1. Introduction
The Economic Crime and Corporate Transparency Act 2023 (“ECCTA”)1, a landmark piece of legislation in the United Kingdom’s (the “UK”) (comprising England, Scotland, Wales and Northern Ireland) framework for combating economic crime, received Royal Assent on 26 October 2023. While most provisions of ECCTA have progressively entered into force during 2024, the implementation of new corporate offence titled “Failure to Prevent Fraud” was postponed to 1 September 2025, pursuant to Statutory Instrument 2025/3492.
Indeed, this postponed regulation which entered into force on 1 September 2025, establishes the third corporate offence based on the principle of “failure to prevent”, following a similar framework to the UK Bribery Act (2010) and the Criminal Finances Act (2017). Like its predecessors, the offence is founded on the principle of corporate liability for failing to implement adequate procedures to prevent wrongdoing. Its purpose is to establish corporate liability on companies for fraud offences by a company’s employees, subsidiaries, or agents for the benefit of the company or its customers.
2. Scope and Application of the Offence
Pursuant to Section 199 of the ECCTA, a company will be deemed to have breached its duty to prevent fraud if an “associated person” such as, an employee, subsidiary, agent, or a third-party performing services on behalf of the company, commits a fraudulent act for the benefit of the company or its customer.
This provision applies regardless of whether the company’s management was aware of the offence; thereby, establishing a much broader framework of criminal liability – one that resembles strict liability rather than the traditional principles of corporate liability.
ECCTA applies only to “large organisations.” For a company to fall within this scope, an organisation must meet at least two of the following three criteria:
- More than 250 employees,
- Annual turnover exceeding GBP 36 million,
- Total assets exceeding GBP 18 million.
Furthermore, if a parent company meets these criteria, its subsidiary may also be held liable for this offence even if the subsidiary does not meet the criteria itself.
The extraterritorial effect of ECCTA is particularly significant for companies established in Türkiye. Foreign entities with a sufficient connection to the UK, such as a subsidiary, supply chain, or customer relationship operating within the UK, may also fall within the scope of this legislation.
Example: UK Nexus in a Fraud Committed by a Company Located in TürkiyeA UK Government grant scheme subsidises certain heating appliances if they meet specified efficiency standards. In this example, a small UK manufacturer sends its appliances to an accredited laboratory headquartered in Türkiye for efficiency tests. The laboratory has no facilities in the UK. Knowing that the appliances will not be eligible for grants unless tests demonstrate that the efficiency exceeds a certain threshold, the laboratory manager in Türkiye falsifies the data from the tests. As a result of the fraud, the devices are eligible for grants and the UK manufacturer benefits. In this example, the laboratory manager is the associated person and commits fraud by false representation. Because the effect is to cause an unfair gain to an organisation in the UK, this would amount to fraud under the UK law (and the laboratory manager could theoretically be prosecuted in the UK). The testing laboratory operating in Türkiye could be liable for failure to prevent fraud under section 199(1)(b) unless a UK court determines that it had reasonable procedures in place to prevent the fraud.3
|
3. Penalties and Enforcement
Pursuant to Section 199(12) of the ECCTA, it is stipulated that a company found guilty of committing the offence of failing to prevent fraud may be subject to a fine. The scope and limits of this penalty, however, differ among the constituent countries of the UK.
When determining the fine, the courts will consider factors such as the company’s turnover, the gravity of the offence, and the benefit obtained from the misconduct. In addition, a conviction may result in disqualification from participating in public tenders within the UK or the European Union.
4. The “Adequate Procedures” Defence
A company may avoid criminal liability if it can demonstrate that it had implemented adequate procedures, or that, under the specific circumstances, it would not have been reasonable to expect such measures to be in place.
The Crown Prosecution Service (CPS) and the Serious Fraud Office (SFO), in their Corporate Prosecution Guidance4 published on 18 August 2025, have indicated that prosecutors will assess the effectiveness of a company’s prevention procedures by taking into account the following factors:
- The leadership demonstrated by senior management in combating fraud,
- The actual effectiveness of internal control mechanisms,
- The company’s level of cooperation, voluntary self-reporting, and internal investigation processes.
In this scope, the official Guidance to Organisations on the Offence of Failure to Prevent Fraud5 published by the UK Home Office in November 2024 sets out six core principles that companies are expected to apply when designing and implementing their anti-fraud frameworks:
- Top-Level Commitment: A clear statement of intent from the board of directors to combat fraud, supported by the allocation of adequate resources and an approach grounded in ethical leadership.
- Risk Assessment: Identification and periodic review of fraud risk specific to the company’s business sector, operational model, and market activities.
- Proportionate Procedures: Internal controls, segregation of duties, pre-employment screening, supplier due diligence, and contractual obligations designed in proportion to the organisation’s size and risk profile.
- Due Diligence: Vetting and ongoing monitoring of agents, subcontractors, and consultants who act for or on behalf of the company.
- Communication and Training: Awareness programs, communication of policies, and secure whistleblowing channels for employees and third parties.
- Monitoring and Review: Regular audits, effectiveness testing, and a continuous improvement process for maintaining and enhancing the prevention framework.
These principles constitute not only a critical safeguard but also a factor that provides a competitive advantage in the international marketplace, particularly for Turkish companies with a connection to the UK. Accordingly, companies are expected to act proactively and align their compliance programs with these principles.
5. Implications for Turkish Companies
The ECCTA creates a significant compliance agenda that affects not only companies operating in the UK, but also for Turkish companies with commercial, financial, or corporate connections to the UK, leading to important legal and commercial implications for such entities.
In this context, to mitigate potential criminal and commercial risks arising from the ECCTA, Turkish companies are advised to establish effective compliance programmes aligned with the six core principles outlined under the “adequate procedures”. Such a framework will not only reduce the risk of criminal sanctions but also strengthen the ethical governance culture and corporate reputation of Turkish companies operating on a global scale.
In conclusion, compliance with the ECCTA has become a strategic necessity for maintaining competitiveness in international trade, safeguarding corporate reputation, and managing legal and operational risks. Companies with strong ties to the UK should closely monitor legislative developments and take proactive steps to ensure full alignment with the new regulatory landscape.
[1]https://www.legislation.gov.uk/ukpga/2023/56/section/199
[2]https://www.legislation.gov.uk/uksi/2025/349/contents/made
[4]https://www.gov.uk/government/publications/joint-sfo-cps-corporate-prosecution-guidance
Share
Related persons
You can contact us for detailed information.
Legal Information
This briefing is for information purposes; it is not legal advice. If you have questions, please call us. All rights reserved.