UK Compliance 2025: "Failure to Prevent Fraud" – New Requirements for German Companies

At the end of 2023, the United Kingdom passed the "Economic Crime and Corporate Transparency Act 2023" (ECCTA), a comprehensive reform package aimed at combating economic crime and enhancing corporate transparency. The goal of this legislation is more effective action against fraudulent activities and fraud-like offenses committed from or within the corporate environment, strengthening compliance structures, and reforming the corporate register (Companies House).

Particularly relevant for German companies: On 1 September 2025, a new corporate criminal offense will come into force in the UK – with significant action required for German companies with subsidiaries, joint ventures, or business relationships in or with the UK.

1. Liability Intensification: "Failure to Prevent Fraud"

From 1 September 2025, a new corporate offense comes into effect under the ECCTA:

"Failure to Prevent Fraud" – failure of companies to prevent fraud.

Affected are large capital and partnerships that are economically active in the UK or related to the UK. It is sufficient to have customer or business relationships in or with the UK.

A formal or physical presence in the UK (e.g., headquarters, subsidiary, or branch) is not required.

• The criminal liability of the company is strict liability:
  It is enough that a person associated with the company (e.g., employee, representative, subcontractor, distributor) commits certain fraud or fraud-like offenses (e.g., breach of trust, embezzlement) to benefit this company or an affiliated company.

• The company is liable if it does not have adequate procedures or measures in place for fraud prevention.

• Possible penalty: Unlimited fine, confiscation of profits from affected transactions, significant reputational damage.

• Only defense: "Reasonable Procedures Defense" – The company must be able to demonstrate that it has adequate prevention measures in place.

Scope independent of the company's location

The offense applies to companies that exceed at least two of the following three thresholds:

• Annual turnover of more than GBP 36 million,

• Balance sheet total over GBP 18 million,

• more than 250 employees.

These thresholds must always be examined at the group level and apply regardless of the location of the respective company or corporate group. Small companies can also fall under the law if the associated corporate group meets the criteria.

Relevance for German companies above the thresholds

The offense has extraterritorial effect, meaning:

Even companies located in Germany, even if they have no subsidiary, branch or other formal presence in the UK, can be affected. Actions committed outside the UK may also be covered.

An sufficient link to the UK is required, such as:

• Business or trade relationships in or with the UK, e.g., through license partners, distributors, or importers, or

• Joint ventures/collaborations with companies in the UK, or

• corporate participations in the UK, and

• actions towards UK customers or related to assets in the UK.

Relevance for German companies below the thresholds

Even if the thresholds are not exceeded, the offense can become factually significant for companies:

• Contractual requirements from large business partners
  When collaborating with larger companies, in the supply chain, as JV partners or suppliers in corporate structures with a UK connection, "Fraud Prevention" clauses might be imposed or passed on as a contractual obligation.

• Expectations of banks, investors, and regulatory authorities

• Alignment with international compliance benchmarks – for instance, in negotiations, compliance clauses, or risk assessment by business partners.

Conclusion: Even German companies without a formal presence in the UK, but with relevant UK business contacts, should act preventively – and, for example, review distributor compliance, training, and contract design.

2. Expansion of Corporate Liability: "Senior Manager Test"

Already in force is the fundamental reform of the British model of attribution of offenses within companies (since December 2023):

Not only the actions or omissions of board members or managing directors – but also those of senior managers below management level ("Senior Manager"), e.g., department heads with budget or personnel responsibility, can now be attributed to the company.

Consequence: A company can consequently be criminally liable if such a "Senior Manager" commits an offense in the course of their duties – or condones, supports, or initiates it.

Conclusion: This increases the importance of effective compliance structures even at the middle management level – especially for corporate groups with cross-border management responsibility.

3. Transparency Obligations & Companies House

The role of Companies House, the UK trade register, is significantly strengthened.

The reforms involve, among other things:

• Identity checks for directors and beneficial owners of UK companies,

• additional reporting obligations for certain business models,

• stricter penalties for violations.

These requirements are already partially in place and are to be fully implemented by no later than 2026.

German companies with property ownership or subsidiaries in the UK must also prepare for stricter disclosure requirements.

Recommendations for UK Compliance

Conduct risk analysis & assessment: Check if the thresholds are met at group level; identify, evaluate, and document potential risk areas related to the UK.

Review and adjust compliance management system: Examine existing fraud prevention measures and enhance them if necessary.

Adjust policies & processes: Adapt or implement anti-fraud policies, due diligence processes, internal control mechanisms.

Training & Awareness: Introduce audience-specific training and guidance notes for executives ("Senior Managers") and employees with UK connections.

Review and supplement contract documentation / compliance clauses: Systematically integrate "Fraud Prevention" clauses.

Documentation: Careful and traceable recording of all implemented measures as a defense proof.

Monitor further implementation of the ECCTA: Follow developments especially regarding disclosure obligations and potential further obligations.