any country

  • UK photo driving licence (full or provisional)

  • UK biometric residence permit (BRP)

  • UK biometric residence card (BRC)

  • UK frontier worker permit (FWP)

In some instances, if you do not have one of these ID types but live in the UK, it may be possible to verify your identity using your bank details or building society details. 

Following verification, you will receive a Companies House personal code, which links your personal verification records to any official roles you hold.

Why it matters

Businesses operating in or expanding into the UK will need to make plans for complying with these identity verification requirements or face significant penalties, including potential fines, rejected incorporations and registrations, and even criminal action. 

Likewise, it’s important to note that some of the information used for identity verification will be made public. For businesses that perform identity verification on new customers or Know Your Business (KYB) verifications on new business partners, the registry may prove to be a valuable new data source. 

According to Companies House, the following information will be made public:

  • Directors: Name, nationality, occupation, month and year of birth date, service address (but not residential address)

  • Company secretaries: Name, nationality, occupation, service address (but not residential address)

  • People with significant control: Name, nationality, occupation, month and year of birth date, service address (but not residential address), company role

Free ebook
Get Persona's guide to global identity verification
Download now

ECCTA and “failure to prevent fraud”

Passage of the ECCTA also created a new criminal offence for corporations: failure to prevent fraud. This offence may be charged against businesses and organizations that fail to prevent certain types of fraud committed by “their employees, agents, subsidiaries, and other associated persons who provide services for or on behalf of the organisation.”

Who does the failure to prevent fraud offence apply to?

The offence is only applicable to “large organizations,” which are defined as meeting at least two of the following three criteria:

  • Has more than 250 employees

  • Sees more than 36 million pounds of turnover per fiscal year

  • Owns more than 18 million pounds in total assets

It also applies only to “incorporated bodies,” which include corporations, subsidiaries, partnerships, trusts, cooperatives, non-profit organizations, and other incorporated public bodies. It does not apply to unincorporated organizations.

What types of fraud are companies required to prevent?

The specific types of fraud that organizations are required to prevent under ECCTA are outlined in Schedule 13 of the law. These are known as base fraud offences, which originate from several related laws, including the Fraud Act of 2006, the Theft Act of 1968, the Companies Act of 2006, and the Common Law. Importantly, the base fraud offences vary depending on territory within the UK. 

Base fraud offences for England, Wales, and Northern Ireland:

  • Fraud by false representation

  • Fraud by failing to disclose information

  • Fraud by abuse of position

  • Participation in a fraudulent business

  • Obtaining services dishonestly

  • Cheating the public revenue

  • False accounting

  • False statements by company directors

  • Fraudulent trading

Base fraud offences for Scotland:

  • Fraudulent trading

  • Fraud

  • Uttering

  • Embezzlement

What are the six fraud prevention principles?

Organizations can avoid being prosecuted for failure to prevent fraud if they’ve implemented reasonable fraud prevention procedures. According to the Home Office, these procedures should be informed by six key principles:

  • Top-level commitment: Leadership must take responsibility for preventing and detecting fraud.

  • Risk assessment: Regularly assess the risk that employees and associated persons may be engaging in fraud and document findings. 

  • Proportionate risk-based fraud prevention procedures: Alignf raud prevention measures with the level of risk identified in assessments.

  • Due diligence: Conduct due diligence on employees and associated persons in a risk-based manner.

  • Communication: Clearly communicate fraud prevention measures through both internal and external communications, including training. 

  • Monitoring and review: Regularly monitors effectiveness of fraud prevention measures and takes steps to improve procedures as necessary.

Why it matters

Organizations can be held liable for failure to prevent fraud even in instances where their leadership is unaware of the fraudulent activity taking place. So long as the organization’s employees or associated persons are engaging in fraudulent activities with the intent to benefit the organization, criminal liability may exist. 

With this in mind, organizations subject to the law should consider implementing comprehensive Know Your Business (KYB) and Know Your Employee (KYE) processes, which assess potential business partners and employees (new and current) for fraud risk. 

ECCTA and the Register of Overseas Entities

The Economic Crime (Transparency and Enforcement) Act of 2022 created a new Register of Overseas Entities overseen by Companies House. Under the law, any overseas entity that wants to purchase, sell, or otherwise transfer property or land in the UK is required to register their ultimate beneficial owners (UBOs) and managing officers. 

The Register went into effect on August 1, 2022 and existing overseas entities had until January 31, 2023 to register. New entities are allowed to register on an ongoing basis.

What information must be submitted to the Register of Overseas Entities?

When registering a UBO or managing officer, overseas entities are required to submit a wide range of information, including information about:

  • The entity itself: Its name, the country it was formed in, registered office address, address for correspondence, email address, and public registration numbers

  • UK-regulated agent information: Name, address for correspondence, email address, supervisory body, Anti-Money Laundering (AML) number, date that verification checks were completed, and agent assurance code

  • Beneficial owner (person): Name, date of birth, nationality, home address, address for correspondence, date they became a beneficial owner, nature of their control, whether they are on the UK Sanctions List

  • Beneficial owner (other entity): Name, registered office address, address for correspondence, public registration numbers, date it became a beneficial owner, nature of their control, whether it is on the UK Sanctions List

  • Managing officer (individual): Name, date of birth, nationality, home address, address for correspondence, occupation, roles and responsibilities in relation to the entity

  • Managing officer (corporation): Name, registered office address, address for correspondence, public registration numbers, roles and responsibilities in relation to the entity

Why it matters

Overseas entities that buy, sell, or transfer land in the UK are required to register with the Register for Overseas Entities. Failure to register can result in significant legal repercussions. 

Because the Register is a public database, it can be queried. This means if your business conducts KYB checks before engaging with new business customers or partners,  the Register may be an excellent source of relevant data to add to your arsenal.

While Companies House does not specify what information the register will contain, it does state that “most of the information given to Companies House about overseas entities, beneficial owners, and managing officers will be publicly available on the Register of Overseas Entities.” 

Some of the information that will NOT be publicly available include:

  • Home addresses

  • Email addresses

  • Full dates of birth (only the month and year will be shown)

  • Agent assurance codes

  • The date verification checks were completed

Likewise, information about trusts will not be displayed or queryable within the register, though that information may be shared with His Majesty's Revenue and Customs (HMRC). 

Get ECCTA compliance right with Persona

If your business is subject to ECCTA’s new failure to prevent fraud offence, it’s critical to have a plan for assessing the fraud risk posed by both your employees and any potential business partners you may engage with. Persona’s flexible suite of identity tools can help in several ways:

At the same time, you can rest easy knowing that Persona routinely integrates new data sources as they become available. Our Business Registry Verification (BRV), for example — a part of our KYB solution — already integrates with the Companies House to help our customers determine the validity and authenticity of businesses they engage with. 

Ready to learn more about how Persona can help your business comply with ECCTA and other global KYC, KYB, age assurance, and identity verification regulations? Reach out today for a free demo. 

The information provided is not intended to constitute legal advice; all information provided is for general informational purposes only and may not constitute the most up-to-date information. Any links to other third-party websites are only for the convenience of the reader.
Shana Vu
Shana Vu
Shana is a product marketing manager focused on the Persona platform and marketplaces. You can usually find her running around San Francisco with a coffee in hand.
Continue reading