News from Pohlmann & Company


The UK is tightening its corporate criminal law

How the UK is declaring a fight against corporate crime: An overview of the UK Economic Crime and Corporate Transparency Act 2023 and its impact on fraud prevention measures for German companies

On 26 October 2023, the Economic Crime and Corporate Transparency Act 2023 (ECCTA) received the necessary Royal Assent from King Charles and was adopted as law. ECCTA introduced a comprehensive package of measures to combat corporate crime and increase corporate transparency. The more stringent corporate criminal law associated with ECCTA will also be relevant for many German companies. The most significant changes in this context are:

  1. The extension of the identification principle to make it easier to hold companies accountable for the criminal behaviour of individuals acting on its behalf.
  2. The introduction of a new strict liability offence, which makes it a criminal offence for ‘large companies’ not to have prevented fraud (‘Failure to Prevent Fraud‘). This offence comes with an extraterritorial scope of application.

The extension of the identification principle

In the United Kingdom, most criminal offences require a subjective element in addition to the objective elements of the offence, i.e. the offender must have intended or had knowledge of the offence. In English criminal law, the extent to which the offence can be attributed to a person or company is generally determined by the common law identification principle. Under this principle, a person’s criminal behaviour can only be attributed to a company if the person had the necessary authority to constitute the organisation’s ‘directing mind and will’. The application of the identification principle proved to be extremely difficult in practice, which often made it challenging for the authorities in the UK to prosecute companies successfully in the past. This was particularly true for large companies with complex decision-making processes, where it was difficult to determine whether a person had the ‘directing mind and will’. For this reason, Section 196 of ECCTA includes an extension of the identification principle and introduces the senior manager test‘. Accordingly, a company may be guilty of the offences listed in Schedule 12, such as fraud, bribery, tax, money laundering, fraud, and false accounting offences, if the offence is committed by a senior manager acting within the scope of his actual or apparent authority. Under Section 196 of the ECCTA, a senior manager is a person that is:

  • Making decisions regarding how the whole or a substantial part of the corporate’s activities are to be managed or organised.
  • Actively managing or organising the whole or a substantial part of the corporation’s activities.

Based on this definition, who can be considered a ‘senior manager’ will not always be clear. However, it will certainly not depend solely on the title of the person in question. As the definition of senior manager is taken from section 1(4) of the Explanatory Note to the Corporate Manslaughter and Corporate Homicide Act 2007, it can be assumed that not only members of the management body or immediately subsequent management level are meant, but also employees at middle management levels with strategic or regulatory responsibility, e.g. regional and site managers or managers from the areas of HR, legal and compliance. With the introduction of the ECCTA, it will now be possible to attribute the actions of a larger group of persons to a company to establish its criminal liability.

The introduction of the new Failure to Prevent Fraud Offence

The UK Government’s Fraud Strategy for 2023 states that fraud offences pose a significant threat to the prosperity and security of the UK and account for more than 40% of all offences committed in England and Wales in 2022. To combat the enormous number of fraud offences, the UK government introduced the new strict liability offence of ‘Failure to Prevent Fraud under Section 199 of ECCTA, which is expected to come into force later this year. This is the third ‘Failure to Prevent Offence’ with strict liability in the UK, following the offences of ‘Failure to Prevent Bribery’ under the UK Bribery Act 2010 and ‘Failure to Prevent Tax Evasion’ under the Criminal Finances Act 2017. The scope of application of the new offence includes ‘large corporates’, which refers to both corporations and partnerships. For a company or group of companies to fall within the scope of the offence, at least two of the following criteria must be met.

The company must have:

  • more than 250 employees,
  • a turnover of more than GBP 36 million and/or
  • have assets of more than GBP 18 million.

Under the new offence, companies will be held criminally liable if they fail to prevent fraud by a person associated with them (‘associated person’) and the fraud committed directly or indirectly benefits the company. The term ‘associated person’ is defined very broadly and includes employees, agents, subsidiaries, or any person who otherwise performs services for or on behalf of the corporation. The relevant fraud offences, one of which must have been committed by the associated person, are listed in Schedule 13 of the ECCTA. As this is a strict liability offence, the knowledge or involvement of the company executive in the criminal act is not required. A company may be subject to an unlimited fine if it is found guilty of the new offence.

Why German companies may also be subject to the new Failure to Prevent Fraud Offence

Although the law itself says nothing about the extraterritorial scope of the new offence, the UK government’s Failure to Prevent Fraud factsheet states: ‘”If an employee commits fraud under UK law, or targeting UK victims, their employer could be prosecuted, even if the organisation (and the employee) are based overseas.

This means that companies based in Germany can also be prosecuted by UK law enforcement authorities for fraudulent behaviour under the given circumstances, provided there is a particular UK nexus. However, a company can avoid all criminal liability under section 199(4) if it can prove that it had reasonable procedures in place to prevent fraud at the time the offence occurred. Per Sections 204, 219(8) of ECCTA, the UK Government must publish guidance with further information on what constitutes reasonable procedures to prevent fraud before the new offence can come into force. A similar approach was taken with the UK Bribery Act 2010, in which the government published guidance on the then-introduced offence of ‘Failure of commercial organisations to prevent bribery‘.

Which fraud prevention measures companies should now take

Whilst the importance of effective fraud prevention measures will not come as a surprise to large businesses in either the UK or Germany, now would be a good time for businesses to review their existing fraud prevention measures and adapt them where necessary. German companies should familiarise themselves with the new regulations, particularly if they have subsidiaries or branches in the UK. Until the UK government publishes the guidance, organisations should check whether an existing risk analysis sufficiently covers risks of fraud committed from within the company for its benefit. Experience has shown that fraud risk assessments tend to focus on fraudulent acts to the organisation’s detriment. Furthermore, which employees fall under the definition of senior manager under the ECCTA and potentially have direct contact with customers, authorities, or business partners in the United Kingdom should be analysed. Overall, companies are well advised to maintain an appropriate compliance management system (CMS) that promotes an anti-fraud culture and has appropriate controls, policies, training, and whistleblowing systems.


With the UK Economic Crime and Transparency Act 2023, the British government has significantly tightened its corporate criminal law. Due to the expansion of the criminal attribution rules, the number of corporate criminal proceedings is expected to increase. With the new criminal offence of ‘Failure to Prevent Fraud’, which is expected to come into force over the year, companies are required to implement and continuously develop an adequate fraud prevention system. In particular, for German companies with UK business relationships, this increases the need to review and, if necessary, adapt their compliance systems.

When did your company last review the practicality and effectiveness of its fraud prevention measures and internal controls? In addition to compliance risk analyses and the development of customised internal control systems, our consulting services also include conducting internal investigations to determine whether any suspicions of fraud are substantiated. Furthermore, Pohlmann & Company advises and represents companies in complex white-collar proceedings.

Please feel free to contact us at any time!